Windows Analysis Report
http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8

ID:	632526
Product:	CloudBasic
Start time:	18:40:21
Start date:	23.05.2022
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	PE32 executable (GUI) Intel 80386, for MS Windows	49AC3C96D270702A27B4895E4CE1F42A	55B90405F1E1B72143C64113E8BC65608DD3FD76	82AA3FD6A25CDA9E16689CFADEA175091BE010CECAE537E517F392E0BEF5BA0F
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crx	Google Chrome extension, version 3	EA1C1FFD3EA54D1FB117BFDBB3569C60	10958B0F690AE8F5240E1528B1CCFFFF28A33272	7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	35C7E305A06F30D3F0A97693C3504265	B30C965F53A93676CC9D87D29F5E6AC5B605DD84	3B6FB2683B4DFD83FDD0C6EE096F378AA85C6B1ACC73EC66288802A71C9381F7
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.json	ASCII text	7A8E3A0B6417948DF4D49F3915428D7A	4FC084AABDB13483567D5C417C7ED8FD16726A80	D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
C:\Users\user\AppData\Local\Google\Chrome\User Data\2db15e99-6dfc-42b5-beea-8434781f5299.tmp	ASCII text, with very long lines, with no line terminators	48D31CAA475C0790BE217FA92A8A5E22	EF2EB57642FBAF82AD2634388ADFB06D7FC0A1D1	8BF1D7AB52753D4B49D3DD0820229CE75C1313392CAA2A3057AB2D10B3AA7A5E
C:\Users\user\AppData\Local\Google\Chrome\User Data\426527fa-1326-451c-ab76-fc2c90e7ffeb.tmp	ASCII text, with very long lines, with no line terminators	0535709FD1A7EFC88A75B816AF6B92B5	68D9B3564A43127532D366DA139315F286347756	782F5BADCF68EE587C29EA1EF1800A96D7EB6808BB40B234FB5322DB711BF5F7
C:\Users\user\AppData\Local\Google\Chrome\User Data\4f2d5ca0-f60d-498f-965c-dc3d8f7f9e3c.tmp	data	A850CAAC4AAEE14B2407F377D66C8205	2083DEE3A71ECD80CAFACCE2CF08D8D5DA819D34	BFE748E9B87A352FD4C4A670441EFADADB801C7626E23666B3EE4640A6B4824F
C:\Users\user\AppData\Local\Google\Chrome\User Data\6cd790b6-5099-416e-9dac-a9f89a1d53f5.tmp	ASCII text, with very long lines, with no line terminators	B429378DED7DC53443B11C0F8E4F9AA8	45B3C969F32268F06611C12C0C189D4B3E3CD4A5	2A2BD57E2BE36166A51CF827D4287CA96DF464EF843D47BA493098E26DC291A5
C:\Users\user\AppData\Local\Google\Chrome\User Data\8bec16de-ccc2-4bdd-884b-5a4ae16f8318.tmp	ASCII text, with very long lines, with no line terminators	0535709FD1A7EFC88A75B816AF6B92B5	68D9B3564A43127532D366DA139315F286347756	782F5BADCF68EE587C29EA1EF1800A96D7EB6808BB40B234FB5322DB711BF5F7
C:\Users\user\AppData\Local\Google\Chrome\User Data\8e3d563a-7914-407b-945b-76d626f1938d.tmp	ASCII text, with very long lines, with no line terminators	3AE48C95C300DDEF8FD4A547CDB3DA65	042C983DDDFC844193F1F1AA1081E0C88CDE4F7D	EF2BCED24AFDC3E693FF2DDC9776AA274CC97E5B879E47CE0A67E5AAD0CF0CDF
C:\Users\user\AppData\Local\Google\Chrome\User Data\9729e2f1-e929-420b-9a9e-5255264f83b0.tmp	data	F0F521C5FA766607B6138136EC910A86	B200E96EDCA6A903A97D818396551902EECC416C	1B06A046D1DF6A7729A121456C80C3383E136F9DEC858AEA872B437F096716D3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	BEBB369FF4A565B19D5E0BC83CD176AE	A6F07666F8DDDF61E5AACE533129BFB541A8A769	8018F98553432706436A31FFD1E743018C3B7F1AA8D34B2FA18F494A4CFCEB19
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\066e39b9-23bd-4f7c-bb6c-a7165e9ed069.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	C07D34462593B2DB24D228428F7928D4	2E7B9029294566B201E89FC5CAC7792DED69C5C6	47A21948B074945A9CD281F52B0B0FD560833AA11D4B6AE6E1BD3F7A6C929149
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\11da441b-c044-4c92-a38b-87f8969125b6.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	9E388EDB7C50A0969071299AEA95CC46	09CDC3AB21F78162C2A06F7BDC0B791409A4C8C6	0552501B27EE54A53A9D2F6C1756A2257F1C46C94022C626D0FDD20631CE1D61
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21468ea5-c2f9-4805-900a-a85c6a81064d.tmp	ASCII text, with very long lines, with no line terminators	E9B4A91EFA2644A53C5D4ED6174B77CF	F95C78C075B17C295AAFA8FC20590A2F4B5CEC92	5ED92975835C9043D9CE4137BD654E827BE1994BDD217B4221B52A0E24D51A1C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\67b09b8d-05f5-4327-8bbf-a835e0389c40.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	38996251B9A45188818ED80F66BEC619	62DA618462BC1691C8A02C76C266B3C167D4C6BF	FC9DBDF29916D4339726329E2D6626E317E80DA17AA2EF8C735A1B3E2466529B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\690e0051-d682-4267-8c8f-e41f19bd3b24.tmp	ASCII text, with very long lines, with no line terminators	95488A82D5073BDAAFC1480073FF801F	E2E979B6D4A3EE16A815115C414D0A98E1DFA93F	C091AE68AFCD5EC632B2C324B983D70F722463CB4D05A3CE8D52E07AA7E5A5D6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6b026497-acd5-444c-9805-8f953863c848.tmp	ASCII text, with very long lines, with no line terminators	B7609861BFE77E00051C631D987E82F2	7B57ED512B959247F49F9DFE407E6EA424950CFC	1937669F7C546AD5C8A0B9E3EBD29ADE58A1C0B37D54C2E9E1A67290A9FEE818
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6ee571ac-bfb3-408d-af18-493dab2de1ae.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ac3a54c-29a4-42d5-af80-c182e7baa737.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	6C399CE3B4780A87656C43A6671558B0	A878F71973617E8FE9FDF8CACE9F73D43EE9370B	3CD6208C0AE017ECD0D6DA51BAE542677EF5C89CECF83BACFB1D3764EAF2E355
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8d147cfb-1162-43f5-8e60-89b9195c1946.tmp	ASCII text, with very long lines, with no line terminators	BF5DCF12BABD89E1E56B2D0EC5BE4A07	17E60AEEAFC0C16C4285961A4FD484ED1090673F	4BDDE570192C2CA8ABDEEE3FD9851E25305F0EA7E8AA88C8A7DB188D19161328
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	3E65020A844D1E7170602C00EB5586D0	F587E8C37BE4BE973BE3FF0D7697C861B84EA54F	3EB76B58F7F0897E369789B94A7CE85E67951AC1B390F4CE68863B0A9E97FD58
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	3E65020A844D1E7170602C00EB5586D0	F587E8C37BE4BE973BE3FF0D7697C861B84EA54F	3EB76B58F7F0897E369789B94A7CE85E67951AC1B390F4CE68863B0A9E97FD58
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	627B4C3BA4DB42F7AD357185B29FFF79	40F85D64270D0708A2EA8510B9D6A1BC542284BE	57891A62B042EB3CB149598477FF854D02493CD1061C6B30C147731FDFF58350
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	E9B4A91EFA2644A53C5D4ED6174B77CF	F95C78C075B17C295AAFA8FC20590A2F4B5CEC92	5ED92975835C9043D9CE4137BD654E827BE1994BDD217B4221B52A0E24D51A1C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	9E388EDB7C50A0969071299AEA95CC46	09CDC3AB21F78162C2A06F7BDC0B791409A4C8C6	0552501B27EE54A53A9D2F6C1756A2257F1C46C94022C626D0FDD20631CE1D61
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp	ASCII text, with very long lines, with no line terminators	D5BB2F0F1694209F0C6AE5BA44DAC338	41B2CDE10C8937FC9607E608AF65EDF709033350	20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	D5BB2F0F1694209F0C6AE5BA44DAC338	41B2CDE10C8937FC9607E608AF65EDF709033350	20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp	ASCII text, with very long lines, with no line terminators	F08847672DDD58749FE32FEFD1DBBAE9	C4C1750B297311628D53B0D3DD473F3EDD6019E9	4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	F08847672DDD58749FE32FEFD1DBBAE9	C4C1750B297311628D53B0D3DD473F3EDD6019E9	4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp	ASCII text, with very long lines, with no line terminators	627B4C3BA4DB42F7AD357185B29FFF79	40F85D64270D0708A2EA8510B9D6A1BC542284BE	57891A62B042EB3CB149598477FF854D02493CD1061C6B30C147731FDFF58350
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	3AE48C95C300DDEF8FD4A547CDB3DA65	042C983DDDFC844193F1F1AA1081E0C88CDE4F7D	EF2BCED24AFDC3E693FF2DDC9776AA274CC97E5B879E47CE0A67E5AAD0CF0CDF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	C5A329D4D21FCB3275CB6ABE13ED0060	69255E391018CF446E10332DF3C11E5B1B5B15D6	54806E02E7BC83F31B08F25D78EDC60D33C8FA00E39DDDDCAB96429A0A3CD9BA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2332_2059111382\Ruleset Data	data	BC811D916CF7D8E6B13B5E63C7B6A474	CCCB6EB391D88DDFCE3E3BAB3AB63AC799459484	CE9183903AA22B624FBA2877EFEE026D53EF7B38FF28D4119E70F55B7BFF79C3
C:\Users\user\AppData\Local\Google\Chrome\User Data\a81bf1c0-ae16-4a5f-aa2d-8bd9c3fa1e24.tmp	ASCII text, with very long lines, with no line terminators	D2F20410D3C1A6368533541ACB4D97EC	538C69616D4FFDC6D36558844D06DED3F4FD4D47	318033C8FAEE6140306ABEDC6817E1BAA84BF23283994EA9652FC58BA44CFE66
C:\Users\user\AppData\Local\Google\Chrome\User Data\dc39d5d1-11ba-416b-bebd-361cb28678c7.tmp	data	BFA29265C9D43CD7E2749DD09B20DF44	ABCE696155497D79E99EB0427D44AA5F1CB2A41A	8775CB657B6C7228965D22A9BE0E8D5CF603F22BD7AC95BEDF2C9DF46A629098
C:\Users\user\AppData\Local\Google\Chrome\User Data\fabb3fe1-a404-4524-8479-d64489129d92.tmp	ASCII text, with very long lines, with no line terminators	48D31CAA475C0790BE217FA92A8A5E22	EF2EB57642FBAF82AD2634388ADFB06D7FC0A1D1	8BF1D7AB52753D4B49D3DD0820229CE75C1313392CAA2A3057AB2D10B3AA7A5E
C:\Users\user\AppData\Local\Google\Chrome\User Data\fc06df90-f329-4f82-8fd9-1b17e37832cc.tmp	data	C5A329D4D21FCB3275CB6ABE13ED0060	69255E391018CF446E10332DF3C11E5B1B5B15D6	54806E02E7BC83F31B08F25D78EDC60D33C8FA00E39DDDDCAB96429A0A3CD9BA
C:\Users\user\AppData\Local\Temp\2332_230541184\Filtering Rules	data	81BE5836F8740802C2CD3436AF0D326C	88BD294563A3E1BA663375609E83DFED3B57E6FE	409C37FBE8373412615BBDE198F234BCACFE8BB32DA179B1F84B003EB558488F
C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Users\user\AppData\Local\Temp\2332_230541184\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6977480C932C6C233E72BCD27AB40151	AFB95CE40A8DC75B3A609C07E506F3C45719683F	EC90E259556575C81F6B989F7E0251730A7286BDE2CE50720CFA38E484644EB2
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.fingerprint	ASCII text, with no line terminators	69B6F159F9B1421EBD5224D3F61ADCA9	5F778F3E0B566C638F1C9436F567E17D13F1EC02	42B2668908F5B710DDDACB59DCB6547B5BCC247A90102F2E2B2FE0190BE28C23
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json	ASCII text	8C5308E53C3B2FF7B5C645BB2FF50A01	2CA75B325F6263E2B2A0C8C4C9FF6161992152F0	280B9529AF7F10F5980B8C7145FB9B7624BA26F882B1452914455FC000B22C35
C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json~	ASCII text	9BE1BC3AB4909AFF0167952B7170AC53	F4A9E494B2E8E9AB52E7DD6EA72DA933470E5572	82E50109631FE7D9E866FDEB4154650B1D2E015AFB791E2CE1316D2F156984F4
C:\Users\user\AppData\Local\Temp\2332_963267159\Recovery.crx3	Google Chrome extension, version 3	EA1C1FFD3EA54D1FB117BFDBB3569C60	10958B0F690AE8F5240E1528B1CCFFFF28A33272	7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
C:\Users\user\AppData\Local\Temp\2332_963267159\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	45821E6EB1AEC30435949B553DB67807	B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC	E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.fingerprint	ASCII text, with no line terminators	2AE14F91312C4E8034366B09D49D5B18	AD4933A5D838D0FA0B960C327A5039A9E8249642	4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.json	ASCII text	7A8E3A0B6417948DF4D49F3915428D7A	4FC084AABDB13483567D5C417C7ED8FD16726A80	D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
C:\Users\user\AppData\Local\Temp\26620b0b-e526-485b-943d-dc608904fe24.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\Downloads\63df2e5c-2c92-4e96-ab74-c8a236428abf.tmp	Microsoft Cabinet archive data, 61480 bytes, 1 file	B9F21D8DB36E88831E5352BB82C438B3	4A3C330954F9F65A2F5FD7E55800E46CE228A3E2	998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
C:\Users\user\Downloads\authrootstl.cab.crdownload (copy)	Microsoft Cabinet archive data, 61480 bytes, 1 file	B9F21D8DB36E88831E5352BB82C438B3	4A3C330954F9F65A2F5FD7E55800E46CE228A3E2	998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E
C:\Users\user\Downloads\authrootstl.cab:Zone.Identifier	ASCII text, with CRLF line terminators	B22F41887E3715F6BC1DDB67413EC452	91B7D4A09A4D9946C3AE038718AE2DCD9A9ED21C	5EA916B873EA49CA1164C3957A58EE94C6B1D60018DDCFAA36C6AED5354BD536

Compliance

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txt

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crx			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.json			Jump to behavior

Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb` source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr

Spreading

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DD98C3 FindFirstFileExW,

17_2_00DD98C3

Networking

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443

Source: Ruleset Data.1.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.1.dr, Ruleset Data.1.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.1.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ChromeRecovery.exe.14.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: authrootstl.cab_Zone.Identifier.4.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2e
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: LICENSE.txt.1.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.1.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp.2.dr, d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://dns.google
Source: LICENSE.txt.1.dr	String found in binary or memory: https://easylist.to/)
Source: 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.1.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr	String found in binary or memory: https://r3---sn-1gi7znek.gvt1.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, craw_background.js.1.dr, craw_window.js.1.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic

HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC9029 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,

17_2_00DC9029

System Summary

Source: ChromeRecovery.exe.14.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ChromeRecovery.exe.14.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DDC8DF		17_2_00DDC8DF
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE51B0		17_2_00DE51B0
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD7AF1		17_2_00DD7AF1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE328B		17_2_00DE328B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD02A1		17_2_00DD02A1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE4A67		17_2_00DE4A67
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE423B		17_2_00DE423B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE44E5		17_2_00DE44E5
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DDF428		17_2_00DDF428
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE3EC9		17_2_00DE3EC9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE56B9		17_2_00DE56B9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD7E39		17_2_00DD7E39
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE47AC		17_2_00DE47AC
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DDEFA0		17_2_00DDEFA0

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: String function: 00DCFE60 appears 43 times

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC9D31: CreateFileW,DeviceIoControl,CloseHandle,

17_2_00DC9D31

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Process created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Process created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Mutant created: \BaseNamedObjects\Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC1209 LoadResource,LockResource,SizeofResource,

17_2_00DC1209

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-628C37CF-91C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp

Jump to behavior

Source: classification engine

Classification label: clean8.win@33/121@2/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crx			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe	Directory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.json			Jump to behavior

Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb` source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source:	Binary string: GoogleUpdateB231574670_unsigned.pdb source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr

Data Obfuscation

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DE39A3 push ecx; ret		17_2_00DE39B6
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCFEA6 push ecx; ret		17_2_00DCFEB9

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,

17_2_00DCE00C

Persistence and Installation Behavior

Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe

File created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Jump to dropped file

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC3298 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,

17_2_00DC3298

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txt

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DD02A1 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

17_2_00DD02A1

Malware Analysis System Evasion

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DE525D VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

17_2_00DE525D

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DD98C3 FindFirstFileExW,

17_2_00DD98C3

Anti Debugging

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DCF243 IsDebuggerPresent,OutputDebugStringW,

17_2_00DCF243

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD3E6C mov ecx, dword ptr fs:[00000030h]		17_2_00DD3E6C
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD9665 mov eax, dword ptr fs:[00000030h]		17_2_00DD9665

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DE525D VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

17_2_00DE525D

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC41A3 CreateFileW,GetFileAttributesExW,OutputDebugStringW,CloseHandle,GetLastError,WriteFile,

17_2_00DC41A3

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,

17_2_00DCE00C

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC13D8 GetProcessHeap,

17_2_00DC13D8

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,		17_2_00DCE00C
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCE2C3 FreeLibrary,FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,DeleteCriticalSection,ReleaseSemaphore,WaitForSingleObject,CloseHandle,FindCloseChangeNotification,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,		17_2_00DCE2C3
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCFE00 SetUnhandledExceptionFilter,		17_2_00DCFE00
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCF886 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		17_2_00DCF886
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DD323D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		17_2_00DD323D
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCE4E6 EnterCriticalSection,SetUnhandledExceptionFilter,		17_2_00DCE4E6
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCFC6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		17_2_00DCFC6A
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe	Code function: 17_2_00DCE553 SetUnhandledExceptionFilter,LeaveCriticalSection,		17_2_00DCE553

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC59D6 GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,

17_2_00DC59D6

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC8FB3 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

17_2_00DC8FB3

Language, Device and Operating System Detection

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DCFAC3 cpuid

17_2_00DCFAC3

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC8E0B GetVersionExW,GetProcAddress,FreeLibrary,

17_2_00DC8E0B

Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

Code function: 17_2_00DC3047 GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,

17_2_00DC3047