Edit tour

Windows Analysis Report
PDFpower (1).exe

Overview

General Information

Sample name:	PDFpower (1).exe
Analysis ID:	1487067
MD5:	1e2a99ae43d6365148d412b5dfee0e1c
SHA1:	33c02d70abb2f1f12a79cfd780d875a94e7fe877
SHA256:	e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

.NET source code contains potential unpacker

Contains functionality to log keystrokes (.Net Source)

Installs a global keyboard hook

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected non-DNS traffic on DNS port

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64_ra

PDFpower (1).exe (PID: 7128 cmdline: "C:\Users\user\Desktop\PDFpower (1).exe" MD5: 1E2A99AE43D6365148D412B5DFEE0E1C)

msedge.exe (PID: 3312 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge: MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1956,i,5873230111356377623,7483148975711157175,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7136 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge: MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument microsoft-edge: MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6216 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3316 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6796 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: PDFpower (1).exe

ReversingLabs: Detection: 87%

Source: PDFpower (1).exe

Static PE information: certificate valid

Source: PDFpower (1).exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: z:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: x:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: v:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: t:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: r:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: p:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: n:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: l:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: j:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: h:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: f:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: b:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: y:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: w:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: u:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: s:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: q:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: o:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: m:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: k:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: i:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: g:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: e:
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File opened: c:
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: a:

Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player

Source: global traffic	TCP traffic: 192.168.2.16:61116 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:61116 -> 1.1.1.1:53

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.2
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.96.180.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 23.209.72.28
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.2
Source: unknown	TCP traffic detected without corresponding DNS query: 18.173.219.84

Source: global traffic	DNS traffic detected: DNS query: bl.searchpoweronline.com
Source: global traffic	DNS traffic detected: DNS query: info.searchpoweronline.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 61247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61402
Source: unknown	Network traffic detected: HTTP traffic on port 61258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61404
Source: unknown	Network traffic detected: HTTP traffic on port 61178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61405
Source: unknown	Network traffic detected: HTTP traffic on port 61315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61400
Source: unknown	Network traffic detected: HTTP traffic on port 61145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61401
Source: unknown	Network traffic detected: HTTP traffic on port 61202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61413
Source: unknown	Network traffic detected: HTTP traffic on port 61283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61419
Source: unknown	Network traffic detected: HTTP traffic on port 61213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61410
Source: unknown	Network traffic detected: HTTP traffic on port 61442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61412
Source: unknown	Network traffic detected: HTTP traffic on port 61432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61227
Source: unknown	Network traffic detected: HTTP traffic on port 61210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61229
Source: unknown	Network traffic detected: HTTP traffic on port 61233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61221
Source: unknown	Network traffic detected: HTTP traffic on port 61313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61222
Source: unknown	Network traffic detected: HTTP traffic on port 61256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61224
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61346
Source: unknown	Network traffic detected: HTTP traffic on port 61221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61360
Source: unknown	Network traffic detected: HTTP traffic on port 61158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61237
Source: unknown	Network traffic detected: HTTP traffic on port 61209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61239
Source: unknown	Network traffic detected: HTTP traffic on port 61427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61350
Source: unknown	Network traffic detected: HTTP traffic on port 61182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61234
Source: unknown	Network traffic detected: HTTP traffic on port 61274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61356
Source: unknown	Network traffic detected: HTTP traffic on port 61440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61357
Source: unknown	Network traffic detected: HTTP traffic on port 61335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61250
Source: unknown	Network traffic detected: HTTP traffic on port 61222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61371
Source: unknown	Network traffic detected: HTTP traffic on port 61159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61369
Source: unknown	Network traffic detected: HTTP traffic on port 61393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61120
Source: unknown	Network traffic detected: HTTP traffic on port 61348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61245
Source: unknown	Network traffic detected: HTTP traffic on port 61181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61368
Source: unknown	Network traffic detected: HTTP traffic on port 61405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61380
Source: unknown	Network traffic detected: HTTP traffic on port 61382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61382
Source: unknown	Network traffic detected: HTTP traffic on port 61301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61259
Source: unknown	Network traffic detected: HTTP traffic on port 61337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61253
Source: unknown	Network traffic detected: HTTP traffic on port 61255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61254
Source: unknown	Network traffic detected: HTTP traffic on port 61312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61376
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61257
Source: unknown	Network traffic detected: HTTP traffic on port 61297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61306
Source: unknown	Network traffic detected: HTTP traffic on port 61369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61428
Source: unknown	Network traffic detected: HTTP traffic on port 61208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61429
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61309
Source: unknown	Network traffic detected: HTTP traffic on port 61346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61421
Source: unknown	Network traffic detected: HTTP traffic on port 61160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61423
Source: unknown	Network traffic detected: HTTP traffic on port 61219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61438
Source: unknown	Network traffic detected: HTTP traffic on port 61232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61319
Source: unknown	Network traffic detected: HTTP traffic on port 61314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61310
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61312
Source: unknown	Network traffic detected: HTTP traffic on port 61406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61313
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61434
Source: unknown	Network traffic detected: HTTP traffic on port 61325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61448
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61209
Source: unknown	Network traffic detected: HTTP traffic on port 61231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61440
Source: unknown	Network traffic detected: HTTP traffic on port 61254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61442
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61445
Source: unknown	Network traffic detected: HTTP traffic on port 61336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61336
Source: unknown	Network traffic detected: HTTP traffic on port 61392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61339
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61219
Source: unknown	Network traffic detected: HTTP traffic on port 61347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61450
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61331
Source: unknown	Network traffic detected: HTTP traffic on port 61429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61335
Source: unknown	Network traffic detected: HTTP traffic on port 61379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61192
Source: unknown	Network traffic detected: HTTP traffic on port 61333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61194
Source: unknown	Network traffic detected: HTTP traffic on port 61356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61195
Source: unknown	Network traffic detected: HTTP traffic on port 61196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61187
Source: unknown	Network traffic detected: HTTP traffic on port 61218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61189
Source: unknown	Network traffic detected: HTTP traffic on port 61380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61199
Source: unknown	Network traffic detected: HTTP traffic on port 61253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61393
Source: unknown	Network traffic detected: HTTP traffic on port 61300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61143
Source: unknown	Network traffic detected: HTTP traffic on port 61252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61388
Source: unknown	Network traffic detected: HTTP traffic on port 61403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61281
Source: unknown	Network traffic detected: HTTP traffic on port 61334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61162
Source: unknown	Network traffic detected: HTTP traffic on port 61263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61279
Source: unknown	Network traffic detected: HTTP traffic on port 61278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61159
Source: unknown	Network traffic detected: HTTP traffic on port 61438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61171
Source: unknown	Network traffic detected: HTTP traffic on port 61251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61294
Source: unknown	Network traffic detected: HTTP traffic on port 61415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61165
Source: unknown	Network traffic detected: HTTP traffic on port 61239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61286
Source: unknown	Network traffic detected: HTTP traffic on port 61311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61166
Source: unknown	Network traffic detected: HTTP traffic on port 61185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61180
Source: unknown	Network traffic detected: HTTP traffic on port 61378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61184
Source: unknown	Network traffic detected: HTTP traffic on port 61322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61296
Source: unknown	Network traffic detected: HTTP traffic on port 61217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61179
Source: unknown	Network traffic detected: HTTP traffic on port 61163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61445 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61203 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: PDFpower (1).exe, InterceptKeys.cs

.Net Code: SetHook

Installs a global keyboard hook

Source: C:\Users\user\Desktop\PDFpower (1).exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\PDFpower (1).exe
Source: C:\Users\user\Desktop\PDFpower (1).exe	Windows user hook set: 0 journal playback C:\Users\user\Desktop\PDFpower (1).exe

Source: C:\Users\user\Desktop\PDFpower (1).exe

Window created: window name: CLIPBRDWNDCLASS

Source: classification engine

Classification label: mal48.spyw.evad.winEXE@43/142@23/65

Source: C:\Users\user\Desktop\PDFpower (1).exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows Media

Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_196608_284999
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: NULL
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WindowsMediaStoreMutex
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_196608_284999:x
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:2
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:3
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:4
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:5
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:1
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:10
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:12
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:11
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:6
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:7
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:8
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:9
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}_196608_284999:splk:7128
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\AMResourceMutex3
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:14
Source: C:\Users\user\Desktop\PDFpower (1).exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{fac60cff-1497-4c63-b9a0-cee1849c9f28}:sqlce_se_lck:13

Source: C:\Users\user\Desktop\PDFpower (1).exe

File created: C:\Users\user\AppData\Local\Temp\PdfPowerB2C

Source: PDFpower (1).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PDFpower (1).exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Users\user\Desktop\PDFpower (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: PDFpower (1).exe

ReversingLabs: Detection: 87%

Source: unknown	Process created: C:\Users\user\Desktop\PDFpower (1).exe "C:\Users\user\Desktop\PDFpower (1).exe"
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1956,i,5873230111356377623,7483148975711157175,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument microsoft-edge:
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6216 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1956,i,5873230111356377623,7483148975711157175,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6216 --field-trial-handle=2016,i,710197769248158791,5603070232399475811,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: d3d9.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: winsta.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msctfui.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: dxva2.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: gnsdk_fp.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmvcore.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmasf.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmploc.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: devobj.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mfplat.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: rtworkq.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: audioses.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: windows.ui.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: inputhost.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mlang.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmnetmgr.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msxml3.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msv1_0.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ntlmshared.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: cryptdll.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wdigest.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: quartz.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: evr.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: avrt.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: mfps.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msdmo.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wmpeffects.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msimg32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: policymanager.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: ieframe.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\PDFpower (1).exe	Section loaded: wkscli.dll

Source: C:\Users\user\Desktop\PDFpower (1).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PDFpower (1).exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: PDFpower (1).exe

Static PE information: certificate valid

Source: PDFpower (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PDFpower (1).exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PDFpower (1).exe

Static file information: File size 1086184 > 1048576

Source: PDFpower (1).exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x101e00

Source: PDFpower (1).exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PDFpower (1).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

.NET source code contains potential unpacker

Source: PDFpower (1).exe, EmbeddedAssembly.cs

.Net Code: Load System.Reflection.Assembly.Load(byte[])

Source: PDFpower (1).exe

Static PE information: 0x88D6534C [Wed Oct 1 03:36:44 2042 UTC]

Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\PDFpower (1).exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Users\user\Desktop\PDFpower (1).exe	Memory allocated: 2760000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFpower (1).exe	Memory allocated: 29F0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\PDFpower (1).exe	Memory allocated: 2760000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\PDFpower (1).exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\PDFpower (1).exe

Window / User API: threadDelayed 9838

Source: C:\Users\user\Desktop\PDFpower (1).exe TID: 6244

Thread sleep time: -3689348814741908s >= -30000s

Source: C:\Users\user\Desktop\PDFpower (1).exe

File opened: PhysicalDrive0

Source: C:\Users\user\Desktop\PDFpower (1).exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\Desktop\PDFpower (1).exe	File opened: C:\Users\user\AppData\Local\Microsoft\Media Player

Source: C:\Users\user\Desktop\PDFpower (1).exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\PDFpower (1).exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\PDFpower (1).exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
Source: C:\Users\user\Desktop\PDFpower (1).exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:

Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Users\user\Desktop\PDFpower (1).exe VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\userbri.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\PDFpower (1).exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation

Source: C:\Users\user\Desktop\PDFpower (1).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	1 Masquerading	21 Input Capture	11 Security Software Discovery	Remote Services	21 Input Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Clipboard Data	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	141 Virtualization/Sandbox Evasion	Security Account Manager	141 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	11 Peripheral Device Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	122 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
PDFpower (1).exe	88%	ReversingLabs	ByteCode-MSIL.Browser.MediaArena

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
info.searchpoweronline.com	159.65.254.30	true	false	unknown
sb.scorecardresearch.com	18.239.83.126	true	false	unknown
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	unknown
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	unknown
assets.msn.com	unknown	unknown	false	unknown
bl.searchpoweronline.com	unknown	unknown	false	unknown
c.msn.com	unknown	unknown	false	unknown
ntp.msn.com	unknown	unknown	false	unknown
api.msn.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.158	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.96.180.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
18.239.83.126	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
20.189.173.2	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.146	unknown	European Union	16625	AKAMAI-ASUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
20.93.72.182	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.182	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
52.159.108.190	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.74.129.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.140	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.173.219.84	unknown	United States	3	MIT-GATEWAYSUS	false
2.23.209.3	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
159.65.254.30	info.searchpoweronline.com	United States	14061	DIGITALOCEAN-ASNUS	false
4.209.164.61	unknown	United States	3356	LEVEL3US	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
172.183.192.109	unknown	United States	7018	ATT-INTERNET4US	false
23.59.251.227	unknown	United States	20940	AKAMAI-ASN1EU	false
23.44.203.74	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.181.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.209.72.28	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
2.19.126.152	unknown	European Union	16625	AKAMAI-ASUS	false
204.79.197.203	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.133	unknown	European Union	1273	CWVodafoneGroupPLCEU	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1487067
Start date and time:	2024-08-03 00:30:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	PDFpower (1).exe
Detection:	MAL
Classification:	mal48.spyw.evad.winEXE@43/142@23/65
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.174
Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: PDFpower (1).exe

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\21020377-0ea1-452c-970f-c76919c999aa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640143447740104
Encrypted:	false
SSDEEP:
MD5:	062185B1221C3E3D8EA5384F1820E601
SHA1:	4DDB56939F22F2C236C6364AEF4B257A2F1A2574
SHA-256:	C075280A655672D00BEF5342E455FC3FC41323AB43026A9C89EA811A0F5BAF87
SHA-512:	FCA0E7630ECFBA3231BBF7E9D2F0748E00391C9C6FC5C4DB3646E4500A0589F5A759106D0196A34C1A655A27060682C076FA520300BB4FF0AB0E51A76B263910
Malicious:	false
Reputation:	unknown
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66AD5E9B-FA4.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.464194707803741
Encrypted:	false
SSDEEP:
MD5:	F87616C72A9E31590CC8D51A4CEC5408
SHA1:	1FC8DB62B7418E87E17D9BDB901FD2C4333EF635
SHA-256:	DC0EA518C29285F3BDDD8D0AFD892D868BD7F3ED577148458A776465206540AA
SHA-512:	1B89E6808F9744325215A57B59E83DCE36339B143A22DC646010497E9ED4AB89444D1D494C7695B6BFCE542F91E46F9538826CC297B8B07DEA21425BDE975BDB
Malicious:	false
Reputation:	unknown
Preview:	...@..@...@.....C.].....@...................8...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....u.........117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".vjfuna20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2......................w..U?:K..>.........."....."...2..."..:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....+....W@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggere

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\655ccb06-e318-4fa1-853f-3568a5cb21c9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Reputation:	unknown
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2163821
Entropy (8bit):	5.222870674193662
Encrypted:	false
SSDEEP:
MD5:	647C669DD2C55AC0786F869F050FA19C
SHA1:	6F76594ED6142F8C50A1AC9FB9524E9FC9BA2A7C
SHA-256:	575F2B0E839EEED3DD291F9DD6F9681392BA0965C1E3089700937B4C05E60DE2
SHA-512:	328D16F4A7B8C634E1AAC2E18BC9A9897193E72B97EA2ACD528480454D6EA717068B01CB31E19C02D8180333069CC96733F4DEC640238C122CC7172ED9CBCD20
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1...8.................QUERY_TIMESTAMP:arbitration_priority_list4...13341056840624329.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.093311156289276
Encrypted:	false
SSDEEP:
MD5:	9257FBE6AAC6B46B753D4DA612654FA6
SHA1:	98244FF332BBCB1E762274368D7347A25A8D0426
SHA-256:	6F222184529CC5B93493C6B6E1F1734C4686345C26938E7FD029389F448D373C
SHA-512:	B64C9E27150B1D4502CE159BEEFD4CA27161C5FC01D07CDE4D1B755E905354AF4812CD51FD603F2E1D0EDF64064884ED6C8385D8253E0699B78F12E7127226DA
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:02.427 e7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/08/02-18:33:02.470 e7c Recovering log #3.2024/08/02-18:33:02.640 e7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46269362913565976
Encrypted:	false
SSDEEP:
MD5:	C0F0429A4DA102CF564857167C21E07F
SHA1:	946A89E8E98513EAB01B017664EB58D68C9C9E7D
SHA-256:	682408511472F221D3728622C9CD5A02D2C41878387D64745670E54FCFF019AF
SHA-512:	8AB3618B9F1586B37151CD764B3FD00C90F45C8CAF61D1C0823DF09585A5F7873F9A95A184F610E1B5E44814AA62BDBF72497855F3F0C5CCDE090574FDC09387
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	341
Entropy (8bit):	5.243059917718183
Encrypted:	false
SSDEEP:
MD5:	9283FBDD704C9DD28DAE2593D700B633
SHA1:	4212339FE8E4B2FE28BC95D62798B8A0A8A6D96A
SHA-256:	B574420F5735481D03BCD989537D3AC97EFFFB47C604F2848FD5E9573139364A
SHA-512:	AEDCD25179B2C574617A7C8F60C7D30A94A19246EEA922982A3C7D5CDB6CFC990B63B36D22755CEF2D10F7D60E54371BE80169FBBC6DF29FB193D4B39DD58790
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.716 9ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/08/02-18:32:59.717 9ac Recovering log #3.2024/08/02-18:32:59.717 9ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6121654346290684
Encrypted:	false
SSDEEP:
MD5:	DE102CDBFF376C42E46DBF82E95378DB
SHA1:	1BB006080E5A6E1FCBBD2A327813EA204F1017AD
SHA-256:	FC2FC0E9358ADBA472F18CCC918595F6D6E036C3BE28842394B41AFB06C6BA59
SHA-512:	0F6DFDD6FEF5F5561CCB0DBC3AF1D9E46D608520BA6D7693824D8EB3296184BD035DF6DAEF354DE57AC3E12D7359A84C3577C920D0189E971AD3AAABC025D3C9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	375520
Entropy (8bit):	5.354053639925129
Encrypted:	false
SSDEEP:
MD5:	003C6F615836CD39F74AF44B3315D447
SHA1:	4A27010820927C04064027AD617B2E41BF1D114B
SHA-256:	0313915581AE518246BC930F45B8EBAB71CD70A5B80519EC5BB8400C5D153A24
SHA-512:	8237774F731A978B4813E64169E2608F7E2E5E7493FAD781613E6454AEA338DCF083298C96C161556470D18DB55C2C4B2760CB89B27A891F2C5385AD96D48743
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1.E/fq...............&QUERY_TIMESTAMP:domains_config_gz2...13367111583640429..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.1447972440165115
Encrypted:	false
SSDEEP:
MD5:	6B65689655B0F65C5F4114F5D2FCB407
SHA1:	1777CABD4C2CFB6513EBF751B74BFEB3F4A41596
SHA-256:	3CB7A02DDDE99EFDE5D5F055D3DEB32ADC5154DC30A49BAEECAAE75D4AEF3EC8
SHA-512:	50B67CC3DE0B26E6601565D588E7252DC1197A1AEEE9E43D8C3F313A9D80B2C124D5CF816DCA1298450BD8C6D79302227B1FB6BE354E78A1FA0D58B5D652DAD3
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:02.487 1080 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/08/02-18:33:02.613 1080 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324617191035746
Encrypted:	false
SSDEEP:
MD5:	FDB57F6123E02FC13C7002E3117307A7
SHA1:	1CE38A07E4B822C13425802CD96DCEC10E726AF2
SHA-256:	95C020D8C6A32D88C8858DF27C6E39398F7056FA9381B54BC6760EF2959DFAAD
SHA-512:	A091AB54B132421F030D1CB24C0F01FF55604D0A4CDD14FD82D7AC1A8A7894F35F0D1A0D503CD83C33B500280723666D62B963A2D0B1BA82A556BB56571B8836
Malicious:	false
Reputation:	unknown
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	399
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:
MD5:	A15AC2782BB6B4407D11979316F678FD
SHA1:	B64EAF0810E180D99B83BBA8E366B2E3416C5881
SHA-256:	55F8FA21C3F0D42C973AEDF538F1ADE32563AE4A1E7107C939AB82B4A4D7859A
SHA-512:	370B43C7E434C6CC9328D266C1C9DB327621E2C95AD13D953C4D63457A141FBF2BE0B35072DE96BECC29048224D3646535A149229FC2BA367C7903D3E3E79BDB
Malicious:	false
Reputation:	unknown
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.21681223958227
Encrypted:	false
SSDEEP:
MD5:	710B4994B2E098B80AA018D8AD80AD11
SHA1:	E0D874C08FF9DBF72BDAB18A0B9C48198B4FD771
SHA-256:	B610C0FC9A646D694C30DB956340918E34D808A5A63353D14B10BC46D0A9CD3E
SHA-512:	C8562728FA5DDF230043B020213437B9B7161FFA9A045F629BE19272CD2A76F389445E6FC504328DDCCDB2701542FD84A88881BA2E4B0477E42B233E126B969C
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.717 1458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/08/02-18:32:59.727 1458 Recovering log #3.2024/08/02-18:32:59.727 1458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.22296259451603
Encrypted:	false
SSDEEP:
MD5:	75364C4A5C075CCB2F0B2E0198ABD3F2
SHA1:	AC6D02349B0F420E0866F20425D97402F4349E8A
SHA-256:	05BC399B858E42B152BE9E84B2B22E4BEE3F677DE712C1943D6E66D2C2DFD0C5
SHA-512:	43E10450B89315C2FEBC72B936689E725BB7BB6DB0624F785A68AC5BC56183A890B26AC63FF003814695CEBA0BBC602E347D49CA4089EA7E722BDEBC260CA4B6
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.732 1068 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/08/02-18:32:59.733 1068 Recovering log #3.2024/08/02-18:32:59.734 1068 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1197
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:
MD5:	A2A3B1383E3AAC2430F44FC7BF3E447E
SHA1:	B807210A1205126A107A5FE25F070D2879407AA4
SHA-256:	90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
SHA-512:	396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
Malicious:	false
Reputation:	unknown
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.081894712332035
Encrypted:	false
SSDEEP:
MD5:	C28368B8A82DF0397E1DF6B030C83E48
SHA1:	DED3F8F313110DDCFD6D80AAF38F30A6A0B8CA82
SHA-256:	39CC2FE65E7A94E3242796313BB7DC160FCA184F72E8614CA6D7377E6E345EAA
SHA-512:	04897450855A72AFBD2B6B9686B0F9E80ECC1C0081476FFB867046D968417B11645157D13E6770168FB2B4363E1869BF0AAD1081D073A8520CA3215DD1BE2162
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:00.329 9ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/08/02-18:33:00.330 9ac Recovering log #3.2024/08/02-18:33:00.330 9ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.5486222575645203
Encrypted:	false
SSDEEP:
MD5:	F33D3ABEE607EC6F05016D94EFEE789C
SHA1:	EA2C1777A59BE83263B5D683E7421B36A99B9729
SHA-256:	650D4E3D77D954217844500C7922E55DE10D63F03CE6EF709B64EBC97D45BC22
SHA-512:	20404D7A0C66A953548167CCFFE9E96946271F6E39FC4A9DD61259CE8D8F2DE746E15E9D7B9B6D2FBDF1770A903C54307A006B1508A94360343A169B786BBB28
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.245467858247651
Encrypted:	false
SSDEEP:
MD5:	DF82135255230580605CCC874130E9B5
SHA1:	D760BEC19C53A62C9FEF6E4F5C175449928D63AE
SHA-256:	D213AAD9767D9FA827C82915ED6B0FD6E71F1A6706A81435268F7C6098FDDF5C
SHA-512:	233C897B3A7B514FF6C987D43E485BC6D0C9368283412340BADFDFA806A8AB641BFEE8593FF555D2523459ED667BD2FB12B020F6EAD9F855F750C8C1A6FDC866
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:01.640 d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/08/02-18:33:01.640 d50 Recovering log #3.2024/08/02-18:33:01.641 d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	7502
Entropy (8bit):	5.4495141449331586
Encrypted:	false
SSDEEP:
MD5:	9B88FAA0686F1647A262AAD57E494B43
SHA1:	6F5BB3AC4447AB5D29A749180464C944E48EC0D0
SHA-256:	329CF632ADFEDBF75B12BD00A1FED31FD2257EDA0510C7C4128291B92A09D55C
SHA-512:	448A6793E686311F2C3034D45726CD6C8A657173BC436ACEC4137BD7126A923178CF3353BDCD8586A4BC563FDB68FBC6E2A963DA7F35A35AA52FFFDAC047B7B1
Malicious:	false
Reputation:	unknown
Preview:	.}..G................VERSION.1..META:https://ntp.msn.com...........6.!_https://ntp.msn.com..LastKnownPV..1722637987137.-_https://ntp.msn.com..LastVisuallyReadyMarker..1722637988225.$_https://ntp.msn.com..TSNP1.topsites.0.[{"rid":1,"dataGenerationTime":null,"faviconUrl":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Q6AL.img","domain":"www.office.com","title":"Microsoft 365","tileSource":0,"tileTitleSource":0,"url":"https://www.office.com/","direction":"ltr","adLabelType":"topSiteAdTxtSmall","contextMenuLabel":"More Options","contentViewTelemetryTag":"{\"n\":\"frequent_topsite_tile\",\"d\":\"tsu\",\"c.t\":31,\"ext\":{\"hl\":\"tsn\",\"row\":1,\"col\":1},\"c.hl\":\"tsn\"}","anchorTelemetryTag":"{\"n\":\"frequent_topsite_url\",\"b\":1,\"d\":\"tsu\",\"c.t\":31,\"c.hl\":\"tsn\"}","toggleActionMenuButtonTelemetryTag":"{\"n\":\"frequent_topsite_context_menu\",\"b\":12,\"d\":\"tsu\",\"c.t\":31,\"c.hl\":\"More Options_tsn\"}","promote":false,"pinLabel":"Pin to page","pinActionButtonTele

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.180356489343234
Encrypted:	false
SSDEEP:
MD5:	FFD8846FD799EBC53CCC7636ACE64826
SHA1:	EB85DC3F16B31D90E25601032362D8D6866D1A75
SHA-256:	4410019CE1E25AEE88379A41B66956E5DC5436E0D7B275BA33080AA30B03EAA4
SHA-512:	2133BF0E50E5FC0F3491447727BFB0F9DB405102F2BC7E9B678B1BD872ED33E15A2B3ED65A46583A0A0EEAF0A32E983758FB45CD94DC2B4F91E9E581C9C8A782
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.867 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/08/02-18:32:59.868 1818 Recovering log #3.2024/08/02-18:32:59.872 1818 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	0.340432916254902
Encrypted:	false
SSDEEP:
MD5:	A75E0E9CF4EF55ACF468E352CEF7735D
SHA1:	51B877C87681850B0665D58E9DCBC4328B3A2561
SHA-256:	294AD1194CA41D2CC38D6D49157926620C183B9DC2975F11194198C3DEB3D7A9
SHA-512:	BEDEB4B3EC984EF3CAB57EA9F667CB160541BC8D4F6B172A12BA0A43444CCCD70E5462FE12EB8004E3D8F68A273FC1171E59BCED2E33A4300AB10FCF1520062D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8064287184184841
Encrypted:	false
SSDEEP:
MD5:	D349697D9AD13FAE24B79111B07CED5A
SHA1:	0D544ACA03E95B4DD1DDCFCE182EB043284254EB
SHA-256:	63A380B1BE36C0203D8951ACE00FEC428F7813F3298D7AE9EEE98EC9D0EC160B
SHA-512:	DB565C1C82428061E86164EE0BF6C0EE5675DAEDA1AD6BDF6CEA5BCD596870862A38ADA33714ACF85B4A0BC9C576B064684AD2D22D1430A12C85A4E49F1BA7E5
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Download File

Process:	C:\Users\user\Desktop\PDFpower (1).exe
File Type:	Unicode text, UTF-8 text, with very long lines (16842), with no line terminators
Category:	dropped
Size (bytes):	16844
Entropy (8bit):	5.422925992771888
Encrypted:	false
SSDEEP:
MD5:	E30D1B846D9E04196F090663152F44CD
SHA1:	22CB3B71C323BC79E9266694B20C888DE2145B86
SHA-256:	0A8E6CDB00265FC5B0AEF1BF05D510C6C972AA2F85C7F937772AE520C4826237
SHA-512:	268CAF173D2CAD879DFCF41EA491FB1BB2F4CE28BCD50B107431F694B0C1EC6E271BD512F8B80718E02EBC6D16004773AA6B224C6D0995E145C347BC775583FC
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13367111580128463","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","editor_proofing_languages":{"en":{"Grammar":false,"Spelling":false},"en-GB":{"Grammar":true,"Spelling":true},"en-US":{"Grammar":false,"Spelling":false}},"has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_pa

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37c94.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (16842), with no line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E30D1B846D9E04196F090663152F44CD
SHA1:	22CB3B71C323BC79E9266694B20C888DE2145B86
SHA-256:	0A8E6CDB00265FC5B0AEF1BF05D510C6C972AA2F85C7F937772AE520C4826237
SHA-512:	268CAF173D2CAD879DFCF41EA491FB1BB2F4CE28BCD50B107431F694B0C1EC6E271BD512F8B80718E02EBC6D16004773AA6B224C6D0995E145C347BC775583FC
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13367111580128463","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","editor_proofing_languages":{"en":{"Grammar":false,"Spelling":false},"en-GB":{"Grammar":true,"Spelling":true},"en-US":{"Grammar":false,"Spelling":false}},"has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_pa

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.323098996850684
Encrypted:	false
SSDEEP:
MD5:	8DA62954B0B14642CF287A260418E39B
SHA1:	E82BF98669AE1D73BBD9294D9F454044D5C2622E
SHA-256:	B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
SHA-512:	E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
Malicious:	false
Reputation:	unknown
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	293
Entropy (8bit):	5.139893163363778
Encrypted:	false
SSDEEP:
MD5:	37625C3FB7EDCDE8AF0D9CE567C33173
SHA1:	1978EE5B472E10D98DB4EBB37F634579AC5684F1
SHA-256:	62F8B92FFD18F956D63BB3DC8BAC2CD09B339C58BDD5C58220E6B7C6AEF6D621
SHA-512:	085004A1BDF5BE444574F541810DF005C15A45CEB66667CFE5CD7B6AF2D781BF23F28EDA5687863580FF614117F83B92882F0442A5C31599EBCC38552BC2BB97
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:08.217 be4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/08/02-18:33:08.253 be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	7901
Entropy (8bit):	3.349676926719262
Encrypted:	false
SSDEEP:
MD5:	6E90142CEC58A9E055CCFDCD2439F02D
SHA1:	103871DC03BBD964FC228C0B20DFEBD65AD286A3
SHA-256:	3E7463AA5E57B7EDF00878021CE3E10925279F522DEA07FBC22BA6E19E381C55
SHA-512:	F00A538FB5FE055E2F8AEAD3517A19AD2CCA0CC0CFCE28550FE2E39C5DD2D1FD38BD0D7C39E57EF829368CD4B37F99EDA88429FD655736ECA58A83507EB960E3
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f..................<b................next-map-id.1.Cnamespace-f4b7d3b5_730f_427a_aa1b_7635e89c3ee2-https://ntp.msn.com/.0...s.................map-0-shd_sweeper.:{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.f.o.c.u.s.,.p.r.g.-.s.d.k.p.r.e.l.o.a.d.,.m.m.s.-.s.c.-.s.c._.c.o.n.1.,.a.d.s.-.c.o.n.t.r.o.l.c.b.c.e.l.e.b.,.p.r.g.-.1.s.w.-.s.a.p.r.o.d.i.t.u.n.i.c.,.p.r.g.-.1.s.w.-.s.a.-.u.i.e.m.i.t.l.t.1.,.p.r.g.-.1.s.w.-.s.a.-.g.o.l.d.e.n.-.e.n.-.3.t.4.3.,.p.r.g.-.1.s.w.-.s.a.-.n.r.s.m.v.5.1.,.p.r.g.-.1.s.w.-.u.n.l.d.t.e.l.,.p.r.g.-.1.s.w.-.r.i.v.d.d.r.-.a.n.y.,.p.r.g.-.1.s.w.-.r.i.v.c.o.v.r.d.a.n.y.,.p.r.g.-.f.i.n.-.d.i.a.n.o.m.i.,.i.f.r.a.m.e.f.l.e.x.,.p.r.g.-.a.d.s.p.e.e.k.,.1.s.-.w.i.n.a.u.t.h.s.e.r.v.i.c.e.,.p.r.g.-.1.s.w.-.h.a.l.t.m.m.c.a.l.l.,.p.r.g.-.1.s.w.-.n.o.m.m.c.a.l.l.,.1.s.-.c.g.-.c.g.m.o.d.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.066923962320176
Encrypted:	false
SSDEEP:
MD5:	262588184F33E9B86853CD57D6B3F19B
SHA1:	67BC8586172659B7C0E18946035D8009E201C491
SHA-256:	EEEF630391E257F20024EA93AC9EBBED3C6E23F9C2D246AB213C709B0EFDBC73
SHA-512:	7BF09042AE1C668C94896EA9535FC8EAA20E48175EBC8937710A6534374CDF8A259E8661E690A925C8215628323C596EDD2242AC8B1C983F4A4131C8309EE75E
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:00.105 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/08/02-18:33:00.107 1818 Recovering log #3.2024/08/02-18:33:00.122 1818 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367111582210253

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3319
Entropy (8bit):	3.5423568639434033
Encrypted:	false
SSDEEP:
MD5:	FF84A75012150ABCA7996C870EBF47CF
SHA1:	158F832E96674F223CBE87B8FFAA144051048089
SHA-256:	54326266B3FD7FC3DAB703D8F022AAA1ABBAD8D0F2B3B67A2F84A40060A75245
SHA-512:	2CC587E72C200C897396E04CE0AF71618C2238ACBDCF00D616BAB7BE325253C3BED132F43A4A6CD515642F3F0B165B12227A3E3A9F5294219AA9FC8CF5741A61
Malicious:	false
Reputation:	unknown
Preview:	SNSS.........%.............%......"..%.............%.........%.........%.........%....!....%.................................%..%1..,.....%$...f4b7d3b5_730f_427a_aa1b_7635e89c3ee2.....%.........%....k............%.....%.........................%....................5..0.....%&...{544A81F3-86CF-4601-B565-C8CB2CA3983A}.......%.........%.........................%.............%........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x..................................................... ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8...............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5628125697690755
Encrypted:	false
SSDEEP:
MD5:	B187EC35F8420EBA2A008CC224B61B56
SHA1:	21728B4539988AE0C114A3FFF4254BC597909086
SHA-256:	7CE5A18BFDBF3587D2FE3FCF28A4AAA735A2FBAC9E660A212A6BB7463118FF83
SHA-512:	E2C93144FDBC1E9201DF35DEA59E404AA5B206A5E7F78E18D538A9E593B9B2577D9AD419E5C5150235C3F430EA68639F04EA1D73EE01E12FED091309E06FE31A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.505875388957411
Encrypted:	false
SSDEEP:
MD5:	242D406F7958C957E34BC3CFF73F3CDE
SHA1:	B9DF3431B7C70B25FBAA10D8E1DFF3F3E7B5986A
SHA-256:	2762919B0739186A5C1E0D707A96CFAED392E6E1985AC0B0E1B45B874695E05D
SHA-512:	ABA6740FFBCF3C7D89A873A0B6AC362CA5ABFA995F4B61CF5DE95943ADAA9D2510824C30C7A9FB7F2A91F19845061DD6CD095FABD3E026CC46DD8DD5D68D7D30
Malicious:	false
Reputation:	unknown
Preview:	.On.!................database_metadata.1#A..5............... 806b9ba4c71ee770bde1effc5f33c190.......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.14083195978964
Encrypted:	false
SSDEEP:
MD5:	211507ADCFCA23E073D24217C0FF31C8
SHA1:	0CA6AB45685847EBA6482C5E7226E00C200F1931
SHA-256:	B8566A434CD4A2749872996E7EAF26370B7480DAB490FD115BFBD08B416F148C
SHA-512:	BEC5888A7A0AD8CB4769177100E8BA4F75327EC442888A29AE7FCBF6D80A68A5EBA131E412EE720511A8EC37B6B4FC93DCAE447D46172E935B4E6A4463669071
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.690 9ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/08/02-18:32:59.694 9ac Recovering log #3.2024/08/02-18:32:59.694 9ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.1964014500106295
Encrypted:	false
SSDEEP:
MD5:	00EF014204C7008C016C577F4B9C771A
SHA1:	3E28FE9938FBF32D5971C375369FAE23279E38C7
SHA-256:	DE07CD23C3325F42F1CFF3D262C3EE651364F5C600FF5422BBC779EF6D53B14D
SHA-512:	5706F35506BAC20C2988EB08FD5B12346F62E290DC740F152D944FBFD68A0D0EC6A543B21D350106A6A34105D289FB52E0421668EFF4B7EB670AF50520C0A8BC
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:00.375 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/08/02-18:33:00.377 1818 Recovering log #3.2024/08/02-18:33:00.380 1818 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.256918506409683
Encrypted:	false
SSDEEP:
MD5:	97DDD2B288D216EABBD51C90FC73C9CF
SHA1:	3383EA17EB0EF26616CED7E20F22A12503FCF59B
SHA-256:	13D07265913F395E7D332EE582533AB4A9933A2FD53A2315A5D20C020776F186
SHA-512:	269625850837901A4BFDFC36EF15D425ADD4F6EBC729A476A9F6D79F7826295AB5EB1944787638186675B3DB7C268A7E2ED617FAFE39349A3923D5A7B908BE22
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:16.593 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/02-18:33:16.595 1818 Recovering log #3.2024/08/02-18:33:16.598 1818 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	97DDD2B288D216EABBD51C90FC73C9CF
SHA1:	3383EA17EB0EF26616CED7E20F22A12503FCF59B
SHA-256:	13D07265913F395E7D332EE582533AB4A9933A2FD53A2315A5D20C020776F186
SHA-512:	269625850837901A4BFDFC36EF15D425ADD4F6EBC729A476A9F6D79F7826295AB5EB1944787638186675B3DB7C268A7E2ED617FAFE39349A3923D5A7B908BE22
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:16.593 1818 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/08/02-18:33:16.595 1818 Recovering log #3.2024/08/02-18:33:16.598 1818 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.242016710108058
Encrypted:	false
SSDEEP:
MD5:	865D47617F7CF1859C124A364DC862A7
SHA1:	96DE1EC744FEE473A0AF39D0F316623C91A94755
SHA-256:	DFA2A9BB4F1955A14411A8DDAC33931181966C3913EA73FBFEB7FE8628A96F5E
SHA-512:	DB9596484F1A55F5DD02E99A823F223F254F50A78EFA438D3AD217570C18818B30357F83FF8A6E20EB82CB41D341D7E80F5A43D9B1E4C97FD27838269BEDF60A
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:32:59.764 a44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/08/02-18:32:59.764 a44 Recovering log #3.2024/08/02-18:32:59.765 a44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.264933542141739
Encrypted:	false
SSDEEP:
MD5:	20FF4C334F1AA456F733FCA5291A93A6
SHA1:	4ED9572304CE42B2F97710972DCEF165668B2D49
SHA-256:	EDE40E73549AAD935F15A1F3C8BD1F12FCE8E35A3925F19065A83F8428E24B97
SHA-512:	3F69F72448E5560375DEA2456794417B55BEF6546B7D3999DDB7D8BE99FA208DEA3614B1BC228B4E53674EAF87B1422D186B26689FD8E901FDE2AD9780D788F5
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4657397868656286
Encrypted:	false
SSDEEP:
MD5:	BB2846C676CFFA0171468D58D36A4AF5
SHA1:	BD6DC0D5AA29384AC9B99256B95FE333090D07CC
SHA-256:	30907AAC79FA5EFD797683B95DF46981CCDD9D3298B9AE7B02E90CCF1C75A7D0
SHA-512:	3B330D4621C9C8393E279531F73A554547DD24F59AA32AF03838DA21B2CED1775F53576996A3F34CC3933B982A3056DB3991F2C8899334077DDC3B6245D45C5D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	0.1356778840216246
Encrypted:	false
SSDEEP:
MD5:	25AF2F151912A15386CE4A94C2D5B1BE
SHA1:	C384C0238D04175E93FE69E952D253ABC8C7196F
SHA-256:	8484BE472D2997103E7FA223D9A6386282D568A148110A13E3BE09BE799110C1
SHA-512:	31F3EAFEE37369BFE7FD26B4A0D30B91D96C11FECEC3CEC76D152EF52C5487450AC54B11F20B2BA7913A5F86C58A1448969AB92DBA5851A126E538DF34566460
Malicious:	false
Reputation:	unknown
Preview:	............w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Reputation:	unknown
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.0955842519646914
Encrypted:	false
SSDEEP:
MD5:	5BD05B83A151C892E6F93AC6006600F6
SHA1:	2AB760A82F26CDC573E3C5B6DB58A8EB9E1CFAAE
SHA-256:	C30837C149FE0AA2961B0F20FA9160BA3913140BC7F6DFF026FB808AACE2DF3F
SHA-512:	853B7F6E0704B21CDCFB65E16B0FC87BC7A9EC5FC71B4DAF8F71A3627621496E34E0AB08BDFFB56EC6C8A67257A522E387E3E3FDCD23A0D8159A894F1370A99D
Malicious:	false
Reputation:	unknown
Preview:	..-.............E...........Z..p^..>l_.....X.w...-.............E...........Z..p^..>l_.....X.w.........A...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	284312
Entropy (8bit):	0.8034677644624495
Encrypted:	false
SSDEEP:
MD5:	98598ACDDC01EFF5141415C292719DF1
SHA1:	DF3A2A78F2F8760B8A9A6BD4D3033C58FA732655
SHA-256:	9E7FE25797A49D8204B164267A5A8AD7BFFBCE6CCE6E6CB4B878885128AA64BE
SHA-512:	E1AE773C8E17C7A3D8293B7D71E56235384E804CE3F64DFAFA244CE9AE8384F73AF0D356A36D0A0B94EEACDD9142A94C4B7667353646744580197F3C46E67490
Malicious:	false
Reputation:	unknown
Preview:	7....-..........^..>l_.....q..$.........^..>l_..X....9I4SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	506
Entropy (8bit):	3.5405495712785986
Encrypted:	false
SSDEEP:
MD5:	B63AD06D6A142594496A27356D9FF51A
SHA1:	358C5F42658D858A189C20B010AFB87AB118F131
SHA-256:	DF84236EE90FA4B45170F474502D91DD62A99441B0102B5B8D6EF6EE06337364
SHA-512:	7E827E038B0C85E27945D68EAE2AA4B7FA7BDF9BEDBA28BECC543C045BB0C84E59041229D06C02D71C955BE48D8239CF6FC4A18CF9275DCCEB8471A1160BB4D5
Malicious:	false
Reputation:	unknown
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1?.Q;0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................5a;...............#38_h.......6.Z..W.F........................V.e................V.e................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.177063185176859
Encrypted:	false
SSDEEP:
MD5:	DA6F36109A3976C4838C3A4DD74A7AC8
SHA1:	6638DC699B6C67E929D60437F2B8E2CD40D9F2E3
SHA-256:	E55FCD8D767E33E476129F984531778DC51D9653435E84D2ECEDCC45180B99C1
SHA-512:	47E38B8EC7A1FD5985FB0B16FACE033392B463997BA300777E52900D50A4864337BB1EF817B7CD3D9F5EA22DB905747B1C9DD5374B6E0F993A6B244449411E22
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:00.137 be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/08/02-18:33:00.137 be4 Recovering log #3.2024/08/02-18:33:00.137 be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.0647916882227655
Encrypted:	false
SSDEEP:
MD5:	3BE72D8D40752B3A97028FDB2931FABA
SHA1:	A27EA4726857A948F0A4B074062B674469A9A371
SHA-256:	3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
SHA-512:	8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.163807039237099
Encrypted:	false
SSDEEP:
MD5:	975605E83F5A7E93D378DAEE649AF19B
SHA1:	D14E5203CF4ABB1380E6F08C18F73241CFEA306B
SHA-256:	4230B773707F6D3497F56EB7F31AFD6B79DB81330CEAB81F303C0C968EA25EF9
SHA-512:	8B3188AE0B2DBDB8C755D40FFF2356B1557D55809D5B8678AC2812949C44DF888A0FF5732FA685001575FF4433160B92891B4B46557816EE59701C2AA244202A
Malicious:	false
Reputation:	unknown
Preview:	2024/08/02-18:33:00.125 be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/08/02-18:33:00.127 be4 Recovering log #3.2024/08/02-18:33:00.128 be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Reputation:	unknown
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Download File

Process:	C:\Users\user\Desktop\PDFpower (1).exe
File Type:	data
Category:	modified
Size (bytes):	1048576
Entropy (8bit):	0.959976497485043
Encrypted:	false
SSDEEP:
MD5:	92C506EA4F166EC35BE813BCAE757FBD
SHA1:	4A553D46DE2C9987FFB3F3B3362DE5545630C776
SHA-256:	3593D3D4B5337D87B98FE1FD70B823AF61535372A51A452CA8D1F27E3D49C71B
SHA-512:	2B33DDDCFDF9CDC0C0F7CD6A8B29758C025EBC1D1F8AB186F4EEDFDAED02CFF451E98BFBAF0F4483CA80079B518F535D48C187E177E4AB2BEDC3314B1E866793
Malicious:	false
Reputation:	unknown
Preview:	pgU...............=.....B................ ..........S ..............J...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML

Download File

Process:	C:\Users\user\Desktop\PDFpower (1).exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	53
Entropy (8bit):	4.66869469064966
Encrypted:	false
SSDEEP:
MD5:	A9B5DA9AEC61657B32393D96217165F0
SHA1:	80B5C577155ACD269B450D70F6B2CBED693EDF49
SHA-256:	9F4611369CF65B33D886489B2486FCA7B1E83E0DC998D35B15B3AA4C8478A28D
SHA-512:	0B73B232C03FFD5CE526A1EDE481A57C753D15D9EE39D4247ABFA52819B59FA676C63E30825DAF233E3139038C353DF84D652C4CE2CB71A706DDDBDFE0C70335
Malicious:	false
Reputation:	unknown
Preview:	<document WMSNameSpaceVersion="2.0">....</document>..

C:\Users\user\AppData\Local\Temp\41872047-3187-49c3-aac4-be432ac9a409.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	124473
Entropy (8bit):	7.840730880342464
Encrypted:	false
SSDEEP:
MD5:	C2B21A8D07782A939743010983521D64
SHA1:	7F68AD37C4176B6406528B63E8195915D943DACD
SHA-256:	EF888614ADE61FCFD1DC5007DB582A2C4BFCA13A965A7BE4F2128E789AB496E3
SHA-512:	E1EF9406518274FBC9118F6A729372FE45BF127C676DE2EDF1467DE5F127DFEF0A45973D5D40470492AE1ADDFB41BF2EEEE4F458F363F91F618287208F82DE82
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM..............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX..D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.....(.$....4E:.L.

C:\Users\user\AppData\Local\Temp\5fabde8b-2375-4e8a-8661-8620fcdb6e67.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\PdfPowerB2C\favicon.ico

Download File

Process:	C:\Users\user\Desktop\PDFpower (1).exe
File Type:	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Category:	dropped
Size (bytes):	16958
Entropy (8bit):	2.3344306944259934
Encrypted:	false
SSDEEP:
MD5:	68814A062FD60A524FFC92E3132B924C
SHA1:	F020EAF6AD8732EE4D7E01C83483936E8EB185B6
SHA-256:	49CFC761F6EF30F7FF6276AF7A7093026D8985090200362858E1E77336ED2448
SHA-512:	2B307F7A8E5ED9BC5171ECB8205004A76428D40CFD14C03621EA651D234F84D9CA0CE568C2CEDA462CE7059D767C039623CC6B7ABF1202DBE08F17D0E3E87741
Malicious:	false
Reputation:	unknown
Preview:	......@@.... .(B......(...@......... ......@..................................H..`I...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...I...H..`........................H.. I...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...H.. ............H.. I...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...I...H.. ........J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J...J.

C:\Users\user\AppData\Local\Temp\PdfPowerB2C\installing.gif

Download File

Process:	C:\Users\user\Desktop\PDFpower (1).exe
File Type:	GIF image data, version 89a, 450 x 225
Category:	modified
Size (bytes):	99456
Entropy (8bit):	7.705783030196879
Encrypted:	false
SSDEEP:
MD5:	375DA4DEA8747071B487386DA14B1264
SHA1:	B8F62B2BD173CE6DE9567D8AD1820A4EE96F3649
SHA-256:	B891A5DFE676B829D5A1B68063765EFE3B7CA842D69315EB25DD97F47A02080A
SHA-512:	025700A894B7BC7C332BF79C9E9545F60FB10C8E424EB19E6BE7FE2FD3FDAD035FAF5696D42D5DC15980EEA8F5F2D2DD8B5C5967AFF9DDF07BEDCD7400F2339B
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.......2W......................He..........Up.......O.......P..../P.0S.0T....;Z.\|..o..b{.........c{....}..p..2W.0U.7a...........Q.;e.2X.H..;h.d..5^.N..Bw.g..k..>p.^..I..?q.Z..c..h..i..V..j..X..`..9f.W..F..6_.S..8d.\..3Z.b..Au.P..M..j..j..g..<l.P..D{.7b.J..`..4[.a..j..=n.f..K..T..^..]..Q..L..G..g..T..[..V..[..4].e..f..Y..E\|.e..@s.Cz.i..8e.5^.;j.j..G..E~.:g.:h.M..O..f..D\|....9g.=m.UOOU..XSTJz.I..Hw.QNNOIIICCV..F??@;;Fs.JDD<<E@99?88>:;;44;7=922<55.((Gu.%")#1["..%!"(@~..%..!mjkjghzvvgbbd^^a^_....................................-O...................,&&:33Ef.!..ZWX...............................................................................................................................................................................................................!..NETSCAPE2.0.....!.'GIF resized on https://ezgif.com/resize.!.....(.,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x.

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.401265096952921
Encrypted:	false
SSDEEP:
MD5:	592C4C89795469C1D7B149DA9DCF50D2
SHA1:	1B14133CB2D49AF260E93FB31054FF714BDE2538
SHA-256:	5295E578DB26D40A5D362A79DB38BF13B9F3F8952875BC3F14946EE712E9AA97
SHA-512:	D7E0A0C8CAA473293CD2BBAE52A389DE67686269DE872DAEF1761A5DB36D80A778D5A9CC4912FE0744D6A1ECAD3FBA7E352ADF76D0B1098720CE1B572C058F2D
Malicious:	false
Reputation:	unknown
Preview:	{"logTime": "1006/090722", "correlationVector":"rmkayOhJfEabcRCB2/Bp31","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"jqHPV/yTVN5KYgOfDN/5Rr","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"25C1A0EE3BD244A1BB83CF2641B12F1A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093120", "correlationVector":"a/GaihlkzouX6tpAQ3civy","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093121", "correlationVector":"2831F27CA5B645488E2DF2452C16A59E","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093243", "correlationVector":"7DhT8FK3VbHYWFgub0ZtsN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093243", "correlationVector":"83EFC8979E1A419495133BAFAFA5A23F","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093745", "correlationVector":"Bxyvid0fodNJ7Wehc/BC7P","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093746", "correlationVector":"B1516CBB

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Reputation:	unknown
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.631887382471946
Encrypted:	false
SSDEEP:
MD5:	1F565FB1C549B18AF8BBFED8DECD5D94
SHA1:	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
SHA-256:	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
SHA-512:	A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1880
Entropy (8bit):	4.295185867329351
Encrypted:	false
SSDEEP:
MD5:	8E16966E815C3C274EEB8492B1EA6648
SHA1:	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
SHA-256:	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
SHA-512:	85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.754230909218899
Encrypted:	false
SSDEEP:
MD5:	BE5DB35513DDEF454CE3502B6418B9B4
SHA1:	C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
SHA-256:	C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
SHA-512:	38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Reputation:	unknown
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417689528134667
Encrypted:	false
SSDEEP:
MD5:	10FF8E5B674311683D27CE1879384954
SHA1:	9C269C14E067BB86642EB9F4816D75CF1B9B9158
SHA-256:	17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
SHA-512:	4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
Malicious:	false
Reputation:	unknown
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	95567
Entropy (8bit):	5.4016395763198135
Encrypted:	false
SSDEEP:
MD5:	09AF2D8CFA8BF1078101DA78D09C4174
SHA1:	F2369551E2CDD86258062BEB0729EE4D93FCA050
SHA-256:	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
SHA-512:	F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
Malicious:	false
Reputation:	unknown
Preview:	'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Reputation:	unknown
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir4004_149840109\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	103988
Entropy (8bit):	5.389407461078688
Encrypted:	false
SSDEEP:
MD5:	EA946F110850F17E637B15CF22B82837
SHA1:	8D27C963E76E3D2F5B8634EE66706F95F000FCAF
SHA-256:	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
SHA-512:	5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
Malicious:	false
Reputation:	unknown
Preview:	'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,g

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.358494437118315
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.98% Win32 Executable (generic) a (10002005/4) 49.93% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	PDFpower (1).exe
File size:	1'086'184 bytes
MD5:	1e2a99ae43d6365148d412b5dfee0e1c
SHA1:	33c02d70abb2f1f12a79cfd780d875a94e7fe877
SHA256:	e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6
SHA512:	d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c
SSDEEP:	24576:sWjYtbXSRxqO8m657w6ZBLmkitKqBCjC0PDgM5A6:sW8tbiJVV1BCjB
TLSH:	9C355A0E2FEB4AD6D1AE1735A830DA3756F1BC076D6ED78E9444B0A81C737608E90367
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...LS............"...0......L......^<... ...@....@.. ..............................:.....`................................

File Icon


Icon Hash:	01e4c8e9398ca645

Static PE Info

General

Entrypoint:	0x503c5e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x88D6534C [Wed Oct 1 03:36:44 2042 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	04/03/2021 10:42:38 04/03/2024 10:42:38
Subject Chain	E=admin@mytechmedia.net, CN=MY TECH MEDIA LTD, O=MY TECH MEDIA LTD, STREET=11 Hamanofim, L=Herzliya, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516185493, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	6EF32671623C667E71C63D952BFF670B
Thumbprint SHA-1:	980DAFCE13748BBD1D2A2EF29C153E6B44FE5AFF
Thumbprint SHA-256:	2936D7FCE10515B2AA0A130616D58982B2B4CB85C39A60B10913B4C48449DC5F
Serial:	182C66D4CE18C4EC682E71DD

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
push ebp
mov ebp, esp
push edi
mov edi, dword ptr [ebp+10h]
push 00000001h
pop eax
push ebx
cpuid
mov dword ptr [edi], eax
mov dword ptr [edi+04h], edx
pop ebx
pop edi
mov esp, ebp
pop ebp
retn 0010h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push ebx
dec eax
mov eax, 00000001h
cpuid
inc ecx
mov dword ptr [eax], eax
inc ecx
mov dword ptr [eax+04h], edx
pop ebx
ret
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax-1BFBF6FCh], dh
add al, 09h
add al, 00h
add byte ptr [ecx], cl
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x103c0b	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x104000	0x4880	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x106c00	0x26e8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x103b8c	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x101cac	0x101e00	90e0818fea7da754bff69331c5203b61	False	0.45166039293504606	data	6.370832696085096	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x104000	0x4880	0x4a00	ba3ffe29ff46b385a11dcf1696c061d0	False	0.08620143581081081	data	2.672452859715734	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10a000	0xc	0x200	52e2fc34c7f1733c974b2359f4cf6102	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x104100	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/m	0.05343646669815777
RT_GROUP_ICON	0x108338	0x14	data	1.1
RT_VERSION	0x10835c	0x324	data	0.4291044776119403
RT_MANIFEST	0x108690	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PDFpower (1).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\21020377-0ea1-452c-970f-c76919c999aa.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66AD5E9B-FA4.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\655ccb06-e318-4fa1-853f-3568a5cb21c9.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37c94.TMP (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367111582210253

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Windows Analysis Report
PDFpower (1).exe