Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8

Overview

General Information

Sample URL:http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
Analysis ID:632526
Infos:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2332 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • elevation_service.exe (PID: 6728 cmdline: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe MD5: AFD137B53BA091ACBA569255B16DF837)
    • ChromeRecovery.exe (PID: 492 cmdline: "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system MD5: 49AC3C96D270702A27B4895E4CE1F42A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecoveryJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crxJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.jsonJump to behavior
Source: Binary string: GoogleUpdateB231574670_unsigned.pdb` source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source: Binary string: GoogleUpdateB231574670_unsigned.pdb source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD98C3 FindFirstFileExW,
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: Ruleset Data.1.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.1.dr, Ruleset Data.1.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.1.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ChromeRecovery.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: authrootstl.cab_Zone.Identifier.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2e
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://ocsp.digicert.com0
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://ocsp.digicert.com0A
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://ocsp.digicert.com0X
Source: elevation_service.exe, 0000000E.00000003.558851279.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552265185.0000014707742000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.556469698.000001470773D000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.552309841.000001470773A000.00000004.00000020.00020000.00000000.sdmp, elevation_service.exe, 0000000E.00000003.560992358.000001470773D000.00000004.00000020.00020000.00000000.sdmp, ChromeRecovery.exe.14.drString found in binary or memory: http://www.digicert.com/CPS0
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.drString found in binary or memory: https://accounts.google.com/MergeSession
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://apis.google.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp.2.dr, d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://dns.google
Source: LICENSE.txt.1.drString found in binary or memory: https://easylist.to/)
Source: 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.1.drString found in binary or memory: https://github.com/easylist)
Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.drString found in binary or memory: https://r3---sn-1gi7znek.gvt1.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr, craw_window.js.1.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://www.google.com
Source: manifest.json.1.drString found in binary or memory: https://www.google.com/
Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, craw_background.js.1.dr, craw_window.js.1.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drString found in binary or memory: https://www.gstatic.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC9029 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,
Source: ChromeRecovery.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ChromeRecovery.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DDC8DF
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE51B0
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD7AF1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE328B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD02A1
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE4A67
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE423B
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE44E5
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DDF428
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE3EC9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE56B9
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD7E39
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE47AC
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DDEFA0
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: String function: 00DCFE60 appears 43 times
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC9D31: CreateFileW,DeviceIoControl,CloseHandle,
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeProcess created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeProcess created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeMutant created: \BaseNamedObjects\Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC1209 LoadResource,LockResource,SizeofResource,
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-628C37CF-91C.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmpJump to behavior
Source: classification engineClassification label: clean8.win@33/121@2/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecoveryJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crxJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeDirectory created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.jsonJump to behavior
Source: Binary string: GoogleUpdateB231574670_unsigned.pdb` source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source: Binary string: GoogleUpdateB231574670_unsigned.pdb source: ChromeRecovery.exe, 00000011.00000002.562792296.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe, 00000011.00000000.560813476.0000000000DE7000.00000002.00000001.01000000.00000003.sdmp, ChromeRecovery.exe.14.dr
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE39A3 push ecx; ret
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCFEA6 push ecx; ret
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,
Source: C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exeFile created: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeJump to dropped file
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC3298 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD02A1 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE525D VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD98C3 FindFirstFileExW,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCF243 IsDebuggerPresent,OutputDebugStringW,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD3E6C mov ecx, dword ptr fs:[00000030h]
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD9665 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DE525D VirtualProtect ?,-00000001,00000104,?,?,?,0000001C
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC41A3 CreateFileW,GetFileAttributesExW,OutputDebugStringW,CloseHandle,GetLastError,WriteFile,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC13D8 GetProcessHeap,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE00C CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE2C3 FreeLibrary,FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,LeaveCriticalSection,DeleteCriticalSection,ReleaseSemaphore,WaitForSingleObject,CloseHandle,FindCloseChangeNotification,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCFE00 SetUnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCF886 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DD323D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE4E6 EnterCriticalSection,SetUnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCFC6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCE553 SetUnhandledExceptionFilter,LeaveCriticalSection,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC59D6 GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC8FB3 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DCFAC3 cpuid
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC8E0B GetVersionExW,GetProcAddress,FreeLibrary,
Source: C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exeCode function: 17_2_00DC3047 GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts3
Native API		Path Interception1
Process Injection		3
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory3
Security Software Discovery		Remote Desktop Protocol1
Clipboard Data		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Deobfuscate/Decode Files or Information		NTDS14
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer4
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 632526 URL: http://ctldl.windowsupdate.... Startdate: 23/05/2022 Architecture: WINDOWS Score: 8 5 chrome.exe 15 272 2->5         started        8 elevation_service.exe 1 7 2->8         started        dnsIp3 20 192.168.2.1 unknown unknown 5->20 22 239.255.255.250 unknown Reserved 5->22 11 chrome.exe 16 5->11         started        14 chrome.exe 1 1 5->14         started        18 C:\Program Files\...\ChromeRecovery.exe, PE32 8->18 dropped 16 ChromeRecovery.exe 8->16         started        file4 process5 dnsIp6 24 accounts.google.com 142.250.184.205, 443, 49776 GOOGLEUS United States 11->24 26 clients.l.google.com 142.250.185.110, 443, 49777, 62644 GOOGLEUS United States 11->26 28 2 other IPs or domains 11->28

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd80%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe1%VirustotalBrowse
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe0%MetadefenderBrowse
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dns.google0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.184.205
truefalse
    		high
    clients.l.google.com
    		142.250.185.110
    		truefalse
      		high
      clients2.google.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
          		high
          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://dns.google0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp.2.dr, d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
            • URL Reputation: safe
            		unknown
            https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.pcraw_background.js.1.dr, craw_window.js.1.drfalse
              		high
              https://www.google.com/intl/en-US/chrome/blank.htmlcraw_background.js.1.drfalse
                		high
                https://ogs.google.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                  		high
                  https://www.google.com/images/cleardot.gifcraw_window.js.1.drfalse
                    		high
                    https://payments.google.com/payments/v4/js/integrator.jsmanifest.json.1.dr, craw_window.js.1.drfalse
                      		high
                      https://easylist.to/)LICENSE.txt.1.drfalse
                        		high
                        https://sandbox.google.com/payments/v4/js/integrator.jsmanifest.json.1.dr, craw_window.js.1.drfalse
                          		high
                          https://www.google.com/images/x2.gifcraw_window.js.1.drfalse
                            		high
                            https://accounts.google.com/MergeSessioncraw_window.js.1.drfalse
                              		high
                              https://creativecommons.org/compatiblelicensesLICENSE.txt.1.drfalse
                                		high
                                https://www.google.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                                  		high
                                  https://www.google.com/images/dot2.gifcraw_window.js.1.drfalse
                                    		high
                                    https://github.com/easylist)LICENSE.txt.1.drfalse
                                      		high
                                      https://creativecommons.org/.LICENSE.txt.1.drfalse
                                        		high
                                        https://accounts.google.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                                          		high
                                          https://clients2.googleusercontent.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                                            		high
                                            https://apis.google.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                                              		high
                                              https://www.google.com/accounts/OAuthLogin?issueuberauth=1craw_window.js.1.drfalse
                                                		high
                                                https://www.google.com/manifest.json.1.drfalse
                                                  		high
                                                  https://www-googleapis-staging.sandbox.google.comcraw_background.js.1.dr, craw_window.js.1.drfalse
                                                    		high
                                                    https://clients2.google.comd37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp.2.dr, 690e0051-d682-4267-8c8f-e41f19bd3b24.tmp.2.drfalse
                                                      		high
                                                      https://clients2.google.com/service/update2/crxmanifest.json.1.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        142.250.185.110
                                                        		clients.l.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        239.255.255.250
                                                        		unknownReserved
                                                        		unknownunknownfalse
                                                        142.250.184.205
                                                        		accounts.google.comUnited States
                                                        		15169GOOGLEUSfalse

                                                        Private

                                                        IP
                                                        192.168.2.1
                                                        127.0.0.1

                                                        General Information

                                                        Joe Sandbox Version:34.0.0 Boulder Opal
                                                        Analysis ID:632526
                                                        Start date and time: 23/05/202218:40:212022-05-23 18:40:21 +02:00
                                                        Joe Sandbox Product:CloudBasic
                                                        Overall analysis duration:0h 6m 38s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:light
                                                        Cookbook file name:browseurl.jbs
                                                        Sample URL:http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                        Number of analysed new started processes analysed:22
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • HDC enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Detection:CLEAN
                                                        Classification:clean8.win@33/121@2/5
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HDC Information:
                                                        • Successful, ratio: 99.9% (good quality ratio 94.4%)
                                                        • Quality average: 80%
                                                        • Quality standard deviation: 27.5%
                                                        HCA Information:
                                                        • Successful, ratio: 99%
                                                        • Number of executed functions: 0
                                                        • Number of non-executed functions: 0
                                                        Cookbook Comments:
                                                        • Adjust boot time
                                                        • Enable AMSI

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                        • Created / dropped Files have been reduced to 100
                                                        • Excluded IPs from analysis (whitelisted): 184.30.21.144, 173.222.108.210, 173.222.108.226, 142.250.186.174, 74.125.108.200, 34.104.35.123, 142.250.186.131, 142.250.185.131, 142.250.185.99
                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, r3.sn-1gi7znek.gvt1.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, a767.dspw65.akamai.net, arc.msn.com, wu-bg-shim.trafficmanager.net, r3---sn-1gi7znek.gvt1.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, redirector.gvt1.com, edgedl.me.gvt1.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        No context

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):451603
                                                        Entropy (8bit):5.009711072558331
                                                        Encrypted:false
                                                        SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                                        MD5:A78AD14E77147E7DE3647E61964C0335
                                                        SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                                        SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                                        SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

                                                        C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):259472
                                                        Entropy (8bit):6.621401853828968
                                                        Encrypted:false
                                                        SSDEEP:6144:wgtABO5wl1poLsQXo2fJjazGDJvvLAOk7CWn5l4rB+5Jb:wgtAFB+sQXo2ZRG7CWnaB+5Jb
                                                        MD5:49AC3C96D270702A27B4895E4CE1F42A
                                                        SHA1:55B90405F1E1B72143C64113E8BC65608DD3FD76
                                                        SHA-256:82AA3FD6A25CDA9E16689CFADEA175091BE010CECAE537E517F392E0BEF5BA0F
                                                        SHA-512:B62F6501CB4C992D42D9097E356805C88AC4AC5A46EAD4A8EEE9F8CBAE197B2305DA8AAB5B4A61891FE73951588025F2D642C32524B360687993F98C913138A0
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: Virustotal, Detection: 1%, Browse
                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;....zp..zp..zp...s.qzp...u..zp...t.\zp...s.izp...u.;zp...t.gzp...q.fzp..zq..{p...y.Ezp.....~zp..z..~zp...r.~zp.Rich.zp.................PE..L....a|b.................V..........|........p....@.......................... ......vI....@.................................Tl..........p2...............#...... $...\..T...........................(]..@............p..H............................text....U.......V.................. ..`.rdata.......p.......Z..............@..@.data...d'...........j..............@....rsrc...p2.......4...x..............@..@.reloc.. $.......&..................@..B................................................................................................................................................................................................................................................................................................

                                                        C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecoveryCRX.crx

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        File Type:Google Chrome extension, version 3
                                                        Category:dropped
                                                        Size (bytes):145035
                                                        Entropy (8bit):7.995615725071868
                                                        Encrypted:true
                                                        SSDEEP:3072:TdgEhmDf+E8VY0x81Rkc6L2oqzqkPEu30gZlc3G2ZknF:TyEhmDf+/+Fnkj6lEukgZyyF
                                                        MD5:EA1C1FFD3EA54D1FB117BFDBB3569C60
                                                        SHA1:10958B0F690AE8F5240E1528B1CCFFFF28A33272
                                                        SHA-256:7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
                                                        SHA-512:6C30728CAC9EAC53F0B27B7DBE2222DA83225C3B63617D6B271A6CFEDF18E8F0A8DFFA1053E1CBC4C5E16625F4BBC0D03AA306A946C9D72FAA4CEB779F8FFCAF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b..........S'.....2.{.....'....+.'.."..Y.x.ISa...)....H.&92..?!..~..F.5."...n,.B.-|\.)..(..... ]G..j.-M)....C......o&L..0.K.....UtP.&.N...;..^w/a{)v...~KG;...?.1...k.c..D.U......J.6.`.G.5.x.k..[...i.A.@I^..I.<A. J...j.'.G.`.$q.N..Tdq]2]p.OF..#.#......'....8.3......0.."0...*.H.............0.............O..(...':19..O/.>....=.....m.n\.z..q.....JW..F......+H.Z+KGO.9....8.....U...&.y....,$...?.Eo.....\f/.Z..+M8...B.3'..Y.r...X.AS?.~..k..n....... Z...&.G....."n..........l.0v.x#<....Lx,-.w..-..d.....J.pT..('e~*{%kQ.Q......rI.....Z....v.N.....J.d_......rX.......w@.b.[.c../V.'c...!.~.k..}z...U.S..nC......@.......Y..#.D.z.....5&.1O...X=p..2.F..P.6yP..>{.....HBX.*.E5....y..

                                                        C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\_metadata\verified_contents.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):1772
                                                        Entropy (8bit):6.019907048086037
                                                        Encrypted:false
                                                        SSDEEP:48:p/hPGxBJ7akeSpKssMLgWuG7bmTkfhs8vox:R9i7aaKssMUWuG7biIQx
                                                        MD5:35C7E305A06F30D3F0A97693C3504265
                                                        SHA1:B30C965F53A93676CC9D87D29F5E6AC5B605DD84
                                                        SHA-256:3B6FB2683B4DFD83FDD0C6EE096F378AA85C6B1ACC73EC66288802A71C9381F7
                                                        SHA-512:A6AC0DDC3C99D59A2C667410FE94BB8F267D1CF422C337FEBCFBAE23D5C965B0E965FF0B77FC88FA9E7B06EE6CE6D532B6ECB0D87A53FB282260EF812379EB7C
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJDaHJvbWVSZWNvdmVyeS5leGUiLCJyb290X2hhc2giOiJVUTRsOWhOY3VCS21lc2Utakd2ZE52X1VCWXFTTWNpTGZQM3pxZ2tnXy0wIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IjBhd25UUEVCZ0NEeTJXTmFVWTdSb2ZJY3dzdnA0cVE1THNlUzFVdGJVdjQifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJmcGplb2FkbWdlZGFqcGxtcG9hYWprY2hkb2ZjbHBrZiIsIml0ZW1fdmVyc2lvbiI6IjEuMy4zNi4xNDEiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"ef1pxaTj-_-MaYe95eLdI4WHEPJq4PB7n1seVNh9AxlAGhDeKZD2PDPdzEYwLEXP6d3DCgNBaZDMZeByzQbRob9fSKBwHKzITZC0ScxWJTc8DuWlYfQdRMTrzxr_7S1FVvRx4Fxi7FFg921RIa7d2zXCGnA8qIvfUzYBU0TYoMeo--GC5JmJGpwrDi_9Xq0saxXUViu8o7Vlbul2ZEFLNMpHSfafBFLJVD_0cJc5arSdhdEVdAW1MztVSQ8CFfKhci2LBn3fKihN2_klwBKfbfmzKNm5aLoOf_iG3hjIoLji8dcxYo5sYXugJENpRrs-_AclQKykKKuD8wi45RK

                                                        C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\manifest.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):195
                                                        Entropy (8bit):4.682333395896383
                                                        Encrypted:false
                                                        SSDEEP:3:rR6TAulhFphifFJ9LAG9Xg0XTFHqS1wP/pEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlM90ggITgS1wnuWfB0NpK4aotL
                                                        MD5:7A8E3A0B6417948DF4D49F3915428D7A
                                                        SHA1:4FC084AABDB13483567D5C417C7ED8FD16726A80
                                                        SHA-256:D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
                                                        SHA-512:064D84A57B28C19AD10742859DA493D0826B47ADC632F6C623DFB4DE36D72A9D29BE98518061A9FFD42D99FCF01F27DE39CE74782B3A5ACBBE11DFDDEEAB59A1
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{. "manifest_version": 2,. "name": "ImprovedRecoveryComponentInner",. "version": "1.3.36.141",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\2db15e99-6dfc-42b5-beea-8434781f5299.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):400260
                                                        Entropy (8bit):6.026690077443186
                                                        Encrypted:false
                                                        SSDEEP:6144:UeX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:UUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:48D31CAA475C0790BE217FA92A8A5E22
                                                        SHA1:EF2EB57642FBAF82AD2634388ADFB06D7FC0A1D1
                                                        SHA-256:8BF1D7AB52753D4B49D3DD0820229CE75C1313392CAA2A3057AB2D10B3AA7A5E
                                                        SHA-512:71CFC8E80515DCDCF13E59FCAE8AB1AB74537B5EB8616FAC535A0438D7AEDF11AD967DFE5BF50B1CC9FCA8B1AC0AB04C9D0B63D5C9981A82AADA0E5D70361AAF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\426527fa-1326-451c-ab76-fc2c90e7ffeb.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):408721
                                                        Entropy (8bit):6.046944454828111
                                                        Encrypted:false
                                                        SSDEEP:6144:seX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:sUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:0535709FD1A7EFC88A75B816AF6B92B5
                                                        SHA1:68D9B3564A43127532D366DA139315F286347756
                                                        SHA-256:782F5BADCF68EE587C29EA1EF1800A96D7EB6808BB40B234FB5322DB711BF5F7
                                                        SHA-512:DCA0E8A919E4B365A125521F88BCC492FE63F7D62CEB1FE3AB990EEE115900099311DF9DF075F797393C8D7CD35CE33C8B3EDB2E803B1C1AD0D0580E8CFE2330
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\4f2d5ca0-f60d-498f-965c-dc3d8f7f9e3c.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):102308
                                                        Entropy (8bit):3.7488300768756004
                                                        Encrypted:false
                                                        SSDEEP:384:E/89J5Hs23s/PVoOV0Ntruvxr3SlDeHrI6GdWxrsPFxyxb6xSrzPirQhmYsCMrFM:i6u5ddJA24ej14fUHHO3KRf1Zh
                                                        MD5:A850CAAC4AAEE14B2407F377D66C8205
                                                        SHA1:2083DEE3A71ECD80CAFACCE2CF08D8D5DA819D34
                                                        SHA-256:BFE748E9B87A352FD4C4A670441EFADADB801C7626E23666B3EE4640A6B4824F
                                                        SHA-512:C3B7BE5110B1ACA9F066A26B52025B90F700EA3B36EB1942A58FEB45ECF9FC4007F0FCAEBFD5877F50DA6C749B63B5BEFADBF7C6338A9094EAA025C0B46AC441
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:................*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\6cd790b6-5099-416e-9dac-a9f89a1d53f5.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):408721
                                                        Entropy (8bit):6.046943637982165
                                                        Encrypted:false
                                                        SSDEEP:6144:FeX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:FUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:B429378DED7DC53443B11C0F8E4F9AA8
                                                        SHA1:45B3C969F32268F06611C12C0C189D4B3E3CD4A5
                                                        SHA-256:2A2BD57E2BE36166A51CF827D4287CA96DF464EF843D47BA493098E26DC291A5
                                                        SHA-512:D32A0C4B637EFB44BA599E07A3E3EA49ABD1ED6EA64318A06FC9790BCD97D4D4EB64F8A63BFD7B08F702DE3AF5FEA1E9233A6A8A7A14B8A698F5F51403AEA139
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\8bec16de-ccc2-4bdd-884b-5a4ae16f8318.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):408721
                                                        Entropy (8bit):6.046944454828111
                                                        Encrypted:false
                                                        SSDEEP:6144:seX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:sUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:0535709FD1A7EFC88A75B816AF6B92B5
                                                        SHA1:68D9B3564A43127532D366DA139315F286347756
                                                        SHA-256:782F5BADCF68EE587C29EA1EF1800A96D7EB6808BB40B234FB5322DB711BF5F7
                                                        SHA-512:DCA0E8A919E4B365A125521F88BCC492FE63F7D62CEB1FE3AB990EEE115900099311DF9DF075F797393C8D7CD35CE33C8B3EDB2E803B1C1AD0D0580E8CFE2330
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\8e3d563a-7914-407b-945b-76d626f1938d.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):400455
                                                        Entropy (8bit):6.027044571698599
                                                        Encrypted:false
                                                        SSDEEP:6144:/eX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:/UkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:3AE48C95C300DDEF8FD4A547CDB3DA65
                                                        SHA1:042C983DDDFC844193F1F1AA1081E0C88CDE4F7D
                                                        SHA-256:EF2BCED24AFDC3E693FF2DDC9776AA274CC97E5B879E47CE0A67E5AAD0CF0CDF
                                                        SHA-512:D4D4F7E0FD4CE8E7D8FED48F0E398C7589EC0B44FFEC07D50FF4A465A6B1619C0DBBF69C74FA3F47B811179EACA481B47F40E8358863415D973C0686418A2F9F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\9729e2f1-e929-420b-9a9e-5255264f83b0.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):101588
                                                        Entropy (8bit):3.7491500287729234
                                                        Encrypted:false
                                                        SSDEEP:384:6/89J5Hs23s/PVoOV0Ntruvxr3SlDeHrI6GdWxrsPFxyxb6xSrzPirQhmYTMrF1e:o6u5ddJ224ej14fUHHO3KRf1Z9
                                                        MD5:F0F521C5FA766607B6138136EC910A86
                                                        SHA1:B200E96EDCA6A903A97D818396551902EECC416C
                                                        SHA-256:1B06A046D1DF6A7729A121456C80C3383E136F9DEC858AEA872B437F096716D3
                                                        SHA-512:76714033AB9C4D0ABDD5CAFB3EF2C33027D9BCE3E23D6FCB45FF935E0F22B8B8C3C24FBC8761BE389A5B158231413CABFDCCF0DE8ED85CB6B39035DAF9CD78C5
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:...............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):40
                                                        Entropy (8bit):3.3041625260016576
                                                        Encrypted:false
                                                        SSDEEP:3:FkXEwozZHn:+EwozZHn
                                                        MD5:BEBB369FF4A565B19D5E0BC83CD176AE
                                                        SHA1:A6F07666F8DDDF61E5AACE533129BFB541A8A769
                                                        SHA-256:8018F98553432706436A31FFD1E743018C3B7F1AA8D34B2FA18F494A4CFCEB19
                                                        SHA-512:5D2F9F6E9502517AFF4673C3157D57046D4E38D70B5E228F468FB820363E559087D1A2F2E4006B4589BF3F175A4507F1FA3D7BE5FC34F9FA39EB17757DAEC17F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:sdPC.......................y3..M.Y.NbD.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):16
                                                        Entropy (8bit):3.2743974703476995
                                                        Encrypted:false
                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MANIFEST-000001.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):16
                                                        Entropy (8bit):3.2743974703476995
                                                        Encrypted:false
                                                        SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                        MD5:206702161F94C5CD39FADD03F4014D98
                                                        SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                        SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                        SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MANIFEST-000002.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\066e39b9-23bd-4f7c-bb6c-a7165e9ed069.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):19792
                                                        Entropy (8bit):5.564142719542289
                                                        Encrypted:false
                                                        SSDEEP:384:D1qtxLlrSX91kXqKf/pUZNCgVLH2HfDzrUNXHGaM27e4H4m:YLlU91kXqKf/pUZNCgVLH2HfPrUN3GOp
                                                        MD5:C07D34462593B2DB24D228428F7928D4
                                                        SHA1:2E7B9029294566B201E89FC5CAC7792DED69C5C6
                                                        SHA-256:47A21948B074945A9CD281F52B0B0FD560833AA11D4B6AE6E1BD3F7A6C929149
                                                        SHA-512:1749173D85785F5361A4255CEB89E16B3374C64E6E3994758AA08BFE818E2050FD28DC8BE2A65591D0972A595FEDC4F7732E34697DCC854A79B88939EB1AFC12
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297830096201255","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\11da441b-c044-4c92-a38b-87f8969125b6.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                        Category:modified
                                                        Size (bytes):19793
                                                        Entropy (8bit):5.564205421621885
                                                        Encrypted:false
                                                        SSDEEP:384:D1qtxLlrSX91kXqKf/pUZNCgVLH2HfDzrUNXHGRM27DH4o:YLlU91kXqKf/pUZNCgVLH2HfPrUN3GhX
                                                        MD5:9E388EDB7C50A0969071299AEA95CC46
                                                        SHA1:09CDC3AB21F78162C2A06F7BDC0B791409A4C8C6
                                                        SHA-256:0552501B27EE54A53A9D2F6C1756A2257F1C46C94022C626D0FDD20631CE1D61
                                                        SHA-512:A1E425E33EFF34A03E72E40A2B7CEF05E892D474FD36443FCDF9961B4F5ACA70B4842DF95190DAEB4AA86BC9328D96715FF5763F64810D4D555D9DF55D9157BB
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297830096201255","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\21468ea5-c2f9-4805-900a-a85c6a81064d.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):4900
                                                        Entropy (8bit):4.958200198907086
                                                        Encrypted:false
                                                        SSDEEP:96:nqXbVNp1paAKIA+xk0JCKL8rsbOTQVuwn:nqXbV1p9f4KsW
                                                        MD5:E9B4A91EFA2644A53C5D4ED6174B77CF
                                                        SHA1:F95C78C075B17C295AAFA8FC20590A2F4B5CEC92
                                                        SHA-256:5ED92975835C9043D9CE4137BD654E827BE1994BDD217B4221B52A0E24D51A1C
                                                        SHA-512:F8A265D34A7C82FE268BFEB1DB9B5248C6C08DB75E8581A6DF473E41EAA8843F78F4024946AFB9A5A32B820F4CC097BC567E6EAC56DD420288DC31E7655165F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297830097125389","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\67b09b8d-05f5-4327-8bbf-a835e0389c40.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):17703
                                                        Entropy (8bit):5.577306283416428
                                                        Encrypted:false
                                                        SSDEEP:384:D1qtxLlrSX91kXqKf/pUZNCgVLH2HfDzrU+M272H4E:YLlU91kXqKf/pUZNCgVLH2HfPrUNHT
                                                        MD5:38996251B9A45188818ED80F66BEC619
                                                        SHA1:62DA618462BC1691C8A02C76C266B3C167D4C6BF
                                                        SHA-256:FC9DBDF29916D4339726329E2D6626E317E80DA17AA2EF8C735A1B3E2466529B
                                                        SHA-512:1D5AF2E0293DB9FEF94CE410C9679BE6AB5B2E792BC0F47EFC49F45CB16DB4211D4566AEC748834A7E7AB9506B954C224E06F4E603132623A255828180A17B3A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297830096201255","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\690e0051-d682-4267-8c8f-e41f19bd3b24.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):2825
                                                        Entropy (8bit):4.86435102445835
                                                        Encrypted:false
                                                        SSDEEP:48:YALtdpBeMsNMHK5sJDysACs37sHWsd5/sSYMHCKs/MHCzsSOMHwsSJtFsX3RLs9D:HQxGKWDS1i/5vYGmGqOGKJ03QshS
                                                        MD5:95488A82D5073BDAAFC1480073FF801F
                                                        SHA1:E2E979B6D4A3EE16A815115C414D0A98E1DFA93F
                                                        SHA-256:C091AE68AFCD5EC632B2C324B983D70F722463CB4D05A3CE8D52E07AA7E5A5D6
                                                        SHA-512:D536466352320C5D394130A59B605617580050CDF325C4B3392D87D384C246E9D8C54FC16A247FF4B379F162536304E0D312D7781FFE245C643C5081B8BE08CD
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952675493","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":32613},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952813644","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952748754","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952634896","port":443,"protocol_str":"quic"}],"isolation":[],"server"

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6b026497-acd5-444c-9805-8f953863c848.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):4873
                                                        Entropy (8bit):4.951814512232185
                                                        Encrypted:false
                                                        SSDEEP:96:nqXbVfp1paAKIA+xk0JCKL8robOTQVuwn:nqXbf1p9f4Ksa
                                                        MD5:B7609861BFE77E00051C631D987E82F2
                                                        SHA1:7B57ED512B959247F49F9DFE407E6EA424950CFC
                                                        SHA-256:1937669F7C546AD5C8A0B9E3EBD29ADE58A1C0B37D54C2E9E1A67290A9FEE818
                                                        SHA-512:8D2F015A599860C925F5DEEAE493B56E7D71E270423E98DC6233FF6A89004F03D3CD94C86FEDC876EE57A87BF34A3F6373E1663C366A1DC1C38FF7FE3FF94598
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297830097125389","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6ee571ac-bfb3-408d-af18-493dab2de1ae.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:very short file (no magic)
                                                        Category:dropped
                                                        Size (bytes):1
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3:L:L
                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7ac3a54c-29a4-42d5-af80-c182e7baa737.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):17356
                                                        Entropy (8bit):5.571397338242429
                                                        Encrypted:false
                                                        SSDEEP:384:D1qtALlrSX91kXqKf/pUZNCgVLH2HfDzrUkMt7eH40:HLlU91kXqKf/pUZNCgVLH2HfPrUAHr
                                                        MD5:6C399CE3B4780A87656C43A6671558B0
                                                        SHA1:A878F71973617E8FE9FDF8CACE9F73D43EE9370B
                                                        SHA-256:3CD6208C0AE017ECD0D6DA51BAE542677EF5C89CECF83BACFB1D3764EAF2E355
                                                        SHA-512:36CF2684036E4145ED4F592BB0FE1332E04823B3AFCCA5E9E4769FA8D6356779903D49830C64E56867D0CC4F354ED9DD3F569AB70E2B850032EACA85861A6419
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297830096201255","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8d147cfb-1162-43f5-8e60-89b9195c1946.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):4873
                                                        Entropy (8bit):4.952279934313265
                                                        Encrypted:false
                                                        SSDEEP:96:nqXbVMqm1paAKIA+xk0JCKL8robOTQVuwn:nqXbtm1p9f4Ksa
                                                        MD5:BF5DCF12BABD89E1E56B2D0EC5BE4A07
                                                        SHA1:17E60AEEAFC0C16C4285961A4FD484ED1090673F
                                                        SHA-256:4BDDE570192C2CA8ABDEEE3FD9851E25305F0EA7E8AA88C8A7DB188D19161328
                                                        SHA-512:DF81C208D2200ECBDA2001542BCD2960EA7DF846E6E218B498120B4970E5DB8160A656B0C15F20AB83604228BF4898FBC6B946BCD19BA690F98C70BD4EC9F5DE
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297830097125389","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):16
                                                        Entropy (8bit):3.2743974703476995
                                                        Encrypted:false
                                                        SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                        MD5:206702161F94C5CD39FADD03F4014D98
                                                        SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                        SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                        SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MANIFEST-000002.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):11217
                                                        Entropy (8bit):6.069602775336632
                                                        Encrypted:false
                                                        SSDEEP:192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
                                                        MD5:90F880064A42B29CCFF51FE5425BF1A3
                                                        SHA1:6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
                                                        SHA-256:965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
                                                        SHA-512:D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):38
                                                        Entropy (8bit):1.8784775129881184
                                                        Encrypted:false
                                                        SSDEEP:3:FQxlXNQxlX:qTCT
                                                        MD5:51A2CBB807F5085530DEC18E45CB8569
                                                        SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                        SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                        SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.f.5................f.5...............

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):378
                                                        Entropy (8bit):5.210553819194177
                                                        Encrypted:false
                                                        SSDEEP:6:AXOHMQL+q2PN723iKKdK25+Xqx8chI+IFUtqVfXOcFMG1ZmwYVfXOf3QLVkwON7l:AXaMQyvVa5KkTXfchI3FUtiXCg/IX63V
                                                        MD5:3E65020A844D1E7170602C00EB5586D0
                                                        SHA1:F587E8C37BE4BE973BE3FF0D7697C861B84EA54F
                                                        SHA-256:3EB76B58F7F0897E369789B94A7CE85E67951AC1B390F4CE68863B0A9E97FD58
                                                        SHA-512:6BFA8E0D4F3C63DEDB5A4F8A0F9438D1253C36F2BA4CC55D45F56B13E8C965946C097272071B7402CCD9958CE378E5E561B00B47F6BE3538DFC49D88A777BD21
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2022/05/23-18:41:54.318 1ba8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/05/23-18:41:54.320 1ba8 Recovering log #3.2022/05/23-18:41:54.331 1ba8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):378
                                                        Entropy (8bit):5.210553819194177
                                                        Encrypted:false
                                                        SSDEEP:6:AXOHMQL+q2PN723iKKdK25+Xqx8chI+IFUtqVfXOcFMG1ZmwYVfXOf3QLVkwON7l:AXaMQyvVa5KkTXfchI3FUtiXCg/IX63V
                                                        MD5:3E65020A844D1E7170602C00EB5586D0
                                                        SHA1:F587E8C37BE4BE973BE3FF0D7697C861B84EA54F
                                                        SHA-256:3EB76B58F7F0897E369789B94A7CE85E67951AC1B390F4CE68863B0A9E97FD58
                                                        SHA-512:6BFA8E0D4F3C63DEDB5A4F8A0F9438D1253C36F2BA4CC55D45F56B13E8C965946C097272071B7402CCD9958CE378E5E561B00B47F6BE3538DFC49D88A777BD21
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2022/05/23-18:41:54.318 1ba8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/05/23-18:41:54.320 1ba8 Recovering log #3.2022/05/23-18:41:54.331 1ba8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PGP\011Secret Key -
                                                        Category:dropped
                                                        Size (bytes):41
                                                        Entropy (8bit):4.704993772857998
                                                        Encrypted:false
                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):1960
                                                        Entropy (8bit):4.890462155836508
                                                        Encrypted:false
                                                        SSDEEP:48:YALteBdpNntw3qyvTCXDHz5sgGsltRLs9WSyBsWMHJYhbG:2lNnOa+TCXDHzrbtVjGWhS
                                                        MD5:627B4C3BA4DB42F7AD357185B29FFF79
                                                        SHA1:40F85D64270D0708A2EA8510B9D6A1BC542284BE
                                                        SHA-256:57891A62B042EB3CB149598477FF854D02493CD1061C6B30C147731FDFF58350
                                                        SHA-512:DEEF9AA39DFF583517051056CDE95C0592EF434B0F10567121E379C857BDA17EA1FBFB5A10889C5737CBC57C9457E510C124F7D404E5BD67F861E59EC84BC98D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):4900
                                                        Entropy (8bit):4.958200198907086
                                                        Encrypted:false
                                                        SSDEEP:96:nqXbVNp1paAKIA+xk0JCKL8rsbOTQVuwn:nqXbV1p9f4KsW
                                                        MD5:E9B4A91EFA2644A53C5D4ED6174B77CF
                                                        SHA1:F95C78C075B17C295AAFA8FC20590A2F4B5CEC92
                                                        SHA-256:5ED92975835C9043D9CE4137BD654E827BE1994BDD217B4221B52A0E24D51A1C
                                                        SHA-512:F8A265D34A7C82FE268BFEB1DB9B5248C6C08DB75E8581A6DF473E41EAA8843F78F4024946AFB9A5A32B820F4CC097BC567E6EAC56DD420288DC31E7655165F4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297830097125389","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):19793
                                                        Entropy (8bit):5.564205421621885
                                                        Encrypted:false
                                                        SSDEEP:384:D1qtxLlrSX91kXqKf/pUZNCgVLH2HfDzrUNXHGRM27DH4o:YLlU91kXqKf/pUZNCgVLH2HfPrUN3GhX
                                                        MD5:9E388EDB7C50A0969071299AEA95CC46
                                                        SHA1:09CDC3AB21F78162C2A06F7BDC0B791409A4C8C6
                                                        SHA-256:0552501B27EE54A53A9D2F6C1756A2257F1C46C94022C626D0FDD20631CE1D61
                                                        SHA-512:A1E425E33EFF34A03E72E40A2B7CEF05E892D474FD36443FCDF9961B4F5ACA70B4842DF95190DAEB4AA86BC9328D96715FF5763F64810D4D555D9DF55D9157BB
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297830096201255","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\05187f3a-574f-40d6-b7f6-b4de239a77c6.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):325
                                                        Entropy (8bit):4.95629898779197
                                                        Encrypted:false
                                                        SSDEEP:6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
                                                        MD5:D5BB2F0F1694209F0C6AE5BA44DAC338
                                                        SHA1:41B2CDE10C8937FC9607E608AF65EDF709033350
                                                        SHA-256:20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
                                                        SHA-512:A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):270336
                                                        Entropy (8bit):0.0012471779557650352
                                                        Encrypted:false
                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):325
                                                        Entropy (8bit):4.95629898779197
                                                        Encrypted:false
                                                        SSDEEP:6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
                                                        MD5:D5BB2F0F1694209F0C6AE5BA44DAC338
                                                        SHA1:41B2CDE10C8937FC9607E608AF65EDF709033350
                                                        SHA-256:20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
                                                        SHA-512:A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\0b6b6f12-a23f-4eca-9dbc-aa10a76b0d74.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:modified
                                                        Size (bytes):325
                                                        Entropy (8bit):4.958114650763609
                                                        Encrypted:false
                                                        SSDEEP:6:YHpoNXR8+eq7JdV59YIEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdXXEsBdLJlyH7E4f3K33y
                                                        MD5:F08847672DDD58749FE32FEFD1DBBAE9
                                                        SHA1:C4C1750B297311628D53B0D3DD473F3EDD6019E9
                                                        SHA-256:4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
                                                        SHA-512:541C4ADF3A92398F61F1E90C9995FD9CCB668FF51F578968C6CCD73AB81AB24668D969A9F98A1B529F631022EF4A3D224D76B4EDCB656ADADB27A7E4065395A0
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544901990438","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):270336
                                                        Entropy (8bit):0.0012471779557650352
                                                        Encrypted:false
                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):325
                                                        Entropy (8bit):4.958114650763609
                                                        Encrypted:false
                                                        SSDEEP:6:YHpoNXR8+eq7JdV59YIEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdXXEsBdLJlyH7E4f3K33y
                                                        MD5:F08847672DDD58749FE32FEFD1DBBAE9
                                                        SHA1:C4C1750B297311628D53B0D3DD473F3EDD6019E9
                                                        SHA-256:4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
                                                        SHA-512:541C4ADF3A92398F61F1E90C9995FD9CCB668FF51F578968C6CCD73AB81AB24668D969A9F98A1B529F631022EF4A3D224D76B4EDCB656ADADB27A7E4065395A0
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544901990438","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d37cb5e6-bbfb-4996-9e2c-e16b34133ad2.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):1960
                                                        Entropy (8bit):4.890462155836508
                                                        Encrypted:false
                                                        SSDEEP:48:YALteBdpNntw3qyvTCXDHz5sgGsltRLs9WSyBsWMHJYhbG:2lNnOa+TCXDHzrbtVjGWhS
                                                        MD5:627B4C3BA4DB42F7AD357185B29FFF79
                                                        SHA1:40F85D64270D0708A2EA8510B9D6A1BC542284BE
                                                        SHA-256:57891A62B042EB3CB149598477FF854D02493CD1061C6B30C147731FDFF58350
                                                        SHA-512:DEEF9AA39DFF583517051056CDE95C0592EF434B0F10567121E379C857BDA17EA1FBFB5A10889C5737CBC57C9457E510C124F7D404E5BD67F861E59EC84BC98D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):16
                                                        Entropy (8bit):3.2743974703476995
                                                        Encrypted:false
                                                        SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                        MD5:6752A1D65B201C13B62EA44016EB221F
                                                        SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                        SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                        SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MANIFEST-000004.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):16
                                                        Entropy (8bit):3.2743974703476995
                                                        Encrypted:false
                                                        SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                        MD5:6752A1D65B201C13B62EA44016EB221F
                                                        SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                        SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                        SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:MANIFEST-000004.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):106
                                                        Entropy (8bit):3.138546519832722
                                                        Encrypted:false
                                                        SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                                        MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                                        SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                                        SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                                        SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):13
                                                        Entropy (8bit):2.8150724101159437
                                                        Encrypted:false
                                                        SSDEEP:3:Yx7:4
                                                        MD5:C422F72BA41F662A919ED0B70E5C3289
                                                        SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                                        SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                                        SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:85.0.4183.121

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):400455
                                                        Entropy (8bit):6.027044571698599
                                                        Encrypted:false
                                                        SSDEEP:6144:/eX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:/UkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:3AE48C95C300DDEF8FD4A547CDB3DA65
                                                        SHA1:042C983DDDFC844193F1F1AA1081E0C88CDE4F7D
                                                        SHA-256:EF2BCED24AFDC3E693FF2DDC9776AA274CC97E5B879E47CE0A67E5AAD0CF0CDF
                                                        SHA-512:D4D4F7E0FD4CE8E7D8FED48F0E398C7589EC0B44FFEC07D50FF4A465A6B1619C0DBBF69C74FA3F47B811179EACA481B47F40E8358863415D973C0686418A2F9F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):102932
                                                        Entropy (8bit):3.748990580111419
                                                        Encrypted:false
                                                        SSDEEP:384:6/89J5Hs23s/PVoOV0Ntruvxr3SlDeHrI6GdWxrsPFxyxb6xPFrzPirQhmYsCMrd:o6u5dd+A24ej14fUHHO3KRf1Za
                                                        MD5:C5A329D4D21FCB3275CB6ABE13ED0060
                                                        SHA1:69255E391018CF446E10332DF3C11E5B1B5B15D6
                                                        SHA-256:54806E02E7BC83F31B08F25D78EDC60D33C8FA00E39DDDDCAB96429A0A3CD9BA
                                                        SHA-512:B9E05C99615CEE22DDCB27A9766876A0A6C882BAE85BC70BF165DFEF00A3858C4E4344E86C681E17ADD21DAC66EF69EF6D774836E60D3EC0125BC15684F21A5A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:................*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2332_2059111382\Ruleset Data

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):147504
                                                        Entropy (8bit):4.859567224410241
                                                        Encrypted:false
                                                        SSDEEP:3072:KJ4VHTSRJJYd7eF9yBrohsNSlkSTmLzpN1VZihdfjAUoIUeFjK:A4VGJ2JoySl61edbPq
                                                        MD5:BC811D916CF7D8E6B13B5E63C7B6A474
                                                        SHA1:CCCB6EB391D88DDFCE3E3BAB3AB63AC799459484
                                                        SHA-256:CE9183903AA22B624FBA2877EFEE026D53EF7B38FF28D4119E70F55B7BFF79C3
                                                        SHA-512:158DA5CD955DA0AA16DA80A894FB277181753854A011C8CC3ECFF4075A5A4449CC85A51C17446C0096310CF897045EA549D4B21A756541335DE82E69413E9D8F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:........................4Y................................. ...X...l...h...d...0.......X...T...P...L...H.......@...<.......4...0...,.......|...`...D........... ................................)......ozama.......,"...*......g.bat........ .. *......onwod.......D...8*......ennab...........P*......nozam...........h*......geips.......H....*......rekoj...........*......lgoog............*......uotpo........#...*......lreko.......X....*..t...........|W..............PW..4W...W...V...V..XW...V..PW..LW..HW..DW...V..<W..8W..4W..0W..,W..dV..$W.. W..@V...W.. V...W...V...W...W...U...V...V...V...V...V...V...U...V...U...V..hU...V..HU...V...V...V...V...V...V...V...V...V...V...V...V...V...T...T...V...V...V...V...T..xV..tV..pV..lV...T..dV..dT..HT..XV..TV..PV.. T..HV..DV..@V..<V..8V..4V..0V..,V..(V..$V.. V...V...V...V...V...V...S...S...V...S...U...U..dS...U...U...U...U..8S...S...S...U...U...U...U...U...U...R...U...U...U...U...R...U...R..dR...U...U...U...U...U...U..|U..xU..tU..$R..lU..hU..dU..`U...Q..XU..

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\a81bf1c0-ae16-4a5f-aa2d-8bd9c3fa1e24.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):400352
                                                        Entropy (8bit):6.0268601015185075
                                                        Encrypted:false
                                                        SSDEEP:6144:ueX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:uUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:D2F20410D3C1A6368533541ACB4D97EC
                                                        SHA1:538C69616D4FFDC6D36558844D06DED3F4FD4D47
                                                        SHA-256:318033C8FAEE6140306ABEDC6817E1BAA84BF23283994EA9652FC58BA44CFE66
                                                        SHA-512:BEC8B4535D3122F614422477930726286F3ABDF2F161DB56874788352DB2FCC297E711820DD9622CEDF37086CDD189B64B7D662DE71B8DEDD23ABABC27F5A36F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\dc39d5d1-11ba-416b-bebd-361cb28678c7.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):99604
                                                        Entropy (8bit):3.7485857384929337
                                                        Encrypted:false
                                                        SSDEEP:384:e/89J5Hs2z/4V0Ntruvxr3SlDeHrI6GdWxrsPFxyxb6xSrzPirQhmYTMrF11yOP3:tu5ddJ224ej14fUHHO3KRf1ZW
                                                        MD5:BFA29265C9D43CD7E2749DD09B20DF44
                                                        SHA1:ABCE696155497D79E99EB0427D44AA5F1CB2A41A
                                                        SHA-256:8775CB657B6C7228965D22A9BE0E8D5CF603F22BD7AC95BEDF2C9DF46A629098
                                                        SHA-512:710E72B02AD132048D5776C1842344B20D69C5C79FF6E585C39C9E13C4CFF9EAAC7B1F4235D904D0A62D0807D2DA7EF7974ED04A4386769F472DFC08DEC9BF43
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:................*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\fabb3fe1-a404-4524-8479-d64489129d92.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):400260
                                                        Entropy (8bit):6.026690077443186
                                                        Encrypted:false
                                                        SSDEEP:6144:UeX5kVfXhSm/TCXnqn3A9cG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinq:UUkhxSa+qKcGNPUZ+w7wJHyEtAWr
                                                        MD5:48D31CAA475C0790BE217FA92A8A5E22
                                                        SHA1:EF2EB57642FBAF82AD2634388ADFB06D7FC0A1D1
                                                        SHA-256:8BF1D7AB52753D4B49D3DD0820229CE75C1313392CAA2A3057AB2D10B3AA7A5E
                                                        SHA-512:71CFC8E80515DCDCF13E59FCAE8AB1AB74537B5EB8616FAC535A0438D7AEDF11AD967DFE5BF50B1CC9FCA8B1AC0AB04C9D0B63D5C9981A82AADA0E5D70361AAF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.653356498580682e+12,"network":1.6533241e+12,"ticks":178557639.0,"uncertainty":3967768.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230364373940"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                        C:\Users\user\AppData\Local\Google\Chrome\User Data\fc06df90-f329-4f82-8fd9-1b17e37832cc.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):102932
                                                        Entropy (8bit):3.748990580111419
                                                        Encrypted:false
                                                        SSDEEP:384:6/89J5Hs23s/PVoOV0Ntruvxr3SlDeHrI6GdWxrsPFxyxb6xPFrzPirQhmYsCMrd:o6u5dd+A24ej14fUHHO3KRf1Za
                                                        MD5:C5A329D4D21FCB3275CB6ABE13ED0060
                                                        SHA1:69255E391018CF446E10332DF3C11E5B1B5B15D6
                                                        SHA-256:54806E02E7BC83F31B08F25D78EDC60D33C8FA00E39DDDDCAB96429A0A3CD9BA
                                                        SHA-512:B9E05C99615CEE22DDCB27A9766876A0A6C882BAE85BC70BF165DFEF00A3858C4E4344E86C681E17ADD21DAC66EF69EF6D774836E60D3EC0125BC15684F21A5A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:................*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....]8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\Filtering Rules

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):96166
                                                        Entropy (8bit):5.4897674246314825
                                                        Encrypted:false
                                                        SSDEEP:1536:F3eywFManDiYhqzOBD/mpEV+SYkdD0No8grXyT00LschZ0J5b5wDj:LwFManGeAOBDwEfRD0NTCCT00fhZ0JxM
                                                        MD5:81BE5836F8740802C2CD3436AF0D326C
                                                        SHA1:88BD294563A3E1BA663375609E83DFED3B57E6FE
                                                        SHA-256:409C37FBE8373412615BBDE198F234BCACFE8BB32DA179B1F84B003EB558488F
                                                        SHA-512:4EC450888C8C0505B7AD517891AD158153CF2E93A0A32A670D5709B8C74DA3BF0D30EE59F35F9D529FE033E7771FA8B28B9EB06204E732F0308BC4C073E6ABFC
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.rvpsrv.com^..........0.8.@.R.yomeno.xyz^.:........*...adcore.com.au..*...adcore.ch..0.8.@.R./adcore_..........0.8.@.R.uwoaptee.com^.8......*...safeway.com0.8.@.R.fwcdn2.com/js/embed-feed.js..........0.8.@.R._468_60..3........0.8.@.R#/wp-content/plugins/wp-super-popup/.9........0.8.@.R)bancodevenezuela.com/imagenes/publicidad/..........0.8.@.R..adbutler-..........0.8.@.R.adrecover.com^..........0.8.@.R.hdbcode.com^.?........*...google.com0.8.@.R!developers.google.com/google-ads/.-........*...konograma.com..0.8.@.R./adserver...........*...vk.com0.8.@.R.vk.me/css/al/ads.css.,........0.8.@.R.mysmth.net/nForum/*/ADAgent_..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.E........*...daum.net0.8.@.R)daumcdn.net/adfit/static/ad-native.min.js.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^..........0.8.@.R./banner.cgi?...........*...thefreedictionary.com*...downloads.co

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\LICENSE.txt

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):24623
                                                        Entropy (8bit):4.588307081140814
                                                        Encrypted:false
                                                        SSDEEP:384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
                                                        MD5:D33AAA5246E1CE0A94FA15BA0C407AE2
                                                        SHA1:11D197ACB61361657D638154A9416DC3249EC9FB
                                                        SHA-256:1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
                                                        SHA-512:98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\_metadata\verified_contents.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):1641
                                                        Entropy (8bit):5.960820521871119
                                                        Encrypted:false
                                                        SSDEEP:48:p/h4IebKC0tH6TGkakQUyXyPtvojkmFz6fdH:RmIeMHwaPUd6j7adH
                                                        MD5:6977480C932C6C233E72BCD27AB40151
                                                        SHA1:AFB95CE40A8DC75B3A609C07E506F3C45719683F
                                                        SHA-256:EC90E259556575C81F6B989F7E0251730A7286BDE2CE50720CFA38E484644EB2
                                                        SHA-512:965D6788B7910F1FE27F9D4CB3F311C04B1029422174C2ABD1ABBDD562C2776684037A3D36C506FEEF7F6BAE2B020DEBFD43FEEBD6A904FE24E7B537D4BB1C8B
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJDR2dDUjZpQ1YzT3gtc281bHk2aXo1NU45MFpacHg3TjJjSWZrNmNyd1NvIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IktBdVZLYTlfRVBXWUM0eHhSZnViZGlTNkp2aUNzVVVwRkVWZndBQ3lMRFUifSx7InBhdGgiOiJtYW5pZmVzdC5qc29ufiIsInJvb3RfaGFzaCI6Imd1VUJDV01mNTlub1p2M3JRVlJsQ3gwdUFWcjdlUjRzNFRGdEx4VnBoUFEifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuMzUuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dPaqf1rdJc9ZDJ6G_NiG8qMiRszkbuJQ9viGJwKZUmL6umoX42eImE9lFHWlKnzQp6T-f9zDk3d-3im1Z2hnKtonTmCGV73T8d2b7I7N0lrFnwARV_umlIqB7qCcdtMKC

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.fingerprint

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):66
                                                        Entropy (8bit):3.767625222183077
                                                        Encrypted:false
                                                        SSDEEP:3:SQbYGEUfWRjj3WWEA5ajcGn:SQEYfWRjjXgj
                                                        MD5:69B6F159F9B1421EBD5224D3F61ADCA9
                                                        SHA1:5F778F3E0B566C638F1C9436F567E17D13F1EC02
                                                        SHA-256:42B2668908F5B710DDDACB59DCB6547B5BCC247A90102F2E2B2FE0190BE28C23
                                                        SHA-512:C5D6467D87C25405FE99386EFFD0BB37C0728DECCECA647B6C85DD24BD28D6321B841852ACE3B83EC37D94A8ED9251683D4655AA71D185CB6A156D53B252AE93
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:1.53b83738fad69a9f3db36848834a1d5003880033cae857eadfc37d3802dfcb8c

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):115
                                                        Entropy (8bit):4.563301657145084
                                                        Encrypted:false
                                                        SSDEEP:3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1Yav:F6VlMZWuMt5SKPS1Yk
                                                        MD5:8C5308E53C3B2FF7B5C645BB2FF50A01
                                                        SHA1:2CA75B325F6263E2B2A0C8C4C9FF6161992152F0
                                                        SHA-256:280B9529AF7F10F5980B8C7145FB9B7624BA26F882B1452914455FC000B22C35
                                                        SHA-512:DD70A682733891E546B4BEABC73E3D2E3D85810AD9196AE92F7B9722FEC7622F085500F5BEEDCFB44F2EA6EB8953C509C8EE9729567A7E47D88C0C8DC4C19B2A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.35.0".}.

                                                        C:\Users\user\AppData\Local\Temp\2332_230541184\manifest.json~

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):115
                                                        Entropy (8bit):4.563301657145084
                                                        Encrypted:false
                                                        SSDEEP:3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1Vqn:F6VlMZWuMt5SKPS1kn
                                                        MD5:9BE1BC3AB4909AFF0167952B7170AC53
                                                        SHA1:F4A9E494B2E8E9AB52E7DD6EA72DA933470E5572
                                                        SHA-256:82E50109631FE7D9E866FDEB4154650B1D2E015AFB791E2CE1316D2F156984F4
                                                        SHA-512:9A3F0104C5D6190DC697B1DC442F3AAD18D6AAD43579344EA569E9925ECDEB640A55DBAA1FFD194EE00479CF68059F1C708EEF80159F90FA0012A5A95E971CFF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.34.0".}.

                                                        C:\Users\user\AppData\Local\Temp\2332_963267159\Recovery.crx3

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Google Chrome extension, version 3
                                                        Category:dropped
                                                        Size (bytes):145035
                                                        Entropy (8bit):7.995615725071868
                                                        Encrypted:true
                                                        SSDEEP:3072:TdgEhmDf+E8VY0x81Rkc6L2oqzqkPEu30gZlc3G2ZknF:TyEhmDf+/+Fnkj6lEukgZyyF
                                                        MD5:EA1C1FFD3EA54D1FB117BFDBB3569C60
                                                        SHA1:10958B0F690AE8F5240E1528B1CCFFFF28A33272
                                                        SHA-256:7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
                                                        SHA-512:6C30728CAC9EAC53F0B27B7DBE2222DA83225C3B63617D6B271A6CFEDF18E8F0A8DFFA1053E1CBC4C5E16625F4BBC0D03AA306A946C9D72FAA4CEB779F8FFCAF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b..........S'.....2.{.....'....+.'.."..Y.x.ISa...)....H.&92..?!..~..F.5."...n,.B.-|\.)..(..... ]G..j.-M)....C......o&L..0.K.....UtP.&.N...;..^w/a{)v...~KG;...?.1...k.c..D.U......J.6.`.G.5.x.k..[...i.A.@I^..I.<A. J...j.'.G.`.$q.N..Tdq]2]p.OF..#.#......'....8.3......0.."0...*.H.............0.............O..(...':19..O/.>....=.....m.n\.z..q.....JW..F......+H.Z+KGO.9....8.....U...&.y....,$...?.Eo.....\f/.Z..+M8...B.3'..Y.r...X.AS?.~..k..n....... Z...&.G....."n..........l.0v.x#<....Lx,-.w..-..d.....J.pT..('e~*{%kQ.Q......rI.....Z....v.N.....J.d_......rX.......w@.b.[.c../V.'c...!.~.k..}z...U.S..nC......@.......Y..#.D.z.....5&.1O...X=p..2.F..P.6yP..>{.....HBX.*.E5....y..

                                                        C:\Users\user\AppData\Local\Temp\2332_963267159\_metadata\verified_contents.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):1765
                                                        Entropy (8bit):6.027545161275716
                                                        Encrypted:false
                                                        SSDEEP:48:p/hii6zkvVI1Jip2qRNHvakuQkCNFxdsGwmBKkgum91:Rz0kv6cNvaYNFwSEhug
                                                        MD5:45821E6EB1AEC30435949B553DB67807
                                                        SHA1:B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC
                                                        SHA-256:E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
                                                        SHA-512:BCBE40CAFAA4B14566D91E361D8FB7F0288D5C459FA478AA4C575444DA4D406E1076FC0B3A31D4A9E5EE034F0FE15A0EFE8A8A52B838DE94B96D3E488D28F0FE
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJSZWNvdmVyeS5jcngzIiwicm9vdF9oYXNoIjoiaGdCR051SzhNR2NKaDlfNmZQaFdEWmpVYUFKeklzeDlJS21DUEZvb0dfUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIwYXduVFBFQmdDRHkyV05hVVk3Um9mSWN3c3ZwNHFRNUxzZVMxVXRiVXY0In1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiaWhubGNlbm9jZWhnZGFlZ2RtaGJpZGpobmhkY2hmbW0iLCJpdGVtX3ZlcnNpb24iOiIxLjMuMzYuMTQxIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"iFuMX_kOZ-zJ7KVu6Lxb3rHWZgQvkZhv25x_SGlBiDV_okALrGbj6rUOWyNNNsHXMnT118XZmA696XR8qkr4dwT5Gvez-9gi-WYBY7XBkgo7v6NspGgJF89BNCeI-P9k-zBHOGgrf-fCEiAcoM7xCx9_f8qlRy7nhQPyjOIHn5eEJEir0uSu6gdqR9afnVZ3UoR-VOLdOBt7fA4ee38MP2ut5qWU50F5dvIezfKkTVDMHwztvcLCy6R9SVkdSYv6jwWGccYRl-aclvkkHu6SnbZGI7fmDZdkcBAxBHYEZZMmvb76ro4SO15GDyEVAo_Qf4trdrY_GyN_Bm73imCTjgtoGc

                                                        C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.fingerprint

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):66
                                                        Entropy (8bit):3.7900469623255675
                                                        Encrypted:false
                                                        SSDEEP:3:SpOXzxlQ4BdPWfDL9c:SpOjDQFfVc
                                                        MD5:2AE14F91312C4E8034366B09D49D5B18
                                                        SHA1:AD4933A5D838D0FA0B960C327A5039A9E8249642
                                                        SHA-256:4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
                                                        SHA-512:FB0CC467A4B8463F6A3BF42CDC11C23B34EB94A9397644B68714DCB819EE326BAE05022D59D23DC9907DF1E6928064D853FD0900BB6083417892D4D5A9BA7716
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:1.aeedb246d19256a956fedaa89fb62423ae5bd8855a2a1f3189161cf045645a19

                                                        C:\Users\user\AppData\Local\Temp\2332_963267159\manifest.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):195
                                                        Entropy (8bit):4.682333395896383
                                                        Encrypted:false
                                                        SSDEEP:3:rR6TAulhFphifFJ9LAG9Xg0XTFHqS1wP/pEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlM90ggITgS1wnuWfB0NpK4aotL
                                                        MD5:7A8E3A0B6417948DF4D49F3915428D7A
                                                        SHA1:4FC084AABDB13483567D5C417C7ED8FD16726A80
                                                        SHA-256:D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
                                                        SHA-512:064D84A57B28C19AD10742859DA493D0826B47ADC632F6C623DFB4DE36D72A9D29BE98518061A9FFD42D99FCF01F27DE39CE74782B3A5ACBBE11DFDDEEAB59A1
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{. "manifest_version": 2,. "name": "ImprovedRecoveryComponentInner",. "version": "1.3.36.141",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                                                        C:\Users\user\AppData\Local\Temp\26620b0b-e526-485b-943d-dc608904fe24.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:very short file (no magic)
                                                        Category:dropped
                                                        Size (bytes):1
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3:L:L
                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.

                                                        C:\Users\user\AppData\Local\Temp\fdde1a6e-3537-40bb-94ac-392e6702c2fa.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Google Chrome extension, version 3
                                                        Category:dropped
                                                        Size (bytes):248531
                                                        Entropy (8bit):7.963657412635355
                                                        Encrypted:false
                                                        SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                        MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                        SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                        SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                        SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\bg\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):796
                                                        Entropy (8bit):4.864931792423268
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
                                                        MD5:6F8E288A9AD5B1ED8633B430E2B4D4CA
                                                        SHA1:F671D3D4BEFA431D1946D706F4192D44E29B6F08
                                                        SHA-256:A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
                                                        SHA-512:0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ca\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):675
                                                        Entropy (8bit):4.536753193530313
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
                                                        MD5:1FDAFC926391BD580B655FBAF46ED260
                                                        SHA1:C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
                                                        SHA-256:C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
                                                        SHA-512:39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\cs\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):641
                                                        Entropy (8bit):4.698608127109193
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
                                                        MD5:76DEC64ED1556180B452A13C83171883
                                                        SHA1:CFB1E56FD587BCDC459C1D9A683B71F9849058F9
                                                        SHA-256:32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
                                                        SHA-512:5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\da\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):624
                                                        Entropy (8bit):4.5289746475384565
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJJMKKFZGGJMKKFZ+WYpU34OHu+dgxlCZO8ZpU34J4Wu03OyZnLAOfTYzD:1HErMKfqMKVWYpM6lL8ZpDNOGAOfiD
                                                        MD5:238B97A36E411E42FF37CEFAF2927ED1
                                                        SHA1:4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
                                                        SHA-256:4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
                                                        SHA-512:FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\de\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):651
                                                        Entropy (8bit):4.583694000020627
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJQ1ZGGQ1Z+WYpU34pCEMT+dgJMlCTO8ZpU34p6FK603OyZnLAOfTYJ6K:1HEzWWYp3Bewv8Zp7k4OGAOfQj
                                                        MD5:6B3E916E8C1991AA0453CBA00FEDCAAA
                                                        SHA1:D6366D15912E40CA107FD42BFE9579C3336A51F9
                                                        SHA-256:A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
                                                        SHA-512:87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\el\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):787
                                                        Entropy (8bit):4.973349962793468
                                                        Encrypted:false
                                                        SSDEEP:24:1HEw+aZ+6WYpbWZe80A08ZpCGyDVWlOGAOf+XD:WguYpCZnpEZbGoD
                                                        MD5:05C437A322C1148B5F78B2F341339147
                                                        SHA1:AB53003A678E44A170E73711FBD9949833BBF3AA
                                                        SHA-256:A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
                                                        SHA-512:C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):593
                                                        Entropy (8bit):4.483686991119526
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                        MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                        SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                        SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                        SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\en_GB\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):593
                                                        Entropy (8bit):4.483686991119526
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                        MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                        SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                        SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                        SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):661
                                                        Entropy (8bit):4.450938335136508
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34lPbdlVo03OyZnLAOfTY6xjD:1HEvaC6WYpcDeEFxq8ZpNl5OGAOffD
                                                        MD5:82719BD3999AD66193A9B0BB525F97CD
                                                        SHA1:41194D511F1ACC16C1CA828AC81C18C8C6B47287
                                                        SHA-256:4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
                                                        SHA-512:D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\es_419\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):637
                                                        Entropy (8bit):4.47253983486615
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34GLO03OyZnLAOfTYiJD:1HEvaC6WYpcDeEFxq8Zp4LlOGAOfvD
                                                        MD5:6B2583D8D1C147E36A69A88009CBEBC7
                                                        SHA1:4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
                                                        SHA-256:6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
                                                        SHA-512:37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\et\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):595
                                                        Entropy (8bit):4.467205425399467
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJfPGGGfPG+WYpU34Ze7z+dgrW9O8ZpU34ZwZz03OyZnLAOfTYgoLIR:1HEdvqlWYpTeObk8ZpT/OGAOfuLIR
                                                        MD5:CFF6CB76EC724B17C1BC920726CB35A7
                                                        SHA1:14ED068251D65A840F00C05409D705259D329FFC
                                                        SHA-256:C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
                                                        SHA-512:53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fi\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):647
                                                        Entropy (8bit):4.595421267152647
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJRuzGGRuz+WYpU34ujSBu+dgYO8ZpU34J+Bu03OyZnLAOfTY5HN:1HEFcWYpPNa8ZpD+FOGAOfEHN
                                                        MD5:3A01FEE829445C482D1721FF63153D16
                                                        SHA1:F3EAAADDC03F943FC88B30B67F534AA13E3336DD
                                                        SHA-256:0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
                                                        SHA-512:3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fil\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):658
                                                        Entropy (8bit):4.5231229502550745
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJADlbGGADlb+WYpU34hTUT+dgHfZAFFZO8ZpU34hTjzeT03OyZnLAOfTYHfvF:1HEYah6WYp7TUSoxOS8Zp7TOsOGAOfqV
                                                        MD5:57AF5B654270A945BDA8053A83353A06
                                                        SHA1:EEEF7A4F869F97CF471A05D345E74F982D15E167
                                                        SHA-256:EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
                                                        SHA-512:5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\fr\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):677
                                                        Entropy (8bit):4.552569602149629
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJALf/nbGGALf/nb+WYpU34Owdgbyb+dgdQjO8ZpU34ITQpGnbyb03OyZnLAO8:1HE4Hna1Hn6WYpNdgpY8ZpSTQwnBOGAh
                                                        MD5:8D11C90F44A6585B57B933AB38D1FFF8
                                                        SHA1:3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
                                                        SHA-256:599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
                                                        SHA-512:D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hi\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):835
                                                        Entropy (8bit):4.791154467711985
                                                        Encrypted:false
                                                        SSDEEP:24:1HEs07J0JWYp9vnCSVLP8Zp6CsOGAOf8SLm:Wh7qgYp1CMLUph1GiSLm
                                                        MD5:E376D757C8FD66AC70A7D2D49760B94E
                                                        SHA1:1525C5B1312D409604F097768503298EC440CC4D
                                                        SHA-256:8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
                                                        SHA-512:673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hr\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):618
                                                        Entropy (8bit):4.56999230891419
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJGiimxmbZGGGiimxmbZ+WYpU34OBOEuhopIO+dgcapZO8ZpU34GiiZrMrQphK:1HE4H4TH8WYpNjTta28ZpQVLP0SOGAOK
                                                        MD5:8185D0490C86363602A137F9A261CC50
                                                        SHA1:5BD933B874441CEACB9201CCC941FF67BAED6DC0
                                                        SHA-256:A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
                                                        SHA-512:D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\hu\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):683
                                                        Entropy (8bit):4.675370843321512
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJVJiGGVJi+WYpU34Hpo9O+dgMmfgijO8ZpU34Huo9O03OyZnLAOfTYBIAYm:1HEVrk5WYpQzTUg/8ZpwoXOGAOfYIAd
                                                        MD5:85609CF8623582A8376C206556ED2131
                                                        SHA1:1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
                                                        SHA-256:32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
                                                        SHA-512:27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\id\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):604
                                                        Entropy (8bit):4.465685261172395
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJs25bGGs25b+WYpU34ORBHAeSJ+dgkmO8ZpU34s22C/SzFAs03OyZnLAOfTYR:1HEBaA6WYpaHFH8ZptOYOGAOf2D
                                                        MD5:EAB2B946D1232AB98137E760954003AA
                                                        SHA1:60BDC2937905B311D2C9844DF2D639D7AC9F7F67
                                                        SHA-256:C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
                                                        SHA-512:970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\it\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):603
                                                        Entropy (8bit):4.479418964635223
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJsqd/bGGsqd/b+WYpU34OcX4+dgUvIO8ZpU34vq703OyZnLAOfTYsD:1HEXd/aKd/6WYpZrv58ZpskOGAOfzD
                                                        MD5:A328EEF5E841E0C72D3CD7366899C5C8
                                                        SHA1:2851ED658385804E87911643F5A4200B1FB26E13
                                                        SHA-256:CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
                                                        SHA-512:E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ja\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):697
                                                        Entropy (8bit):5.20469020877498
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ07uGG07u+WYpU34DB+dgnsVztO8ZpU34MwiB03OyZnLAOfTYmSH:1HEcnDNWYp1kxU8Zp2wiqOGAOfpSH
                                                        MD5:9B3A5D473C3F2BBFAEECE94A07A940B8
                                                        SHA1:61BACA342CF766BBA15C7B4D892A0E7DAC9405AA
                                                        SHA-256:706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
                                                        SHA-512:94F6FEE9A11BD890AB8211C98D1CC142348961EBCF756F66477A3E3A76519804B70BE0AE4E551739F8AFE32D7ADE6EDE04EF6B9B9EED03E3A857E6058EEDD4C6
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome ........".. },.. "app_name": {.. "message": "Chrome ........".. },.. "craw_app_unavailable": {.. "message": ".................".. },.. "craw_connect_to_network": {.. "message": "................".. },.. "iap_unavailable": {.. "message": ".......................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome ............".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ko\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):631
                                                        Entropy (8bit):5.160315577642469
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ1GG1+WYpU34K3aT+dgh8d0HTO8ZpU34KaNkaT03OyZnLAOfTY/YeHx:1HEajWYpc3aSl0Hq8Zpc6kasOGAOfyYA
                                                        MD5:9F6B4D82A70C74CA751E2EAE70FAB5CF
                                                        SHA1:0534F125FFCE8222277CF2BE3401C59DAF9217F8
                                                        SHA-256:D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
                                                        SHA-512:ED9319830314385D09C06F62EE34186E8CA576C857981205E4468A28B3ACD2AB03384E77B866032C324ABDD97A56EFD08E2D6E0C79D563578B3EC52517819BD8
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome . ... ..".. },.. "app_name": {.. "message": "Chrome . ... ..".. },.. "craw_app_unavailable": {.. "message": ".. .. ... . .....".. },.. "craw_connect_to_network": {.. "message": "..... ......".. },.. "iap_unavailable": {.. "message": ".. .. ... ... . .....".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome. .......".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lt\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):665
                                                        Entropy (8bit):4.66839186029557
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJpqHnkGGpqHnk+WYpU346M+dgV6O8ZpU34WzSWz03OyZnLAOfTYx:1HELqHtKqHPWYpM3A8ZpwGzOGAOfg
                                                        MD5:4CA644F875606986A9898D04BDAE3EA5
                                                        SHA1:722A10569E93975129D67FBDB75B537D9D622AD1
                                                        SHA-256:7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
                                                        SHA-512:E575E3D0622F5BD4B6C0EE79128A1B1F1882195670139D1983F4377D847141B8FB8EBB8BCED82AF3A220ED07D3577AFBE085BADC0E9C7678292B80E3EC5D3444
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "app_name": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "craw_app_unavailable": {.. "message": "Programa .iuo metu negalima.".. },.. "craw_connect_to_network": {.. "message": "Prisijunkite prie tinklo.".. },.. "iap_unavailable": {.. "message": "Mok.jimai programoje .iuo metu negalimi.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prisijunkite prie .Chrome..".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\lv\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):671
                                                        Entropy (8bit):4.631774066483956
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJFhVbGGFhVb+WYpU34wDoz+dgGedBO8ZpU34wF03OyZnLAOfTYGYID:1HENQKkWYp2Doy/em8Zp2WOGAOfRYID
                                                        MD5:C5CE2C51391EAFD3DA9E4C71549A3C28
                                                        SHA1:1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D
                                                        SHA-256:1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
                                                        SHA-512:C85F6281E682F52BC2147DEA7E2F3BB4DC48D98BADA8687B05C6C7271C78EA7F5431CD51671A4184C9AE004FC53C016E3C594697F483195CCBA08A93821EEF70
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "app_name": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "craw_app_unavailable": {.. "message": "Lietotne pagaid.m nav pieejama.".. },.. "craw_connect_to_network": {.. "message": "L.dzu, izveidojiet savienojumu ar t.klu.".. },.. "iap_unavailable": {.. "message": "Maks.jumi lietotn.s pa.laik nav pieejami.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.dzu, pierakstieties p.rl.k. Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nb\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):624
                                                        Entropy (8bit):4.555032032637389
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJhiOGGhiO+WYpU34OHSN+dgFjdGFZO8ZpU34JgdN03OyZnLAOfTYiD:1HEDiHIitWYpCYJ8ZpD1OGAOfRD
                                                        MD5:93C459A23BC6953FF744C35920CD2AF9
                                                        SHA1:162F884972103A08ADB616A7EB3598431A2924C5
                                                        SHA-256:2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
                                                        SHA-512:F76E6E8D8499306883C3EC1E774F7E8BB6B601096DA5A14D17D3E7D5732829542041E42B7350466589291ADCC83FB065FD591B4E20CFCF8EDC586E128ECBFCB5
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Nettmarked-betalinger".. },.. "app_name": {.. "message": "Chrome Nettmarked-betalinger".. },.. "craw_app_unavailable": {.. "message": "Appen er utilgjengelig for .yeblikket.".. },.. "craw_connect_to_network": {.. "message": "Du m. koble til et nettverk.".. },.. "iap_unavailable": {.. "message": "Betaling i app er ikke tilgjengelig for .yeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Du m. logge p. Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\nl\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):615
                                                        Entropy (8bit):4.4715318546237315
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJJQGkbGGJQGkb+WYpU34OQKJT+dgiXUmvFZO8ZpU34g7JT03OyZnLAOfTYMD:1HErxkaqxk6WYptndXI8ZpTOGAOfbD
                                                        MD5:7A8F9D0249C680F64DEC7650A432BD57
                                                        SHA1:53477198AEE389F6580921B4876719B400A23CA1
                                                        SHA-256:92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
                                                        SHA-512:969AB979546A741C0F3EDBEEB21BABA375FA8870D4FB9248CDD4C305736E332E10CAB7B64C5C078E60EC0CD73848101B390BE8F44B89C310058AF4C1CA3C8AA7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Betalingen via Chrome Web Store".. },.. "app_name": {.. "message": "Betalingen via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App momenteel niet beschikbaar.".. },.. "craw_connect_to_network": {.. "message": "Maak verbinding met een netwerk.".. },.. "iap_unavailable": {.. "message": "In-app-betalingen is momenteel niet beschikbaar.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log in bij Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pl\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):636
                                                        Entropy (8bit):4.646901997539488
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJbiVbGGbiVb+WYpU34OBHlBi9+dgQUg6O8ZpU34bdbfiIu03OyZnLAOfTYR5k:1HE5iVauiV6WYpIAYr8ZpxFiaOGAOfIC
                                                        MD5:0E6194126AFCCD1E3098D276A7400175
                                                        SHA1:E8127B905A640B1C46362FA6E1127BE172F4A40F
                                                        SHA-256:E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
                                                        SHA-512:A71F7C7BFBBF1E37E699601AF2E095C56CBA91F90CB7556477DF31D01B83ADFB1271E1775C9BA299FF6875BBFC2B6AB47488CC88E33DEF2F6F2E0E5AC687B777
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "app_name": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplikacja jest obecnie niedost.pna.".. },.. "craw_connect_to_network": {.. "message": "Po..cz si. z sieci..".. },.. "iap_unavailable": {.. "message": "P.atno.ci w ramach aplikacji s. teraz niedost.pne.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Zaloguj si. w Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_BR\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):636
                                                        Entropy (8bit):4.515158874306633
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJsc/bGGsc/b+WYpU34OLw+dgn/KzO8ZpU34FjIBMwGRO03OyZnLAOfTYN+KcY:1HEb/a8/6WYp4mZ8Zp7cKlOGAOf2tD
                                                        MD5:86A2B91FA18B867209024C522ED665D5
                                                        SHA1:63DEC245637818C76655E01FCB6D59784BC7184E
                                                        SHA-256:6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
                                                        SHA-512:DA6DBDE5028756421C2904F605632EE98831A25A1247E6238A931629B94CE8A00FD76F4235F118D2167304BD60F2C06B2AD78E54FF6CE53F8C38DF8C7B5AFCE4
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pagamentos da Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos da Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplicativo indispon.vel no momento.".. },.. "craw_connect_to_network": {.. "message": "Conecte-se a uma rede.".. },.. "iap_unavailable": {.. "message": "No momento, os Pagamentos no aplicativo n.o est.o dispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Fa.a login no Google Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\pt_PT\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):622
                                                        Entropy (8bit):4.526171498622949
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJsZUkbGGsZUkb+WYpU34OAE+dgqxKzO8ZpU34rEpBfvPO03OyZnLAOfTYLD:1HEmUka5Uk6WYpFvdxZ8ZpSTnPlOGAOS
                                                        MD5:750A4800EDB93FBE56495963F9FB3B94
                                                        SHA1:8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61
                                                        SHA-256:C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
                                                        SHA-512:2AEDEF5793406221BE76AF22031CE8C30AB5FAEAED09BB394C153E2EBE990C89C1A2A73B40D8A92842641AFCA8C77FFD808A2058602D3646FD8DAE2844406F24
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pagamentos via Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplica..o atualmente indispon.vel.".. },.. "craw_connect_to_network": {.. "message": "Ligue-se a uma rede.".. },.. "iap_unavailable": {.. "message": "Os Pagamentos na app est.o atualmente indispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicie sess.o no Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ro\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):641
                                                        Entropy (8bit):4.61125938671415
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJqJrJZGGqJrJZ+WYpU344HIx2Z+dgrVPlZO8ZpU34qT7hI3O03OyZnLAOfTYU:1HEC4D8WYpKow8WV68ZpKhoOGAOfoVGD
                                                        MD5:98D43E4B1054A65DF3FA3CC40AB6FB6D
                                                        SHA1:46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2
                                                        SHA-256:113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
                                                        SHA-512:A76DC53912A4F46714926B9EA2B22E909540E447F61F6DD72607AB7B3BB5D4A9B39E525B04C33AEC53BA813D14AC1FB5827275B2524E52B693E83171E1CD1466
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "app_name": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "craw_app_unavailable": {.. "message": ".n prezent, aplica.ia nu este disponibil..".. },.. "craw_connect_to_network": {.. "message": "Conecteaz.-te la o re.ea.".. },.. "iap_unavailable": {.. "message": "Pl..ile .n aplica.ie nu sunt disponibile momentan.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Conecteaz.-te la Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\ru\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):744
                                                        Entropy (8bit):4.918620852166656
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ7OJHZMSl3ZGG7OJHZMSl3Z+WYpU34zWJ2F+dgVtLSv/TO8ZpU347NWjT03On:1HElOJHZMq4uOJHZMq8WYpdWJ/YGHq8m
                                                        MD5:DB2EDF1465946C06BD95C71A1E13AE64
                                                        SHA1:FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811
                                                        SHA-256:FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
                                                        SHA-512:4E0CF00BAEF1757548DEB17BBE1AF55770A0A0F7351779EF55C7DEFA6D112D0227B8865C2C22E0EC62E6E2F1C8E1632A2D0CE6828D25C5ABBF143C990116F632
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "......... ....... ........-........ Chrome".. },.. "app_name": {.. "message": "......... ....... ........-........ Chrome".. },.. "craw_app_unavailable": {.. "message": ".......... ...........".. },.. "craw_connect_to_network": {.. "message": "............ . .....".. },.. "iap_unavailable": {.. "message": "....... ..... .......... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "....... . Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sk\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):647
                                                        Entropy (8bit):4.640777810668463
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJfZGGfZ+WYpU34ORO+dgmmCO8ZpU34yH7u2Z03OyZnLAOfTYCUAi0D:1HEl4G8WYpetPmD8ZpcH7aOGAOfzUeD
                                                        MD5:8DF215D1EFBDABB175CCDD68ED8DCB0A
                                                        SHA1:2B374462137A38589A73FDD00A84CBDC7E50F9F4
                                                        SHA-256:7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
                                                        SHA-512:C0E623343BDAEB4731800D183B59F2FCFE285F0C7153EC99641FD84F2F2DCFE47D21E73F3D28B1240340453C5668EB0AFFBE087AAB62F1C88CD2A40CC44E599D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplik.cia moment.lne nie je dostupn..".. },.. "craw_connect_to_network": {.. "message": "Pripojte sa k sieti.".. },.. "iap_unavailable": {.. "message": "Platby v aplik.cii moment.lne nie s. k dispoz.cii.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prihl.ste sa do prehliada.a Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sl\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):617
                                                        Entropy (8bit):4.5101656584816885
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJGcyvmbZGGGcyvmbZ+WYpU34OBOEtf+dgca1ZO8ZpU34GcQArERff03OyZnLh:1HE4cyY4TcyY8WYpNoWa1w8ZpQcQ6AfK
                                                        MD5:3943FA2A647AECEDFD685408B27139EE
                                                        SHA1:0129DD19D28373359530B3B477FE8A9279DABB7D
                                                        SHA-256:18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
                                                        SHA-512:42E62B3855611FF2E1D39C11404CB1A09825EE4CA6A8ACB3FF538B4574388F549E3BD79137DD4DC128A8DC44DD270D7D878E4AAD20DA8250A5C25297B0DEC09D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "app_name": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenutno ni na voljo.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se z omre.jem.".. },.. "iap_unavailable": {.. "message": "Pla.ila v aplikacijah trenutno niso na voljo.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se v Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sr\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):743
                                                        Entropy (8bit):4.913927107235852
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJssbdOGGssbdO+WYpU347xBP+dgcucO8ZpU34s1muP03OyZnLAOfTYzDYD:1HEKsb59sbTWYplx4Xud8Zpy1mNOGAOv
                                                        MD5:D485DF17F085B6A37125694F85646FD0
                                                        SHA1:24D51D8642CDC6EFD5D8D7A4430232D8CDE25108
                                                        SHA-256:7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
                                                        SHA-512:0DDECFD860E99290B6C3AAA04F510272AE081CF2D93ED5832D9D6378EC9D36177FFBE213471247FB94721EA34A83E7665669200047091D0FDE134E3D763217E7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "....... . Chrome ...-..........".. },.. "app_name": {.. "message": "....... . Chrome ...-..........".. },.. "craw_app_unavailable": {.. "message": ".......... .. ........ ...........".. },.. "craw_connect_to_network": {.. "message": "........ .. .......".. },.. "iap_unavailable": {.. "message": "....... . .......... .. ........ ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "......... .. . Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\sv\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):630
                                                        Entropy (8bit):4.52964089437422
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJJMkbGGJMkb+WYpU34OACwz+dgNPGFZO8ZpU34JgpXLSb03OyZnLAOfTYLdID:1HErMkaqMk6WYpTOcb8ZpDgdZOGAOf8Y
                                                        MD5:D372B8204EB743E16F45C7CBD3CAAF37
                                                        SHA1:C96C57219D292B01016B37DCF82E7C79AD0DD1E8
                                                        SHA-256:B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
                                                        SHA-512:33640529E0D5DCC5CA4BDB0615A2818E8D26C6FCB7B3474C08AC3EB67B9DB40E1F0A79954ED20728CD47A686D2533DCBC76ABCBDB917F8530C8DE8BBA687352E
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Betalning via Chrome Web Store".. },.. "app_name": {.. "message": "Betalning via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Appen .r inte tillg.nglig f.r tillf.llet.".. },.. "craw_connect_to_network": {.. "message": "Anslut till ett n.tverk.".. },.. "iap_unavailable": {.. "message": "Betalning i appen .r inte tillg.ngligt f.r n.rvarande.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logga in i Chrome.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\th\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):945
                                                        Entropy (8bit):4.801079428724355
                                                        Encrypted:false
                                                        SSDEEP:24:1HEKa1dDa1/WYp6UFi72SmlG8ZpyactrW2SAOGAOfvSLD:WK2DNYp6U4y3bpyLxwGFW
                                                        MD5:83E2D1E97791A4B2C5C69926EFB629C9
                                                        SHA1:429600425CB0F196DDD717F940E94DBD8BFF2837
                                                        SHA-256:2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
                                                        SHA-512:60A5928DAA8CB4341487F477C56B5A98B83EDE50E5F4F55A802E01FDDAB86F3E795D391953D3D9214552D14D3F58C5A183693C613720FC12FC387D7B8F9B9AB6
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "............... Chrome .........".. },.. "app_name": {.. "message": "............... Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".............................".. },.. "craw_connect_to_network": {.. "message": ".........................".. },.. "iap_unavailable": {.. "message": "...............................................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "................. Chrome".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\tr\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):631
                                                        Entropy (8bit):4.710869622361971
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ9Y8GG9Y8+WYpU34wWT+dgGb0GO8ZpU34wryd7T03OyZnLAOfTYGbPKG:1HE0jWYpyRnG8Zpyr/OGAOfFPn
                                                        MD5:2CEAE0567B6BB1D240BBAD690A98CA3B
                                                        SHA1:5944346FBD4A0797B13223895995CAB58E9ECD23
                                                        SHA-256:A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
                                                        SHA-512:108A07C6D03D7178E8D0FFEF5349E0249A898D864964FED8757BD8A08BC1C6D9613F2A6C01AA34A6606127D1C6CE14C229FA02586677DBB060B85E3E845950E1
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "app_name": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "craw_app_unavailable": {.. "message": "Uygulama .u anda kullan.lam.yor.".. },.. "craw_connect_to_network": {.. "message": "L.tfen bir a.a ba.lan.n.".. },.. "iap_unavailable": {.. "message": "Uygulama ..i .demeler .u anda kullan.lamaz.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.tfen Chrome'da oturum a..n.".. }..}..

                                                        C:\Users\user\AppData\Local\Temp\scoped_dir2332_751561799\CRX_INSTALL\_locales\uk\messages.json

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:UTF-8 Unicode text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):720
                                                        Entropy (8bit):4.977397623063544
                                                        Encrypted:false
                                                        SSDEEP:12:1HEJ7wILkSlXZGG7wILkSlXZ+WYpU34zb1Oy2P+dgSV1EjiTO8ZpU347qtfP2CTW:1HElwEkK4uwEkK8WYpd/dTV1e8Zptq5S
                                                        MD5:AB0B56120E6B38C42CC3612BE948EF50
                                                        SHA1:8B3F520E5713D9F116D68E71DAEED1F6E8D74629
                                                        SHA-256:68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
                                                        SHA-512:CD852A58217F739C1CD58567FF432D31A7AD3F68C884ABBA1DA95799BCD1545C6A5D3B06F319681C12B78AD0A709828DE4B22736316F148D21F5DB76A5BCCBEF
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:{.. "app_description": {.. "message": "....... ...-........ Chrome".. },.. "app_name": {.. "message": "....... ...-........ Chrome".. },.. "craw_app_unavailable": {.. "message": "........ ......... ...........".. },.. "craw_connect_to_network": {.. "message": "............. .. .......".. },.. "iap_unavailable": {.. "message": "....... ..... ........ ..... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "........ . Chrome.".. }..}..

                                                        Static File Info

                                                        No static file info

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 23, 2022 18:41:39.685610056 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.685666084 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.685790062 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.686067104 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.686100006 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.686184883 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.686592102 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.686616898 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.686878920 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.686903954 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.734813929 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.735187054 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.735217094 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.735953093 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.736030102 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.736840010 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.737169027 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.737217903 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.737556934 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.737631083 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.738325119 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.738425970 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.810008049 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.810244083 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.810627937 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.810883045 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.811145067 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.811163902 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.811470032 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.811494112 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.847345114 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.847430944 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.847450018 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.847496033 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.847541094 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.849215984 CEST49777443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:39.849239111 CEST44349777142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:39.868402958 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.868515015 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.868535042 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.868568897 CEST44349776142.250.184.205192.168.2.6
                                                        May 23, 2022 18:41:39.868626118 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.874562025 CEST49776443192.168.2.6142.250.184.205
                                                        May 23, 2022 18:41:39.874593019 CEST44349776142.250.184.205192.168.2.6

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 23, 2022 18:41:39.415916920 CEST4969553192.168.2.68.8.8.8
                                                        May 23, 2022 18:41:39.421899080 CEST6160753192.168.2.68.8.8.8
                                                        May 23, 2022 18:41:39.433645010 CEST53496958.8.8.8192.168.2.6
                                                        May 23, 2022 18:41:39.440880060 CEST53616078.8.8.8192.168.2.6
                                                        May 23, 2022 18:41:48.703497887 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.729576111 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.730021954 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.755778074 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.755808115 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.755825043 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.755842924 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.756272078 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.758379936 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.784367085 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.784810066 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.810559034 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.811373949 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.821671963 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.821698904 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.821710110 CEST44362644142.250.185.110192.168.2.6
                                                        May 23, 2022 18:41:48.822350025 CEST62644443192.168.2.6142.250.185.110
                                                        May 23, 2022 18:41:48.847640991 CEST62644443192.168.2.6142.250.185.110

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        May 23, 2022 18:41:39.415916920 CEST192.168.2.68.8.8.80x6b35Standard query (0)accounts.google.comA (IP address)IN (0x0001)
                                                        May 23, 2022 18:41:39.421899080 CEST192.168.2.68.8.8.80xa0faStandard query (0)clients2.google.comA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        May 23, 2022 18:41:39.433645010 CEST8.8.8.8192.168.2.60x6b35No error (0)accounts.google.com142.250.184.205A (IP address)IN (0x0001)
                                                        May 23, 2022 18:41:39.440880060 CEST8.8.8.8192.168.2.60xa0faNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                                        May 23, 2022 18:41:39.440880060 CEST8.8.8.8192.168.2.60xa0faNo error (0)clients.l.google.com142.250.185.110A (IP address)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • clients2.google.com
                                                        • accounts.google.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.649777142.250.185.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2022-05-23 16:41:39 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                        Host: clients2.google.com
                                                        Connection: keep-alive
                                                        X-Goog-Update-Interactivity: fg
                                                        X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                                        X-Goog-Update-Updater: chromecrx-85.0.4183.121
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2022-05-23 16:41:39 UTC1INHTTP/1.1 200 OK
                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-e6_nb4BpCkM755TO2NKR-w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 23 May 2022 16:41:39 GMT
                                                        Content-Type: text/xml; charset=UTF-8
                                                        X-Daynum: 5621
                                                        X-Daystart: 34899
                                                        X-Content-Type-Options: nosniff
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-XSS-Protection: 1; mode=block
                                                        Server: GSE
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2022-05-23 16:41:39 UTC2INData Raw: 33 36 64 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 32 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 34 38 39 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                        Data Ascii: 36d<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5621" elapsed_seconds="34899"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                        2022-05-23 16:41:39 UTC2INData Raw: 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70
                                                        Data Ascii: mhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><ap
                                                        2022-05-23 16:41:39 UTC3INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.649776142.250.184.205443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2022-05-23 16:41:39 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                        Host: accounts.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1
                                                        Origin: https://www.google.com
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2022-05-23 16:41:39 UTC1OUTData Raw: 20
                                                        Data Ascii:
                                                        2022-05-23 16:41:39 UTC3INHTTP/1.1 200 OK
                                                        Content-Type: application/json; charset=utf-8
                                                        Access-Control-Allow-Origin: https://www.google.com
                                                        Access-Control-Allow-Credentials: true
                                                        X-Content-Type-Options: nosniff
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 23 May 2022 16:41:39 GMT
                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nlFSt4CDhv2GVT32EyBWgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'nonce-nlFSt4CDhv2GVT32EyBWgA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Server: ESF
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2022-05-23 16:41:39 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                        Data Ascii: 11["gaia.l.a.r",[]]
                                                        2022-05-23 16:41:39 UTC4INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Statistics

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:1
                                                        Start time:18:41:34
                                                        Start date:23/05/2022
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d187249b7de2efd8
                                                        Imagebase:0x7ff6220c0000
                                                        File size:2150896 bytes
                                                        MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low

                                                        General

                                                        Target ID:2
                                                        Start time:18:41:36
                                                        Start date:23/05/2022
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
                                                        Imagebase:0x7ff6220c0000
                                                        File size:2150896 bytes
                                                        MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low

                                                        General

                                                        Target ID:4
                                                        Start time:18:41:40
                                                        Start date:23/05/2022
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,4069944722488659976,14944427691238441646,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4788 /prefetch:8
                                                        Imagebase:0x7ff6220c0000
                                                        File size:2150896 bytes
                                                        MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low

                                                        General

                                                        Target ID:14
                                                        Start time:18:42:56
                                                        Start date:23/05/2022
                                                        Path:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Program Files\Google\Chrome\Application\85.0.4183.121\elevation_service.exe
                                                        Imagebase:0x7ff7f54a0000
                                                        File size:1322992 bytes
                                                        MD5 hash:AFD137B53BA091ACBA569255B16DF837
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low

                                                        General

                                                        Target ID:17
                                                        Start time:18:43:01
                                                        Start date:23/05/2022
                                                        Path:C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6728_1367142130\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=85.0.4183.121 --sessionid={071c9bf8-cee5-4f16-a546-0f1aec4e4f3e} --system
                                                        Imagebase:0xdc0000
                                                        File size:259472 bytes
                                                        MD5 hash:49AC3C96D270702A27B4895E4CE1F42A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 1%, Virustotal, Browse
                                                        • Detection: 0%, Metadefender, Browse
                                                        • Detection: 0%, ReversingLabs
                                                        Reputation:low

                                                        Disassembly

                                                        No disassembly