Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HP Service File Loader.exe

Overview

General Information

Sample name:HP Service File Loader.exe
Analysis ID:1530149
MD5:3861c6c41df7d15d33bdd19fc717f763
SHA1:6489e0cee36472514cbe6510b69478440cf39945
SHA256:b6c4c0fcd614dfca1a6a7e61a633196d0e55b5a9ecbb3cbfd57e7de03198670c

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

.NET source code contains potential unpacker
Uses ipconfig to lookup or modify the Windows network settings
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • HP Service File Loader.exe (PID: 6420 cmdline: "C:\Users\user\Desktop\HP Service File Loader.exe" MD5: 3861C6C41DF7D15D33BDD19FC717F763)
  • msedge.exe (PID: 7080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.bing.com/search?q=what's%20my%20ip%20address%20site:microsoft.com&form=B00032&ocid=SettingsHAQ-BingIA&mkt=en-GB MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4812 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3936 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6628 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 532 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cmd.exe (PID: 5636 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ipconfig.exe (PID: 6224 cmdline: ipconfig MD5: 62F170FB07FDBB79CEB7147101406EB8)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: HP Service File Loader.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.87.254:443 -> 192.168.2.16:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.254:443 -> 192.168.2.16:49830 version: TLS 1.2
Source: HP Service File Loader.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.181
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 150.171.87.254:443 -> 192.168.2.16:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.254:443 -> 192.168.2.16:49830 version: TLS 1.2
Source: HP Service File Loader.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: HP Service File Loader.exe, Main.csSuspicious method names: .Main.SendPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.ParseCSVToXMLPayload
Source: HP Service File Loader.exe, Falcon.csSuspicious method names: .Falcon.SendCSVPayload
Source: classification engineClassification label: mal48.evad.winEXE@59/182@13/149
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6706B7A2-1BA8.pma
Source: C:\Users\user\Desktop\HP Service File Loader.exeMutant created: NULL
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\3d0c7d75-c7b0-4137-ad24-064a04e32800.tmp
Source: HP Service File Loader.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: HP Service File Loader.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\HP Service File Loader.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\HP Service File Loader.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\HP Service File Loader.exeFile read: C:\Users\user\Desktop\HP Service File Loader.exe
Source: unknownProcess created: C:\Users\user\Desktop\HP Service File Loader.exe "C:\Users\user\Desktop\HP Service File Loader.exe"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.bing.com/search?q=what's%20my%20ip%20address%20site:microsoft.com&form=B00032&ocid=SettingsHAQ-BingIA&mkt=en-GB
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6628 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6628 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2076,i,7840180493135495386,15043824578129998997,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dui70.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: duser.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: thumbcache.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: policymanager.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: d3d11.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dcomp.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dxgi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: msftedit.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windows.globalization.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: bcp47mrm.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: globinputhost.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: assignedaccessruntime.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: xmllite.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: structuredquery.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: atlthunk.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: windows.storage.search.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: iconcodecservice.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: twinapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: cscapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: actxprxy.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: networkexplorer.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: rasapi32.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: rasman.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: rtutils.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeSection loaded: schannel.dll
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dll
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\HP Service File Loader.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}\InProcServer32
Source: C:\Users\user\Desktop\HP Service File Loader.exeFile opened: C:\Windows\SysWOW64\MsftEdit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\HP Service File Loader.exeWindow detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\HP Service File Loader.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: HP Service File Loader.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: HP Service File Loader.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: HP Service File Loader.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: HP Service File Loader.exe, Program.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])

Persistence and Installation Behavior

barindex
Uses ipconfig to lookup or modify the Windows network settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\HP Service File Loader.exeMemory allocated: 2390000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\HP Service File Loader.exeMemory allocated: 25D0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\HP Service File Loader.exeMemory allocated: 23E0000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 600000
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599872
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599760
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599648
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599534
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599408
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599281
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599169
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599057
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598946
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598834
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598707
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598579
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598467
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598355
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598243
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598131
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598004
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597876
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597732
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597620
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597508
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597396
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597268
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597124
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597012
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596900
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596788
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596677
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596549
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596422
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596310
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596185
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596073
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595961
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595849
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595722
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595594
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595467
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595355
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595244
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595132
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595020
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594893
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594765
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594653
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594541
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594429
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594317
Source: C:\Users\user\Desktop\HP Service File Loader.exeWindow / User API: threadDelayed 9768
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -11990383647911201s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599872s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599760s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599648s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599534s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599408s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599281s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599169s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -599057s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598946s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598834s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598707s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598579s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598467s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598355s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598243s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598131s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -598004s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597876s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597732s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597620s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597508s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597396s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597268s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597124s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -597012s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596900s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596788s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596677s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596549s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596422s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596310s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596185s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -596073s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595961s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595849s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595722s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595594s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595467s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595355s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595244s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595132s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -595020s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594893s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594765s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594653s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594541s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594429s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exe TID: 7468Thread sleep time: -594317s >= -30000s
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 600000
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599872
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599760
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599648
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599534
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599408
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599281
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599169
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 599057
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598946
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598834
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598707
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598579
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598467
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598355
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598243
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598131
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 598004
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597876
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597732
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597620
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597508
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597396
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597268
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597124
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 597012
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596900
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596788
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596677
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596549
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596422
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596310
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596185
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 596073
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595961
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595849
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595722
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595594
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595467
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595355
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595244
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595132
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 595020
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594893
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594765
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594653
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594541
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594429
Source: C:\Users\user\Desktop\HP Service File Loader.exeThread delayed: delay time: 594317
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\Desktop\HP Service File Loader.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\HP Service File Loader.exeMemory allocated: page read and write | page guard
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Users\user\Desktop\HP Service File Loader.exe VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\HP Service File Loader.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping31
Virtualization/Sandbox Evasion		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		unknown
    s-part-0044.t-0009.fb-t-msedge.net
    		13.107.253.72
    		truefalse
      		unknown
      googlehosted.l.googleusercontent.com
      		142.250.186.33
      		truefalse
        		unknown
        sni1gl.wpc.nucdn.net
        		152.199.21.175
        		truefalse
          		unknown
          clients2.googleusercontent.com
          		unknown
          		unknownfalse
            		unknown
            bzib.nelreports.net
            		unknown
            		unknownfalse
              		unknown
              login.microsoftonline.com
              		unknown
              		unknownfalse
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                13.107.6.158
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                13.107.246.40
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                13.107.21.200
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                152.195.19.97
                		unknownUnited States
                		15133EDGECASTUSfalse
                23.51.57.215
                		unknownUnited States
                		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                20.190.159.64
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                162.159.61.3
                		chrome.cloudflare-dns.comUnited States
                		13335CLOUDFLARENETUSfalse
                2.23.209.181
                		unknownEuropean Union
                		1273CWVodafoneGroupPLCEUfalse
                23.203.106.28
                		unknownUnited States
                		16625AKAMAI-ASUSfalse
                204.79.197.239
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                142.250.186.33
                		googlehosted.l.googleusercontent.comUnited States
                		15169GOOGLEUSfalse
                172.64.41.3
                		unknownUnited States
                		13335CLOUDFLARENETUSfalse
                40.126.24.81
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                13.107.5.80
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                13.107.21.239
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                131.253.33.239
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                13.107.42.16
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                142.250.185.238
                		unknownUnited States
                		15169GOOGLEUSfalse
                13.107.253.72
                		s-part-0044.t-0009.fb-t-msedge.netUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                23.44.201.6
                		unknownUnited States
                		20940AKAMAI-ASN1EUfalse
                2.19.126.152
                		unknownEuropean Union
                		16625AKAMAI-ASUSfalse
                2.23.209.135
                		unknownEuropean Union
                		1273CWVodafoneGroupPLCEUfalse
                2.23.209.154
                		unknownEuropean Union
                		1273CWVodafoneGroupPLCEUfalse

                Private

                IP
                192.168.2.16
                10.95.102.18

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1530149
                Start date and time:2024-10-09 19:03:01 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:27
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:HP Service File Loader.exe
                Detection:MAL
                Classification:mal48.evad.winEXE@59/182@13/149
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 13.107.42.16, 13.107.21.239, 204.79.197.239, 13.107.6.158, 142.250.185.238, 2.19.126.152, 2.19.126.145, 2.23.209.154, 2.23.209.141, 2.23.209.150, 2.23.209.140, 2.23.209.133, 2.23.209.144, 2.23.209.185, 2.23.209.135, 2.23.209.149, 2.23.209.177, 2.23.209.158, 2.23.209.176, 2.23.209.130, 20.190.159.64, 20.190.159.68, 40.126.31.73, 20.190.159.75, 40.126.31.71, 20.190.159.0, 20.190.159.73, 40.126.31.67, 20.190.160.22, 40.126.32.68, 40.126.32.138, 20.190.160.14, 40.126.32.74, 20.190.160.20, 40.126.32.140, 40.126.32.76
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Report size getting too big, too many NtWriteVirtualMemory calls found.
                • VT rate limit hit for: HP Service File Loader.exe

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\868668d4-5076-4547-aa10-7083bae4ca1c.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):48622
                Entropy (8bit):6.096182470496399
                Encrypted:false
                SSDEEP:
                MD5:437BAFCDF4D371E34D2B47B10326F253
                SHA1:12BED42FB1E131AEBCCE715999C84E575AF6CDDD
                SHA-256:FB80C2F78009721F6BEC64471ADB675C16BA37E787A04771B4EA6C0A8D0E451C
                SHA-512:C9B96F6BD30CA1098E176023AD73763016C37E2CBCE2529C366A143CF971D5C90B12A05044F818C10F791E2C278819B65B8228D00DD83FBD5A7619C9DD1EFE79
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\5cadbb4c-c0e2-4ee4-84da-b6d1851fa649.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):107893
                Entropy (8bit):4.64014964807635
                Encrypted:false
                SSDEEP:
                MD5:ABF3C4A6DB1FCB56F7A08A42AEA60A58
                SHA1:85C283111DA29877F23AEBF16AE434428D77DA1E
                SHA-256:894CCE30403A4B11FBC8E33C99984470133B850B761131927248D91B110B7E47
                SHA-512:4DE398C58F80C992A99F33041DD214B0093BFD95C038BE2EA70709ACD186A859429AC8F200A6935B2757095D5210E51600DA4206EF4054DDEB4BC71FEF48D9CE
                Malicious:false
                Reputation:unknown
                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:ABF3C4A6DB1FCB56F7A08A42AEA60A58
                SHA1:85C283111DA29877F23AEBF16AE434428D77DA1E
                SHA-256:894CCE30403A4B11FBC8E33C99984470133B850B761131927248D91B110B7E47
                SHA-512:4DE398C58F80C992A99F33041DD214B0093BFD95C038BE2EA70709ACD186A859429AC8F200A6935B2757095D5210E51600DA4206EF4054DDEB4BC71FEF48D9CE
                Malicious:false
                Reputation:unknown
                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6706B7A2-1BA8.pma

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):4194304
                Entropy (8bit):0.541414265215633
                Encrypted:false
                SSDEEP:
                MD5:C31B09DAFBFF12DCF14DD1EFCEE2B52B
                SHA1:BF1DF08A0F269A8860127A307FF1A32A2CC13B43
                SHA-256:0EC1F7480BA97299ED114F017B922BA8EB6B704F1DBEC397993967878F449AD6
                SHA-512:F39C8CB0F3A5CA503CB14A48B019C15830506B8EB0F7D3EBB98069F3CA286BC10A3C9B02D60F03AA284B00B82EF10814E4817F2800D92D2D47E5A429A799D5EC
                Malicious:false
                Reputation:unknown
                Preview:...@..@...@.....C.].....@............... ....t..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".mknkrj20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J....s..^o..J...W..^o..J.....1.^o..J.......^o..J../T...^o..J....zS.^o..J.....p.^o..J..7J!l.^o..J..~|[..^o..J...t...^o..J.......^o..J...Y...^o..J.......^o..J..w....^o..J...G.Y.^o..J..h....^o..J..A....^o..J..&.t..^o..J...c=..^o..J....J..^o..J...h8..^o..J..3.(..^o..J.......^o..J.......^o..J.....-.^o..J.....z.^o..J.......^o..J...b.J.^o..J..G....^o..J..8...^o..J...#...^o..J...T..^o.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):280
                Entropy (8bit):4.182630182615968
                Encrypted:false
                SSDEEP:
                MD5:C760E0B69978E63840B03457CF1CE24B
                SHA1:50285CF1679E38D336A8D4F7770AD6D9A82A4848
                SHA-256:17899E4ABA7B20EE2C8055BDC88D7B28E1E51453C39CA0590E086A5E63E94256
                SHA-512:7052961D214DB49C4020EFD09A8D2ADCE974CC99614A08757A9D1717667E86802E416FE85582DCB8FACEC5224C55D269FD3D595BF64B289FAC516830021AB747
                Malicious:false
                Reputation:unknown
                Preview:sdPC......................z....K..s...x."1SCRpGKHAwpF5kOwXUUSc/ojBrTkNG2SgkvqW1WE7kI="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7dc5f755-0f90-4102-bc8e-37d02917bdc7............

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\862c6f56-8462-4fe1-ac30-8f0387ce322d.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):39677
                Entropy (8bit):5.5622890711326844
                Encrypted:false
                SSDEEP:
                MD5:279BB265F159BBCD1AC9F16C9497D7D2
                SHA1:1240C3BF39711E9C9FAA74AF7A888A8A111D7968
                SHA-256:6B06DDC808AC16B6E00708B36A8D5B80548361C4444671C02822B9DE45F0D26F
                SHA-512:2AC9A720C35F514694F7434083AD7BF34E093C22708EA58F15F33D54F7F24E0EE8360DD634EB0EE957D7191A51920F3C0934C25BDDC638624C276DBD1389A8EE
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\90078838-e317-47c7-9b0b-2c9daf6d690c.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):39660
                Entropy (8bit):5.56249666928633
                Encrypted:false
                SSDEEP:
                MD5:8CE34CF9CDA7977A1D85E8E0574F24F3
                SHA1:F7B0CF5D8F062340BD750C7CBA1833C511B8386F
                SHA-256:1040AC0545AA492F9223EEF53CDE0CA5557AEB98B727BBACF30EBA75E67F2719
                SHA-512:393ECE46C85B67399BEF6C9AA2EE46500921B63BE274ED3658DDC9D651301A59E4263773B4745A2668F13693AECFE3A3F6F68B8BC07D7B74A05B0373412E34D4
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9a918bbe-972f-4e6f-96c7-fff7f6840609.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):37816
                Entropy (8bit):5.556158210521831
                Encrypted:false
                SSDEEP:
                MD5:61476559E58457780B6F56FA98877B71
                SHA1:7D1DAEFC0B0923AC7D5FC7687B05992D7B601C59
                SHA-256:F761D97F0FAA040E97BDC5615E6A2809CD87FAD0BB196680B776B39F26CF7AAE
                SHA-512:B6BE6853FD89BCD8A3E905558B197B8193D7D2B375C6DFAB388447DD65E91FE4105A6372B8F23146577512E3D59DE2D4B4FDF2C063AD0BE47C7836F243D1CC8C
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:modified
                Size (bytes):2163821
                Entropy (8bit):5.222885803387394
                Encrypted:false
                SSDEEP:
                MD5:2664DA96F0BC4395C30DC776FF5CCA6D
                SHA1:43053ACB7246A968D2A5157909377C857BED8AB8
                SHA-256:B85E42F0F284E3C838B1CF1845C13420E3F1FE6F18B69892C872E2C99A5319EE
                SHA-512:7ABE9566B49DFC88E8DC1950FBF41BBE5BAECE8EFC13388212E98C7011AB1459033B446294C2E6E6CCDC1A7F4C7E3A322C137C158D5CEF6DFA31547B123132C1
                Malicious:false
                Reputation:unknown
                Preview:...m.................DB_VERSION.1...8.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13341056840624329.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):332
                Entropy (8bit):5.12639730539049
                Encrypted:false
                SSDEEP:
                MD5:9D5241E610E5AEE1EAEFCD9F11BE99F5
                SHA1:9C1A62DC3409BB7B73F90E4CBF55EF463656907D
                SHA-256:DB74391A11B3D783949B80986E177BB7518AD8C2BB23FFB4B3C26441E20B8173
                SHA-512:88E28E805005452D6E803B35A1D13CC26A567D2A205B0D798CD53A91072A0977D6D6B1848168CDD0EBEF508D5FBC895A697B555BB653D4A0206237FAB555179A
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:38.392 141c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/10/09-13:04:38.396 141c Recovering log #3.2024/10/09-13:04:38.689 141c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):0.46403117884904843
                Encrypted:false
                SSDEEP:
                MD5:43B58C912AD2C3B797A7EBF4798D07D3
                SHA1:E9737CCBBEAA6FB05411BDD260E72937F834892E
                SHA-256:27CEA6AAC86337A69939DC9220B09C9A1C4900CEA9B9D2B2F00C86994A96E1DA
                SHA-512:B65716D6D53A2FEAC440DBEE5BB36B341F800E4D884F9FDD32103D800E366CA4F48D526ED629542E6BD21E1C76388B51487EE496FFA0FA777A14D3FD1AA6F24B
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                Category:dropped
                Size (bytes):10240
                Entropy (8bit):0.8708334089814068
                Encrypted:false
                SSDEEP:
                MD5:92F9F7F28AB4823C874D79EDF2F582DE
                SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                Category:dropped
                Size (bytes):8192
                Entropy (8bit):0.01057775872642915
                Encrypted:false
                SSDEEP:
                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                Malicious:false
                Reputation:unknown
                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.001802026882503809
                Encrypted:false
                SSDEEP:
                MD5:4BE3207E2AFB8C9843E5C7A0EF40B3A8
                SHA1:AC91F4812B71DF6472AF03C0A16562107C244A88
                SHA-256:3939F355CE2DACF82D5529CD9CF6B3ABD9F5CC49A4D7FA28B1F7A7B4BDDAE6EE
                SHA-512:8D04ADC54F989F142AA6848F5F7C65697711F64A358A9A05CE35BE7C59A8B349A614522F4E5813B041475A7A3A1E076B2DB9943F14F0255DE1213DB5A7F40A87
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):8192
                Entropy (8bit):0.011852361981932763
                Encrypted:false
                SSDEEP:
                MD5:0962291D6D367570BEE5454721C17E11
                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):8192
                Entropy (8bit):0.012340643231932763
                Encrypted:false
                SSDEEP:
                MD5:41876349CB12D6DB992F1309F22DF3F0
                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                Category:dropped
                Size (bytes):262512
                Entropy (8bit):9.553120663130604E-4
                Encrypted:false
                SSDEEP:
                MD5:664DC758B413B5958914002E6D7F0372
                SHA1:C5047E3F65E51B628D5B112A12E1537CB867CC26
                SHA-256:1345CDC8CA376409BCAD75A611684DCDC7524DF88D11F9826C89A80F290D788E
                SHA-512:6BE261CC649EBC1EB98E023D03DFB7F988425A3495C3FD004154EFF64049BB40EDE19BC885D5584BD762BE23072D7BE8D73451DD9BADD219E6ADD1D7894DD2EC
                Malicious:false
                Reputation:unknown
                Preview:........................................K..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):341
                Entropy (8bit):5.22168320729614
                Encrypted:false
                SSDEEP:
                MD5:C6BD5FF08CCF8123121EF50415DFC5F8
                SHA1:02DCB70CAF26D2994C7A1C490CACDF640A0A0E51
                SHA-256:F4CF83F96DA305FED5E9A55FB93A356CB7A672D6CD63B20282FBB24CD086135D
                SHA-512:4A2C2138188C0148D2DE7BD4D903C6E0D6CF1595EB2A5A8B03ABEA75AA99A4BFF222A246B9DDF2CA4CA3CBD605F3BA008334AE3E3987E417DB3CB2E4D8D826DE
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.188 7a8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/10/09-13:04:35.189 7a8 Recovering log #3.2024/10/09-13:04:35.190 7a8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):0.6131325817596626
                Encrypted:false
                SSDEEP:
                MD5:8617B54816D4CFB9B553C1F951F05B14
                SHA1:6BF51D9CEC5D73ECA8BA8F39052DB19036A783B1
                SHA-256:DB3172D643A7C5342FAB5097F59A043946E81B64A9B53DABA71B6D1C7B6A585F
                SHA-512:15E2F0A978BEFAC806FA32EAF0DA9E779396DDBCE11668188900E9EEB2D1325EBACBE81F39BB8059CF35F071BA48B4E896F0256D32D64D6C839B5E103D9D2604
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):16
                Entropy (8bit):3.2743974703476995
                Encrypted:false
                SSDEEP:
                MD5:46295CAC801E5D4857D09837238A6394
                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                Malicious:false
                Reputation:unknown
                Preview:MANIFEST-000001.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):375520
                Entropy (8bit):5.354152548073269
                Encrypted:false
                SSDEEP:
                MD5:C1E88C0DA765A5307ADE3F6FA14D7915
                SHA1:7B894820135FCCCEAFAED7856C175DA9F63FD292
                SHA-256:E423624B9A38B15D92E8FD4327F9BB683A6123EF8E4044EF798542EC8E62D67D
                SHA-512:3D30A59929B111419C4C7D472806052FD58096950F2AC16C658CB4E1031E96C67DDE294199C81D9A34DEB19BD0A27ED26D030EFAFCC9A525F725E5483D42DDFF
                Malicious:false
                Reputation:unknown
                Preview:...m.................DB_VERSION.1..K.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13372967079284532..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:46295CAC801E5D4857D09837238A6394
                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                Malicious:false
                Reputation:unknown
                Preview:MANIFEST-000001.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):307
                Entropy (8bit):5.160219800243714
                Encrypted:false
                SSDEEP:
                MD5:31903F3A092E2CF2EF69BF67D20F14E3
                SHA1:1A21FCE50194AB7CFF65B1DEC3674728E2D7530F
                SHA-256:60398F66FC93525D3655681D367F8965E94E1C60F7BE0180759D61D67F8786D7
                SHA-512:C822AA6F0ACCF0A016B176D39F5638D3B58B12438B7A347015DD6217BDE2F6954B96594532228B80263C74C2BCCFAC9C8DDE688C6A75FF6401ABD2E97A9F71C7
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:38.418 1008 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/10/09-13:04:38.506 1008 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:OpenPGP Secret Key
                Category:dropped
                Size (bytes):41
                Entropy (8bit):4.704993772857998
                Encrypted:false
                SSDEEP:
                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                Malicious:false
                Reputation:unknown
                Preview:.|.."....leveldb.BytewiseComparator......

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:modified
                Size (bytes):358860
                Entropy (8bit):5.32461534780819
                Encrypted:false
                SSDEEP:
                MD5:944A4B838E11CE5BC37CA35DAE292826
                SHA1:FDF8A61CDF6B9A1990E029D08417236FB99FF14F
                SHA-256:3641BBA26C7E6BC109D73A678D405DF63A92C0148352C1A05CDD08B73572C239
                SHA-512:9556010211AED7751B5B34F202418EA0C07D7080C31CCD3A3ABF629074C24C0D0CBC1F70AA361D5B22E901C3934088771D509533313FB63FE975DDCAE50B174B
                Malicious:false
                Reputation:unknown
                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):418
                Entropy (8bit):1.8784775129881184
                Encrypted:false
                SSDEEP:
                MD5:BF097D724FDF1FCA9CF3532E86B54696
                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                Malicious:false
                Reputation:unknown
                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):320
                Entropy (8bit):5.162609529240561
                Encrypted:false
                SSDEEP:
                MD5:61BC263B7B210ED2D0C9C1C1D2836C48
                SHA1:A038230CB0446614416D15D225DDE1E3E77DA8B7
                SHA-256:B5292B6581529841EDB95C94B7B279A3EA65DF8801261E21703BAFB261D64357
                SHA-512:6212403BACFE588AA818CE43EEC440A16A3B9F5A3E4BCE81F5EDA2F6AABAA05B3D98CBF78FB4A071A067F18E23951FB61365D0F91CE7359BD044B9A0295E6B79
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.212 1458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/10/09-13:04:35.212 1458 Recovering log #3.2024/10/09-13:04:35.212 1458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):324
                Entropy (8bit):5.198323812500551
                Encrypted:false
                SSDEEP:
                MD5:5F5C29DDCA184E4155CAE37B6CB15DE7
                SHA1:D0DDDC4263F6F1AC310E4E00CAD79302F79EB2DA
                SHA-256:4EE0BDD064BEF95D5630A57100A2F6F5BADC3D5929CB076521555C9CAABB847B
                SHA-512:E2EDD5748B8461FF0104B2BB6F5F798E4BC18C9C37C39AF003D2F61DA5DB549B4ED373AD0D1055DB847EAF94D90BEE0A5AB47569C0729BC5392AAE770756826B
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.271 1458 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/10/09-13:04:35.294 1458 Recovering log #3.2024/10/09-13:04:35.295 1458 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):1254
                Entropy (8bit):1.8784775129881184
                Encrypted:false
                SSDEEP:
                MD5:826B4C0003ABB7604485322423C5212A
                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                Malicious:false
                Reputation:unknown
                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):317
                Entropy (8bit):5.091198376902232
                Encrypted:false
                SSDEEP:
                MD5:0CA5A3F441F2C1C4C3D1F9C77028B126
                SHA1:818C1DE38BFFF70768E570D916954F5B73CDEFB0
                SHA-256:383C92DC4F6A69ECAC3BBC22377847198B968901EAF8FAD4516BC6E9F0F2B1B4
                SHA-512:835CB3F77078441AA6C7A160B846B03F3C1CF09394D7B1481568452D10846F6618FDAD8D589A6F6D27FE60ADFFFE3E76AF3E930B72ACC5612F2937EDA5857D6E
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:36.001 32c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/10/09-13:04:36.002 32c Recovering log #3.2024/10/09-13:04:36.002 32c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):429
                Entropy (8bit):5.809210454117189
                Encrypted:false
                SSDEEP:
                MD5:5D1D9020CCEFD76CA661902E0C229087
                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                Malicious:false
                Reputation:unknown
                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 16, cookie 0x8, schema 4, UTF-8, version-valid-for 3
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):4.256130841772356
                Encrypted:false
                SSDEEP:
                MD5:12B00D696BD28B118CE3A865A6EE2507
                SHA1:1A28673AFFEC12B43C5416735E502E880F67E343
                SHA-256:C148C4B8832137478F33B53FE80B54976C0AB18679F40B4F6E2E2A71827DED28
                SHA-512:144EA0BCA93905739B3BB4A6C653D8AB8E37CE48A2E3A55BA590B070C97E2420A0D162FD2F4FB0FD7C683227F7EE51D9752E69A628D763D3F511CE8F6A39CE36
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:modified
                Size (bytes):270336
                Entropy (8bit):0.0018094250832613847
                Encrypted:false
                SSDEEP:
                MD5:AD01E0BB742DDE37ABCA445297422600
                SHA1:3D71DDF321828476F2D8293C864834905F02E52F
                SHA-256:55E3D15DF63F33C2B1C8A30D84394AC2562913FDA30BFE8A93D6A288D85D63EF
                SHA-512:24C4636B9F9CA40552BFABFBE14FD5213B2B6DF9025520F2BCA397ABCBD8F8B201134BEF194F95389C23F667E74D6FD478A8AC263C1BE8D058F541280C90B2F8
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                Category:dropped
                Size (bytes):262512
                Entropy (8bit):9.553120663130604E-4
                Encrypted:false
                SSDEEP:
                MD5:DAA7D6DA8C6976941E869D402E0828CB
                SHA1:045564D109515BA0F2FD95A6D95C32A8EDE8B012
                SHA-256:D30FC997ABD4D720B7A99E9C735457035FCF7DC6B02761A7FF36287E03A78C61
                SHA-512:AD7B8DC6800DB2CEC6BD3F6C04547D37C8F53776582A71C922415F49E0314987A4F74D5AA5949C38713DA9E992AA32E8B2EDA4198965BBAFDC64670D3FEFBB39
                Malicious:false
                Reputation:unknown
                Preview:............................................./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                Category:dropped
                Size (bytes):155648
                Entropy (8bit):0.6675362296343674
                Encrypted:false
                SSDEEP:
                MD5:560B250F3D961149DF7B5F7E85FAF699
                SHA1:56E177E8B7519019807544E91DF2266A217A9371
                SHA-256:CA82C836695B863848DCFA582BE6A2CFE05E6D498A4D12427AB17250321CB152
                SHA-512:22D48C05D0AF11139FB01274E8DD26BE336EA9C0D1ABD17BD232B7DFF10024A12AB79F55F3FC0B42DD3DEC4B7222CEB908C466E4FF6BD804D21374EF5C4C89D9
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:3D8183370B5E2A9D11D43EBEF474B305
                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                Malicious:false
                Reputation:unknown
                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                Category:dropped
                Size (bytes):45056
                Entropy (8bit):3.548570169326776
                Encrypted:false
                SSDEEP:
                MD5:07FBD245F6368756485B840F7A55FCAB
                SHA1:3577D40E9EC99633018BA09BFFC4EFA0DF0866B6
                SHA-256:2E5C803AE552F6ECC5EBC2D98D4CEA137BABC19CBB14E1722D44A100012DB1CC
                SHA-512:71ADCD8147CA7BB150A295ED8C711213A4CC166C8988CD1005BF7B85A20FF555B60F08A0625A1C84EB915884A630908F56BA2B66E9DE113FB3D3C1AF10E406A9
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):401
                Entropy (8bit):5.268543518494904
                Encrypted:false
                SSDEEP:
                MD5:1981E1E741FB5EB26D85A35E7950C3ED
                SHA1:A4612CECB532157DE22B58311175B0DAA60D1728
                SHA-256:104ED2D8DB7475A953AB32C09596DAAE382FD2380DC693724D4A9CF4B23BF701
                SHA-512:3A63784CF99E549A075A45905386FA970FE18775AA67A2346DFB942D5D32A88EFEACAC5BB2A4A839B1B494FB9E564DED22F19D2994873E4ED9F3668574B75548
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:36.697 32c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/10/09-13:04:36.697 32c Recovering log #3.2024/10/09-13:04:36.697 32c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):124
                Entropy (8bit):5.560696411036298
                Encrypted:false
                SSDEEP:
                MD5:2387CC5BE29421EE674ED01663CE05D4
                SHA1:466EAEEF72E9F4E1683DC81FC7DE9EA9045D4030
                SHA-256:0BEE7C21BF44E41057037DD9A15D5BE7C5175BEDDA834986BD5E0D07089B46AC
                SHA-512:F03FC5A348AC954CDA253E13B3475D21204CEDE881919112D08228EB76E4FCB549B4D7876C6A5C91A9914C6A50E2ACF1149EEA34AB035A3E331ABD2FEED826E8
                Malicious:false
                Reputation:unknown
                Preview:...u................VERSION.1..META:https://www.bing.com.............&_https://www.bing.com..V2BubbleTrigger..1728493480519

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):329
                Entropy (8bit):5.191642462997943
                Encrypted:false
                SSDEEP:
                MD5:35344E27E4B713F9474110E47B652F41
                SHA1:E3F6E86817C175FCDC47977A91D1D7DF3E67A688
                SHA-256:8303D89A5414E063670C5BB9DAF6123BAEF72699017BBB24427F18096F1545CA
                SHA-512:37E4CBCD66FCE0D2AB591A60A191E64D622D4BD4F4003F645F161ACE4789173BDB521FEDB7778D99CFC2EDCBD1304FD9384A88970AAFEB7801E441D0B651302C
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.452 9c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/10/09-13:04:35.456 9c8 Recovering log #3.2024/10/09-13:04:35.674 9c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\60d489ef-9e36-4d98-beba-de5d50a47425.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):40
                Entropy (8bit):4.1275671571169275
                Encrypted:false
                SSDEEP:
                MD5:20D4B8FA017A12A108C87F540836E250
                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                Malicious:false
                Reputation:unknown
                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 10, database pages 7, 1st free page 6, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 10
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):1.6457240010487044
                Encrypted:false
                SSDEEP:
                MD5:F609977739A8D1778CAD5ADA8C8E6E4C
                SHA1:2E92C3AC7ED8516BB1F0D17D03CE5BF0628E1138
                SHA-256:881A11B88EC7324203A848DB8E9704773A1E663158AC31FF6625154975201A98
                SHA-512:96A156A8D737A50A3725E8F4AA2A1CEAE84506C60AA6D20F78795A7E9E32E8A0D91965EABD8B0819BCA3DA382AE2B3D7F38D6A33370B1CEA9543A67D5EF569FC
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:3E9659824BE381C596FCBB0C0F6D7875
                SHA1:B139A9859419B5561EC308C5423954AFD3D23338
                SHA-256:080328AC9C408839CB0FF11343B97B5786B58FB4468007985AFD6D2326EF01DD
                SHA-512:AD53E0A8A18BBC26831052E13C5105514D3D00387B407970C3F3C1FE246F6F4A0FA63C67958F6A2DBD06AB3CC4489ABAC0B3A7084F8E1EC47D1AEB6CADDF1B97
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375559077109448","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375559078074993","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373060708744064","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":208824},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373060708393893","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":186919},"server":"https://r.bin

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
                Category:modified
                Size (bytes):36864
                Entropy (8bit):1.8744409733443834
                Encrypted:false
                SSDEEP:
                MD5:66DE948AF2408E059084B4CC0BCDC924
                SHA1:6E29A63472550D300549911BA0F0FD44EE6BC824
                SHA-256:7DA66AA315518FFF94324A84C33425AE02DE1189FCD4AAF8C4E8F32AEC23A65C
                SHA-512:528BCF1AA8F3027E71244C13D85FCCBF0BEF132FBAA35045CE76C77BD3AE0139E335E79A5F929F88BA48395CC5B766FBFA985847AD2EF8A948883FD8C0225527
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:20D4B8FA017A12A108C87F540836E250
                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                Malicious:false
                Reputation:unknown
                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Token Bindings

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):0.4716248163409303
                Encrypted:false
                SSDEEP:
                MD5:72E9D82D6C1742197EEA43EC203C6825
                SHA1:275AE552E437747FD707962111675AA2C8DEEB0F
                SHA-256:0DB0BA239E0421208146C4FBB809F2DBD960019FE4F4EC4CBC894C29627DD759
                SHA-512:C62C7C0C9BBE1CFAE2FEF39FBDF70BB5316713D87453096676BD854A19FDD8BC62F1608F8BE3602AD8770B94C13FFE5A9516F05A95548615CB78ED9CEADC7EA9
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j.......q..g...q.0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\de856b4a-ad0b-4135-ae64-ddbcff57de5b.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1375
                Entropy (8bit):5.25843061545441
                Encrypted:false
                SSDEEP:
                MD5:3E9659824BE381C596FCBB0C0F6D7875
                SHA1:B139A9859419B5561EC308C5423954AFD3D23338
                SHA-256:080328AC9C408839CB0FF11343B97B5786B58FB4468007985AFD6D2326EF01DD
                SHA-512:AD53E0A8A18BBC26831052E13C5105514D3D00387B407970C3F3C1FE246F6F4A0FA63C67958F6A2DBD06AB3CC4489ABAC0B3A7084F8E1EC47D1AEB6CADDF1B97
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375559077109448","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375559078074993","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373060708744064","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":208824},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373060708393893","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":186919},"server":"https://r.bin

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):0.5743529459392946
                Encrypted:false
                SSDEEP:
                MD5:558A3F8C86B4E6580B54E8F7FA7E3DAF
                SHA1:BE2CA20287B762D66037530A721A825786816845
                SHA-256:4821B776B0FDC4190DB1B261174F6C2D664DD45F3C0D77FE359D7B63FF64609C
                SHA-512:BF743179D9448C8BF2256EEA447CD43FB1440C620CD57F8C72A71BED0995F2590FAE177426AF38211E9ADEADD3A0A023AAFA91517907F1AFF5F3A7794CBFD143
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:693C28A8E54DCC8C29D762DD096C54F8
                SHA1:28291E96A8FB8A5A2B6CE6AD0C946EFC100385C2
                SHA-256:60AF8D2C620AAEF86AC196FDF75C8B37931FA11B35D4E56D0E0E74D51BAEDCE9
                SHA-512:839049EED4994C3533A15EBE8D4430A5332754A2B6AF203E52C1800A84073080E357FC030A2EB5EEEC464B01374CAECC7FEBCFB8640DF3F16167E1089D92FB80
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30dad.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:693C28A8E54DCC8C29D762DD096C54F8
                SHA1:28291E96A8FB8A5A2B6CE6AD0C946EFC100385C2
                SHA-256:60AF8D2C620AAEF86AC196FDF75C8B37931FA11B35D4E56D0E0E74D51BAEDCE9
                SHA-512:839049EED4994C3533A15EBE8D4430A5332754A2B6AF203E52C1800A84073080E357FC030A2EB5EEEC464B01374CAECC7FEBCFB8640DF3F16167E1089D92FB80
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3398f.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:693C28A8E54DCC8C29D762DD096C54F8
                SHA1:28291E96A8FB8A5A2B6CE6AD0C946EFC100385C2
                SHA-256:60AF8D2C620AAEF86AC196FDF75C8B37931FA11B35D4E56D0E0E74D51BAEDCE9
                SHA-512:839049EED4994C3533A15EBE8D4430A5332754A2B6AF203E52C1800A84073080E357FC030A2EB5EEEC464B01374CAECC7FEBCFB8640DF3F16167E1089D92FB80
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3421b.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:693C28A8E54DCC8C29D762DD096C54F8
                SHA1:28291E96A8FB8A5A2B6CE6AD0C946EFC100385C2
                SHA-256:60AF8D2C620AAEF86AC196FDF75C8B37931FA11B35D4E56D0E0E74D51BAEDCE9
                SHA-512:839049EED4994C3533A15EBE8D4430A5332754A2B6AF203E52C1800A84073080E357FC030A2EB5EEEC464B01374CAECC7FEBCFB8640DF3F16167E1089D92FB80
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:61476559E58457780B6F56FA98877B71
                SHA1:7D1DAEFC0B0923AC7D5FC7687B05992D7B601C59
                SHA-256:F761D97F0FAA040E97BDC5615E6A2809CD87FAD0BB196680B776B39F26CF7AAE
                SHA-512:B6BE6853FD89BCD8A3E905558B197B8193D7D2B375C6DFAB388447DD65E91FE4105A6372B8F23146577512E3D59DE2D4B4FDF2C063AD0BE47C7836F243D1CC8C
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF32655.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:61476559E58457780B6F56FA98877B71
                SHA1:7D1DAEFC0B0923AC7D5FC7687B05992D7B601C59
                SHA-256:F761D97F0FAA040E97BDC5615E6A2809CD87FAD0BB196680B776B39F26CF7AAE
                SHA-512:B6BE6853FD89BCD8A3E905558B197B8193D7D2B375C6DFAB388447DD65E91FE4105A6372B8F23146577512E3D59DE2D4B4FDF2C063AD0BE47C7836F243D1CC8C
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3421b.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:61476559E58457780B6F56FA98877B71
                SHA1:7D1DAEFC0B0923AC7D5FC7687B05992D7B601C59
                SHA-256:F761D97F0FAA040E97BDC5615E6A2809CD87FAD0BB196680B776B39F26CF7AAE
                SHA-512:B6BE6853FD89BCD8A3E905558B197B8193D7D2B375C6DFAB388447DD65E91FE4105A6372B8F23146577512E3D59DE2D4B4FDF2C063AD0BE47C7836F243D1CC8C
                Malicious:false
                Reputation:unknown
                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372967075185072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372967075185072","location":5,"ma

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):696
                Entropy (8bit):4.872486526840185
                Encrypted:false
                SSDEEP:
                MD5:A404359349D6D877176EE6CC557DBBAB
                SHA1:854AF76E8F8C6DAD03917DF1FE8744FAE67F3541
                SHA-256:92645980715EF7786A503180CDFFD38BF6353C34B91C87C52F97136CA39D4E0F
                SHA-512:21A703B15D284FB1F5FE566C27BE3FEA02C4CD02B5A0D516AAA16EF54A6F7FEB6620EB2C2AA3ECD9D4AA747222D0809A289AFCB4D3AFC468F662CCE97CD62A01
                Malicious:false
                Reputation:unknown
                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f..................rc................next-map-id.1.Dnamespace-c49a955a_8a90_4355_bf4b_4e09f5821c36-https://www.bing.com/.0.|:^p................next-map-id.2.Qnamespace-c49a955a_8a90_4355_bf4b_4e09f5821c36-https://login.microsoftonline.com/.1...................map-0-sschkad..b8.................b8.................b8.................b8.................b8................s..h................next-map-id.3.Inamespace-a19dda52_95ce_4b9f_a982_25f92b76d3dd-https://www.microsoft.com/.2..q&W...............Inamespace-a19dda52_95ce_4b9f_a982_25f92b76d3dd-https://www.microsoft.com/

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):317
                Entropy (8bit):5.163964980819844
                Encrypted:false
                SSDEEP:
                MD5:CBD2DA05C03119541666FEABD2CDE6CE
                SHA1:4BB6043E6CD5B9CD944D867003269614B15F403D
                SHA-256:D24321B6F68A10463C9FA344139046C22461C0DD338E4E2C144B3EEB66B1E004
                SHA-512:DDCE543F1E6F0A6BC13191649E2C0D6E855E8B34D1AFFF93311DA98D204D05F17C01F75A06FE8D347ED58A242424EDA2F7C3DB02D100D1EC709BE5C6C49E3A31
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.860 9c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/10/09-13:04:35.863 9c8 Recovering log #3.2024/10/09-13:04:35.868 9c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13372967077687531

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):14027
                Entropy (8bit):3.866926175443162
                Encrypted:false
                SSDEEP:
                MD5:C7F24961406F60144E21E56BE76837C1
                SHA1:19B80D910550672FDC334A4274CD1500C9FD14A2
                SHA-256:4A7C303D5B4F1021228E8851FAB44CE9DCB29E49E3F30F1B95BBD73B31B6C80A
                SHA-512:BA4DB3FA31814667451704E64F7517FB771B3000D76329102F9B8AF0743E7F7FB76FE35424DE023EA59FBE0287F4341434B6AE1098EE48B0C8428AEFC772C11A
                Malicious:false
                Reputation:unknown
                Preview:SNSS........P.o............P.o......".P.o............P.o........P.o........P.o........P.o....!...P.o................................P.o.P.o1..,....P.o$...c49a955a_8a90_4355_bf4b_4e09f5821c36....P.o........P.o....J...........P.o....P.o........................P.o....................5..0....P.o&...{544A81F3-86CF-4601-B565-C8CB2CA3983A}......P.o........P.o........................P.o............P.o....}...https://www.bing.com/search?q=what%27s%20my%20ip%20address%20site:microsoft.com&form=B00032&ocid=SettingsHAQ-BingIA&mkt=en-GB.......4...0...!...(................................................................................................... .?.$..!.?.$..................................8...................................................}...h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.w.h.a.t.%.2.7.s.%.2.0.m.y.%.2.0.i.p.%.2.0.a.d.d.r.e.s.s.%.2.0.s.i.t.e.:.m.i.c.r.o.s.o.f.t...c.o.m.&.f.o.r.m.=.B.0.0.0.3.2.&.o.c.i.d.=.S.e.t.t.i.n.g.s.H.A.Q.-.B.i.n.g.I.A.&.m.k.t.=.e.n.-.G.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372967108680628

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):8203
                Entropy (8bit):3.7008374560207047
                Encrypted:false
                SSDEEP:
                MD5:D7FDDF935A8BF71DFA8F1855660BF7F9
                SHA1:112BCED994E9F715B18B0D9234AF35CD0A8DA4C5
                SHA-256:EE69F9D3E250155F8F340A0640485A961E50E62C595134D1EAE1CFC5699FF283
                SHA-512:CDEB6EC264C70C9AF6754FF096601BB177C38576A669F61A60092E55FFF922668D868B40BBEC310A98E82FB447BC1C26853AE4B53C28AF3862FFDF7B639E586A
                Malicious:false
                Reputation:unknown
                Preview:SNSS....]..X....P.o............../.....................&...{544A81F3-86CF-4601-B565-C8CB2CA3983A}..........P.o........../.........P.o....}...https://www.bing.com/search?q=what%27s%20my%20ip%20address%20site:microsoft.com&form=B00032&ocid=SettingsHAQ-BingIA&mkt=en-GB...0...w.h.a.t.'.s. .m.y. .i.p. .a.d.d.r.e.s.s. .s.i.t.e.:.m.i.c.r.o.s.o.f.t...c.o.m. .-. .S.e.a.r.c.h.<...8...!...0................................................................................................... .?.$..!.?.$..................................@...................................................}...h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.w.h.a.t.%.2.7.s.%.2.0.m.y.%.2.0.i.p.%.2.0.a.d.d.r.e.s.s.%.2.0.s.i.t.e.:.m.i.c.r.o.s.o.f.t...c.o.m.&.f.o.r.m.=.B.0.0.0.3.2.&.o.c.i.d.=.S.e.t.t.i.n.g.s.H.A.Q.-.B.i.n.g.I.A.&.m.k.t.=.e.n.-.G.B...............................................(.......H.......`.......p....................................................... .......0.......P.......h..............

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                Category:dropped
                Size (bytes):20480
                Entropy (8bit):0.44194574462308833
                Encrypted:false
                SSDEEP:
                MD5:B35F740AA7FFEA282E525838EABFE0A6
                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):112
                Entropy (8bit):4.512319158316892
                Encrypted:false
                SSDEEP:
                MD5:E8104F38D70987850D44DB94E6534DD1
                SHA1:7634767D7F52F066304FC8B5E79A0CD223A0849F
                SHA-256:5BDC7A804BC3B61937BBB186B51A3FBAF61DE97392BDE8866924EB932B28AFCE
                SHA-512:015CC85EE6B2FCB84CEC876851932FD9BFB1D8DB5DB007864CF50B86BDDFF850DF8DE6DFEB009B23EB2F91ABBDA0EC16F85A6D7A8B001DBAC2B2DD3A0C8F2408
                Malicious:false
                Reputation:unknown
                Preview:.On.!................database_metadata.1vC.$A............... fd34edfe67a924377d8a9dfe9a78a38a............."...

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):345
                Entropy (8bit):5.136309558373023
                Encrypted:false
                SSDEEP:
                MD5:01DAAA044DBFADB900274F772FC12457
                SHA1:24CF69C0810ECBA5D8627ED32F05EE56784A8F4B
                SHA-256:E6F5C31E22C3F5E321D5454436CB0D19ACD7582105B3E98B4D85EFEE53FD5EFC
                SHA-512:E066882625F2A06433A699538C470A3E143AFA1BFBC25ED8727D0A26C95C024B88ACF8A65D21491FFDFCA09EB9C78502AD7E366CF4BAF7C4EB0303EB3DBDC0A0
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.187 f3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/10/09-13:04:35.235 f3c Recovering log #3.2024/10/09-13:04:35.236 f3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.0018164538716206491
                Encrypted:false
                SSDEEP:
                MD5:9619E4443ECA1729011043802D3F9E95
                SHA1:6E50BC30392B3156B7A970C5E30D918D045CDE56
                SHA-256:F14F212ADC2A5E78A47CF358BEA5C563538B31C046FAA3319FDD9889CD4EA5F4
                SHA-512:15B36C1347EA36B9B3047DCB89BBDE335C41679D92172324395E21A063399C1651EE6B315F4760E5C907DC34FC3038EB1F75535A37CE5E5250A83DD904C11385
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.0012471779557650352
                Encrypted:false
                SSDEEP:
                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):427
                Entropy (8bit):5.234850992381149
                Encrypted:false
                SSDEEP:
                MD5:5D03FF12E2B43B06246926281CD6A59E
                SHA1:EBCFBACB375483DBFE71AEFCD0687C41300C8146
                SHA-256:33D5ED4D7A095C4B35CDD8B2D792714BFCC6862541D55847D66A1F43D1D9A0E7
                SHA-512:A507F3290E89CD594247228EB018AE3E85866E48A2D8DD86122BAF38ADE9D3F61945D0087F4B6B3C1BEAAAD149B5543D948475A0B58C4F39DACDA26ACC7E4774
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.995 9c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/10/09-13:04:35.997 9c8 Recovering log #3.2024/10/09-13:04:36.001 9c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:D751713988987E9331980363E24189CE
                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                Malicious:false
                Reputation:unknown
                Preview:[]

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2d622.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:D751713988987E9331980363E24189CE
                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                Malicious:false
                Reputation:unknown
                Preview:[]

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                Category:dropped
                Size (bytes):36864
                Entropy (8bit):0.3886039372934488
                Encrypted:false
                SSDEEP:
                MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cfced06e-a369-451c-b741-d4a5f5e46606.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2
                Entropy (8bit):1.0
                Encrypted:false
                SSDEEP:
                MD5:D751713988987E9331980363E24189CE
                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                Malicious:false
                Reputation:unknown
                Preview:[]

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):80
                Entropy (8bit):3.4921535629071894
                Encrypted:false
                SSDEEP:
                MD5:69449520FD9C139C534E2970342C6BD8
                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                Malicious:false
                Reputation:unknown
                Preview:*...#................version.1..namespace-..&f.................&f...............

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):415
                Entropy (8bit):5.252835029264686
                Encrypted:false
                SSDEEP:
                MD5:AD89A66BD3CC3FBC3F05F69CC4743D16
                SHA1:F4DCD0A4DBF0330CE4FCC4E3D4551D234FC12111
                SHA-256:18BE9E7A8F08F68D94D6C3E3471A47A5532CE66286D921E84A31EA378C9887F9
                SHA-512:7F7AB67249DE87DB4D818054FBBBB94A30B083DA92DADAE90A4F71A13FE9DDBDAC5078A3117085A1AA90F871E2C5D5A2976C9FBEBD720E7DDE1640EE0C96F4B3
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:51.624 9c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/10/09-13:04:51.625 9c8 Recovering log #3.2024/10/09-13:04:51.628 9c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:AD89A66BD3CC3FBC3F05F69CC4743D16
                SHA1:F4DCD0A4DBF0330CE4FCC4E3D4551D234FC12111
                SHA-256:18BE9E7A8F08F68D94D6C3E3471A47A5532CE66286D921E84A31EA378C9887F9
                SHA-512:7F7AB67249DE87DB4D818054FBBBB94A30B083DA92DADAE90A4F71A13FE9DDBDAC5078A3117085A1AA90F871E2C5D5A2976C9FBEBD720E7DDE1640EE0C96F4B3
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:51.624 9c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/10/09-13:04:51.625 9c8 Recovering log #3.2024/10/09-13:04:51.628 9c8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):324
                Entropy (8bit):5.201054014832438
                Encrypted:false
                SSDEEP:
                MD5:3B4E5FC9353D08F88026E79BDAD5F693
                SHA1:8CAAB3569C9A3C5F45AD276FE2DDAD526A221ABF
                SHA-256:999773C7DA906171577B3EE706A60ACF9DB2220F1A63DE432A9B2E306128446B
                SHA-512:89AA0F5AFB2D8746CAE1265D3315BE1FA00F9275AF9D1CCB52EECFCB7F62D30D49F29C7B98724189779DAA39249CD9E2A3FD57F991EFFA7788B2CCCA66FC431C
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.166 1a84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/10/09-13:04:35.164 1a84 Recovering log #3.2024/10/09-13:04:35.164 1a84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):131072
                Entropy (8bit):0.006677525943585664
                Encrypted:false
                SSDEEP:
                MD5:DED3AFE81600AE9EB4C743575685B634
                SHA1:E3A5280AC425393A368FBBB9AD70B871598F3BE3
                SHA-256:CF7CB61BAD25FFEFEA41885A81AAC52E82488E080CCAEEF711D0DF08D6E321B5
                SHA-512:52538B1F5604DC922469CA01BE876DF91997B12DF4CFE69FEE1FAD778F2C3968EF40FF97A427B3178EBE14C8207C614BFD773144022A68D34DDBAA37D563A91D
                Malicious:false
                Reputation:unknown
                Preview:VLnk.....?.......v|..lON................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                Category:dropped
                Size (bytes):196608
                Entropy (8bit):1.266407538123065
                Encrypted:false
                SSDEEP:
                MD5:FD4F8903097F7A3B419990FA71EA80B4
                SHA1:7096DB4C40F5B4498BE1A91816354D2C58B797F0
                SHA-256:B7C4862E31945DD6BFEEA9169C9DD8F9D2B77CE54BF68DF9507E20ABB90C3071
                SHA-512:CB891B12B2780EA7BC6434D77E83601E107E198FFD75F0CE2F382E1931DDE9962C10E08AF0C2BB8AB2F3AF4241C2F1AF67D9E00104E748677DF93B6F7A857070
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                Category:dropped
                Size (bytes):40960
                Entropy (8bit):0.41235120905181716
                Encrypted:false
                SSDEEP:
                MD5:981F351994975A68A0DD3ECE5E889FD0
                SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ad8ff1d1-3754-4c17-aae2-afd485bad125.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):14990
                Entropy (8bit):5.322389278196403
                Encrypted:false
                SSDEEP:
                MD5:1F04FED93C73A4B19D5D690F354CAE2D
                SHA1:838120E04A3136DB2E70AB867DDF8691E25374C8
                SHA-256:093DBEDCC64D7074D6A26D89A96E5F03DC5568E3916CB6BAC76DA117BD2B72FC
                SHA-512:2F6C6714EEA1A889ED302139DACA17AF88CADA8C6EE8683182DF07CDFE03EF19E9A8A887D91DA3D8BFC9113B340EE530665F9DE601CA6B8947F306BB54A26D93
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                Category:dropped
                Size (bytes):11755
                Entropy (8bit):5.190465908239046
                Encrypted:false
                SSDEEP:
                MD5:07301A857C41B5854E6F84CA00B81EA0
                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                Malicious:false
                Reputation:unknown
                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3c9e0d5-27a8-4657-aa2f-87984fc0df6f.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):13673
                Entropy (8bit):5.265518224206203
                Encrypted:false
                SSDEEP:
                MD5:693C28A8E54DCC8C29D762DD096C54F8
                SHA1:28291E96A8FB8A5A2B6CE6AD0C946EFC100385C2
                SHA-256:60AF8D2C620AAEF86AC196FDF75C8B37931FA11B35D4E56D0E0E74D51BAEDCE9
                SHA-512:839049EED4994C3533A15EBE8D4430A5332754A2B6AF203E52C1800A84073080E357FC030A2EB5EEEC464B01374CAECC7FEBCFB8640DF3F16167E1089D92FB80
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b46eec91-4b21-4b23-9784-ce0b3a919df2.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):16278
                Entropy (8bit):5.3268830138319005
                Encrypted:false
                SSDEEP:
                MD5:88F6377D2AA1EB8E70134CC324CA61DF
                SHA1:CA91F38FEFA0D0C08CBA24DEA6E83C07E59EAA7B
                SHA-256:321A0B15B6AA341CDFD485F471D0B2005A1C34C5084236501A44BC5FD83F7924
                SHA-512:4E9B89959E7D7AE38CA0517696431CE54F9B35C3D45F5195B553B92B1B83C377639AB958EE04C8429C1FB330D8EB02A5C4E680CF55C9E8B49C9286E2004B6577
                Malicious:false
                Reputation:unknown
                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372967075793794","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341058280410352","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\be7d8cc4-96c7-489b-a2e2-271b4e0481ef.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                Category:dropped
                Size (bytes):115717
                Entropy (8bit):5.183660917461099
                Encrypted:false
                SSDEEP:
                MD5:3D8183370B5E2A9D11D43EBEF474B305
                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                Malicious:false
                Reputation:unknown
                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):0.3410017321959524
                Encrypted:false
                SSDEEP:
                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                Category:dropped
                Size (bytes):45056
                Entropy (8bit):0.9259228532841607
                Encrypted:false
                SSDEEP:
                MD5:CE8BD8853E6C696DBD32E50CFD62AB18
                SHA1:50B1FB20D24F5FE50FEF3830B56AD0F07BE14682
                SHA-256:21E92FA0C1EFD1373F2BAA04E96363E97B25BEDB3B62ABA2A04FF0F3B6868679
                SHA-512:351DE1C0211E0C9C9DC8D9A5A21D0E3B2A8AFDAAB4C1E61ECBFBBD2892982EBD632AAD781199AB3740D3E6D34A5DAE1B738E20461AEEE1EB2D88697CC72B9C54
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.09632706022674813
                Encrypted:false
                SSDEEP:
                MD5:50C64CDB3816BF0D13C0974E56BBBF4E
                SHA1:315FE34D5276E245C02E2CEDC693F8B85D3A9536
                SHA-256:9DF49215C3B3D28E5969893AC26BA8BABA9CBC6B99220B47BF9B365A9273FCA4
                SHA-512:909F8448972166D8439006BBFD27A23FAFC0944F5C8123EAFBDC5CF9CBC7281A59ACE8A5DF73D7105175D42A8A129FC4BA5C210DBE5DA7B653C0BDD8847FD170
                Malicious:false
                Reputation:unknown
                Preview:..-.............E.......(2M._Z..^..>l_..h..L.+.#..-.............E.......(2M._Z..^..>l_..h..L.+.#E.......E.......................E.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite Write-Ahead Log, version 3007000
                Category:dropped
                Size (bytes):284312
                Entropy (8bit):0.6939744074472112
                Encrypted:false
                SSDEEP:
                MD5:BFACA866188C29F1B32CA071900F50A4
                SHA1:6D755D1A5A3FAB38E74B6BAD336E57C80823A6F3
                SHA-256:2842378B14412F2068F11A45EC3EBE1C8DF91BAC098B03DC1E44C80B88568F83
                SHA-512:8356BB75A806DB3332B04BFC22321B02D37BFA820D1438A505830D3A325AA5078B45D120BC0B42354ADDA4190DF2D2DA7E5814B7BD57BE52D471B9C0F24AC1A9
                Malicious:false
                Reputation:unknown
                Preview:7....-..........^..>l_.....q..$.........^..>l_..X....9I4SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):703
                Entropy (8bit):3.984528151854781
                Encrypted:false
                SSDEEP:
                MD5:82DF69B124E6226CFDD32B0F41403EA1
                SHA1:F654A5A71D17FE7697D678A089B9C7A997307576
                SHA-256:1DAD3163D583B1A5BF44E4648BF0EFF0633904B8989FFD27B3DD1CC884273A59
                SHA-512:2EFB61F654ED24696AEB85EE7FF0697C227EABA8E8111627F6595719A039D1047B1986B4DB27E1A60F501E10B1BA363374351BE3ED8FB68C53A3C626CC361FC4
                Malicious:false
                Reputation:unknown
                Preview:A..r.................20_1_1...1.,U.................20_1_1...1?.Q;0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............Y^.@;...............#38_h.......6.Z..W.F......H.......H...........V.e.................,e.:...............#38_h.......6.Z..W.F......H.......H..........c1..;...............#38_h.......6.Z..W.F......H.......H......%.......R;...............#38_h.......6.Z..W.F......H.......H......!....

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):320
                Entropy (8bit):5.182848156367438
                Encrypted:false
                SSDEEP:
                MD5:F88F192E5B4DB41531F80E2BFAEC9BBF
                SHA1:C938F8C1E8ADD43666C38CBBAA266FC5CD0E1B70
                SHA-256:11007C26765C77B48A9FE7CB639E1AD9A04B9D02F6361ABDB132DB39EA8B9032
                SHA-512:E4E998321BBA12600BE9951580B327F559DB3C6BE614750A20F06F67753F479916732961C1D4CC979D256EEB07E62D4AFEEB67E90B7F181E2D89B0CE6B561ADF
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.818 1ad0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/10/09-13:04:35.818 1ad0 Recovering log #3.2024/10/09-13:04:35.820 1ad0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):928
                Entropy (8bit):4.0841566368719775
                Encrypted:false
                SSDEEP:
                MD5:FFD773A32B54CE20C08561046A7359C3
                SHA1:0457B60240313DE71285F57D99A505601FECA7EF
                SHA-256:F0FF72019973430411A49A1B5BB5F2C3FBEAA8EAB418944ACB3295CB00DBBA50
                SHA-512:D8EC47D415459BB850BF7973E9C7583E1A4F16B48216D185EC9CCE7739A641F79E5335B0286E428B51BB761B99C043A5D398D7C51274FC2E4A3BAF742D1EAF98
                Malicious:false
                Reputation:unknown
                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .TN...................3_.....{-%z.................4_.....Z.\_.................3_.....5}...................4_.....

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):338
                Entropy (8bit):5.151581270971661
                Encrypted:false
                SSDEEP:
                MD5:C1DF994750A4DDF95FF6A229BD014746
                SHA1:352E3248681654EBA4D944C8A87CD60DFD99EC1F
                SHA-256:BEE00E347B3AFF5921253FAA80B9BD1A2754E23490865F8F96FBC86BACCA87A7
                SHA-512:B1C87CE3A6896F59725A879FA0F69326BDE39504FF8269CA005ABFC9D224CE649535843689002031B2548BC81777EE28B3D058EDC9F243BF2D009DBDBD74D0FF
                Malicious:false
                Reputation:unknown
                Preview:2024/10/09-13:04:35.802 1ad0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/10/09-13:04:35.803 1ad0 Recovering log #3.2024/10/09-13:04:35.804 1ad0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.0018090556708630736
                Encrypted:false
                SSDEEP:
                MD5:0F58ACD8FB8D7AC6AA2B39FEF1538BEB
                SHA1:83F84E3F8A7D4AB561DDAE8AACF8CA5FE7E08FBD
                SHA-256:3821C8C59F5F5637E52D1E8DC9859D9913AC3CAF2275F20A34269C44314AE31A
                SHA-512:A9CCA14A0259C4C088F0DCA761841126A91186A034C7CBF3A1C82E271374BF46F6A36B86E4CAA5D6D54695CCDF8B2DECAB24421416198A646E18EB78D97240A3
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.0018090556708630736
                Encrypted:false
                SSDEEP:
                MD5:65474350AA8A1167E03448D95FD435AC
                SHA1:B356B2B837F3E992FF8DFDEA9778F6C444A1F9B3
                SHA-256:F2C5EC947A92C73349DD8F4F03E02EF1322DCB1D9076FEC6EF65E41F154FD2EF
                SHA-512:D926D22425B70B1FF87CEC1569E07DD7F1406246CC2ADC40062762897DBCA1A7945D3B1C6E3E304EC6A32FB67DE561C320B0F40A96BE642D6875E01518F21B48
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):120
                Entropy (8bit):3.32524464792714
                Encrypted:false
                SSDEEP:
                MD5:A397E5983D4A1619E36143B4D804B870
                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                Malicious:false
                Reputation:unknown
                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:2E316973A8E21C48557989606FA0622D
                SHA1:D1DEE61A6F67A94C72E33E14517AAA2111E26AC2
                SHA-256:7544756528D0CC3F4BAE852AA492EFFB3029E5B4EC02D740AC91951296A217F6
                SHA-512:E3092F0389D9E848965EEFEFF697D788B15AA0F938FFC1A7EB1D81E924C87F8E2E1D85BC1F8D9CA4768A625C0EDE8D63B9353C2CC9BB1C274130CB7F26B3BE61
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30dad.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:2E316973A8E21C48557989606FA0622D
                SHA1:D1DEE61A6F67A94C72E33E14517AAA2111E26AC2
                SHA-256:7544756528D0CC3F4BAE852AA492EFFB3029E5B4EC02D740AC91951296A217F6
                SHA-512:E3092F0389D9E848965EEFEFF697D788B15AA0F938FFC1A7EB1D81E924C87F8E2E1D85BC1F8D9CA4768A625C0EDE8D63B9353C2CC9BB1C274130CB7F26B3BE61
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF341bd.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:2E316973A8E21C48557989606FA0622D
                SHA1:D1DEE61A6F67A94C72E33E14517AAA2111E26AC2
                SHA-256:7544756528D0CC3F4BAE852AA492EFFB3029E5B4EC02D740AC91951296A217F6
                SHA-512:E3092F0389D9E848965EEFEFF697D788B15AA0F938FFC1A7EB1D81E924C87F8E2E1D85BC1F8D9CA4768A625C0EDE8D63B9353C2CC9BB1C274130CB7F26B3BE61
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3421b.TMP (copy)

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:2E316973A8E21C48557989606FA0622D
                SHA1:D1DEE61A6F67A94C72E33E14517AAA2111E26AC2
                SHA-256:7544756528D0CC3F4BAE852AA492EFFB3029E5B4EC02D740AC91951296A217F6
                SHA-512:E3092F0389D9E848965EEFEFF697D788B15AA0F938FFC1A7EB1D81E924C87F8E2E1D85BC1F8D9CA4768A625C0EDE8D63B9353C2CC9BB1C274130CB7F26B3BE61
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                Category:modified
                Size (bytes):20480
                Entropy (8bit):0.5953617101674533
                Encrypted:false
                SSDEEP:
                MD5:497587C240CD4B0081208D6C3EE7C596
                SHA1:E04F0AD9AC312C64BE418CB8B42B84EE05BFCA9C
                SHA-256:6F42BE9C5CFF7FE24DBB3D66EA70CDBF4A463133387241D3BAE58AD8DC29E507
                SHA-512:84DD20F2AD3DB7CC50335B7C74A24BB1759E064A7275F5B2EBC44B4AB755B01D5F6F79891E772CA0D415824F2D193D96D273B6A380A228FA640950A0327C6914
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):270336
                Entropy (8bit):0.0018238520723782249
                Encrypted:false
                SSDEEP:
                MD5:3DB0C8DF0A91E996890360BF784888DF
                SHA1:B40D035A1EEC84109E46B9676D611B94A2547174
                SHA-256:B878BB3EF23C48AA9D70F2DA74F720C66FCF9CDC2B348724932991B39872883A
                SHA-512:85B50EA83029F21B843247389EE0C9B0ECFC6CC871B3697FEB95464907DB76AB106C3CC8BDE7B8B6D7EFEF0C98A458E6275149ACEAD223ACDDDACFA56F877FDD
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):47
                Entropy (8bit):4.3818353308528755
                Encrypted:false
                SSDEEP:
                MD5:48324111147DECC23AC222A361873FC5
                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                Malicious:false
                Reputation:unknown
                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):35
                Entropy (8bit):4.014438730983427
                Encrypted:false
                SSDEEP:
                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                Malicious:false
                Reputation:unknown
                Preview:{"forceServiceDetermination":false}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):50
                Entropy (8bit):3.9904355005135823
                Encrypted:false
                SSDEEP:
                MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                SHA1:5AAAC173107C688C06944D746394C21535B0514B
                SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                Malicious:false
                Reputation:unknown
                Preview:topTraffic_170540185939602997400506234197983529371

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):575056
                Entropy (8bit):7.999649474060713
                Encrypted:true
                SSDEEP:
                MD5:BE5D1A12C1644421F877787F8E76642D
                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                Malicious:false
                Reputation:unknown
                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):85
                Entropy (8bit):4.3488360343066725
                Encrypted:false
                SSDEEP:
                MD5:BC6142469CD7DADF107BE9AD87EA4753
                SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
                SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
                SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
                Malicious:false
                Reputation:unknown
                Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6be6190-7b01-486e-9339-f2783dd3b325.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):48622
                Entropy (8bit):6.0962171657262365
                Encrypted:false
                SSDEEP:
                MD5:2E316973A8E21C48557989606FA0622D
                SHA1:D1DEE61A6F67A94C72E33E14517AAA2111E26AC2
                SHA-256:7544756528D0CC3F4BAE852AA492EFFB3029E5B4EC02D740AC91951296A217F6
                SHA-512:E3092F0389D9E848965EEFEFF697D788B15AA0F938FFC1A7EB1D81E924C87F8E2E1D85BC1F8D9CA4768A625C0EDE8D63B9353C2CC9BB1C274130CB7F26B3BE61
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+

                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f79caeda-37a0-4b71-a22a-9d0fd8b032cb.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):56958
                Entropy (8bit):6.081733796048191
                Encrypted:false
                SSDEEP:
                MD5:8C5144986476B09B9FAF7FBC5BE7E665
                SHA1:B1409F22CFB750BA11804E05CFB2F4DB1894FA74
                SHA-256:11982350B6B5233A31EB680A76C57F7EEEB71EAAF7FBFA44F7A57FEE1B5AB5D0
                SHA-512:31B9B2BF557E9A9DD9091EAB4DA8A3910CA378B04D1CEB4564DFC5ED1947E58BD71A0AF6C6992152FD4B5BB41DF76B9FD82358580A673F6AA92701A037929BB0
                Malicious:false
                Reputation:unknown
                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1728493508"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):2278
                Entropy (8bit):3.851145231129186
                Encrypted:false
                SSDEEP:
                MD5:4501CDB0AEEF598031772DBF2535847A
                SHA1:86A481811CC0C39EF3D70EC1F4F61668998DE1F6
                SHA-256:23735F2D47880BF5474BF5ECD4E4E66FF1D4FA9648A3B259C7EF349242C94A3D
                SHA-512:0CB04EA55EBC8A222742E9D082EE1EED1144BA4349659CA09573F3DEC0ACED3A9AF81CF1E0C963C1DA469FA816A48B19978741A43B94943391E3039D02822D99
                Malicious:false
                Reputation:unknown
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.N.J.Y.s.3.U.a.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.+.m.S.2.O.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):4622
                Entropy (8bit):3.9978712903840434
                Encrypted:false
                SSDEEP:
                MD5:A9184EB5D3FC9C601DFAECA03CF6FF03
                SHA1:BC09760E1318ACADBDCA438239CF8ECB6B49B3EA
                SHA-256:32A5567EBA2AEFBE481E3B11544B90E7EA08B3D926FFD0D4F15E9BE7116D630D
                SHA-512:668ADD5803E54B30AA5244F478404111F92E51E042385A8671648712FC69ECA5F14C4692958116A6D55EB59A68FBFCDD6ABCAF822C4D23082FC78C22B5EC55DF
                Malicious:false
                Reputation:unknown
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.d.W.Q.m.W.0.a.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.+.m.S.2.O.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:data
                Category:dropped
                Size (bytes):2684
                Entropy (8bit):3.9189893508090785
                Encrypted:false
                SSDEEP:
                MD5:4F96813198E9551E1EC0A0B4BC316944
                SHA1:D129113313518E459E7D537F9AC189DA2552A542
                SHA-256:8620E8321F70DBB08F3222FFCDFA0235D78EE1C67097759A77DC7C60FAAE9E12
                SHA-512:C1B6DA15FB678E6E13B37542D4ADF9CEE127546C72BE1FDCC449C52336D0A5E1683D768BA2AB783FCCD3B458477E8072EC7EBEBCC5AE8223CA32C7F49E2DEDA8
                Malicious:false
                Reputation:unknown
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".v.W.R.5.y.j.4.5.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.a.+.m.S.2.O.

                C:\Users\user\AppData\Local\Temp\3d0c7d75-c7b0-4137-ad24-064a04e32800.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:PNG image data, 1030 x 92, 8-bit colormap, non-interlaced
                Category:dropped
                Size (bytes):14895
                Entropy (8bit):7.881158586930481
                Encrypted:false
                SSDEEP:
                MD5:DE5C9479002D51462D3B992E48982780
                SHA1:C1B581169AA13F07DEFB6D59DF2DF131EE6A4D98
                SHA-256:73592FDA193BF41D0AB49A4BEA0275CEC9E2B2605D4E06996252008FD9289AC2
                SHA-512:6270664EEB2EFEF66BF9CE235026F45D0E23697E5FC7DBC788ECFB2E053A3F765510AD44EC899C1377673A8EA2DAC9139B36F0E61DAEEF8CB95B90E7ADBA2858
                Malicious:false
                Reputation:unknown
                Preview:.PNG........IHDR.......\.......Gi...gPLTE.........wxzvwy.J.vvw.P.wwy.K.~y... `.wwz....Q.......)J.vvzrvv.......J.......wwzuwv...DDD.T.uwx.......K.................I.CCCvwx9..xzz.K...I..V.7.................O........K..Y....#d.".....vwy.T..l.PWQ!..DDDfff.l.0..DDD.........!\.............E...4..K.....4....DDD....Q....vxzDDD.....b:.....fff"....=?..$e.6...6."i..J?...DDD....5....C...B......$g...3....!\.......#d.C...}..x..n..sm.\..W..........wxz.J..........413......DDD.e".......?.4....qqq$d.......9...m."..7...N.9...T..l.5..1t.3{.&Z.2..6..!\.'o.7.....5..)..U.....K..fffG.....Q..C...R.<...Y..K....?...U..D...X.vw.....f...n..6W..m._R.t..K..#....d?.~H...........tRNS.ML... `..`..`]1..@ .. ..0A.@...pA. ..yp.P../ ...B-.......A....`.G....p.r^.C...pj..`!..p.......?.....pcA.......BN....[..:....$.IDATx...o.E......ZNl#..8...e7..EJC.Q0"...B...B$... Z....+V%....JU.SH9T.J..PP.8.O.......gS..o.wgvv.x.}..Q4.:.:...#U..O....cZ.<=x....2.\8t....|..M..,tp*..-.$.J..|.d..H..j...(.\...M-.G.W...

                C:\Users\user\AppData\Local\Temp\5feb1dba-07a3-4da2-b6c0-a53649c4cdac.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                Category:dropped
                Size (bytes):103469
                Entropy (8bit):7.5851113512003785
                Encrypted:false
                SSDEEP:
                MD5:37CF67E6E5D3AE47CF40406A1E8BE94F
                SHA1:2A6F868ADC761DB9C03869E238BEA0D67D1FE6CE
                SHA-256:B4B4DBE335296D0CCF9C659D671A54C2FA06F8B4E41228CF03E1D21F7C8F9D03
                SHA-512:51F2C8B56592237378BE92C3EFCD814FC3E144120D109B15A7341AB03F9674251EE8B21BB172E6E021100F4EF792A5114D5B94F86EE0B157FD3386975BEC94CD
                Malicious:false
                Reputation:unknown
                Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                C:\Users\user\AppData\Local\Temp\8a7ae3e8-f6f3-4b5f-bd34-20b0905adb90.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:Google Chrome extension, version 3
                Category:dropped
                Size (bytes):135800
                Entropy (8bit):7.812168460141414
                Encrypted:false
                SSDEEP:
                MD5:E2D2F826A2253DA9DA88FAEA320734DB
                SHA1:17B24A01C01485399600196B6AA68456F070942F
                SHA-256:E59D727AD2F2EA2612506AF5418A2EBF5974F16F7AAA9F7497BC92D75A451624
                SHA-512:AD0686DAB396D77CBF6A39628ACA8A712793257232EAF43E4CD27A27B32A7411FD2755BCBD92D3A9A7ACF32B0E7974AC65FBC5B28615D91F48558ACAC7AF767D
                Malicious:false
                Reputation:unknown
                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........K..A9..(....-.U..O.w...!....1..!..<.....^..Z.v%....ch...*..K..........I^....TS......2.=WqD...^U&s&.nw.+.!..u.4..;...oc.8...mkGJ..-.?.. b6Ktn.i.'a.Kw.^..........sT.n....2...2..o(..}h. I.H.'.5.n.O.....c..R&...N..=tX...A.$,...~y..................[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. gJ...{@U.a.....V..n.l.q...wG.;. ..../.d.~......._..26F...O..".%............mo.:......<[.......`......G..`....4..........p8.T.6...Z...._..CV...2..k../?....[..........q...J....c.?...C.T.\..W.)L...6R..K.V.....%...O..^DrxA..6.<..S.H.qh....:l.y..{.n"./...=.N-..%....9.K..?Sv./...,E.....q.4&....1bp.....uyG.....B@

                C:\Users\user\AppData\Local\Temp\cv_debug.log

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1420
                Entropy (8bit):5.410845086686578
                Encrypted:false
                SSDEEP:
                MD5:BA69DEF663C1F0AAF9DCC0918E1FC6E1
                SHA1:F25D3AABA8F4921C158916A87F853AA28D2101C2
                SHA-256:23286C470DA04C83E7DB2AFE32456A71E3EDCB9183ACD5F856D1F7377EF3265C
                SHA-512:7FC71B8918B0C168C7AD4A5A857D2CA4F4AB8975B0D5C19C9A9DE3AD42B84126FE541FD40420E1573C0791B8433F70202629BC4B4A6590269344AE18E0E67090
                Malicious:false
                Reputation:unknown
                Preview:{"logTime": "1006/090722", "correlationVector":"rmkayOhJfEabcRCB2/Bp31","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"jqHPV/yTVN5KYgOfDN/5Rr","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/090722", "correlationVector":"25C1A0EE3BD244A1BB83CF2641B12F1A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093120", "correlationVector":"a/GaihlkzouX6tpAQ3civy","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093121", "correlationVector":"2831F27CA5B645488E2DF2452C16A59E","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093243", "correlationVector":"7DhT8FK3VbHYWFgub0ZtsN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093243", "correlationVector":"83EFC8979E1A419495133BAFAFA5A23F","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/093745", "correlationVector":"Bxyvid0fodNJ7Wehc/BC7P","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/093746", "correlationVector":"B1516CBB

                C:\Users\user\AppData\Local\Temp\fefdcf00-b13a-47de-baa4-da6fbea2129a.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:Google Chrome extension, version 3
                Category:dropped
                Size (bytes):11185
                Entropy (8bit):7.951995436832936
                Encrypted:false
                SSDEEP:
                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                Malicious:false
                Reputation:unknown
                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_568224425\CRX_INSTALL\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1753
                Entropy (8bit):5.8889033066924155
                Encrypted:false
                SSDEEP:
                MD5:738E757B92939B24CDBBD0EFC2601315
                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                Malicious:false
                Reputation:unknown
                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_568224425\CRX_INSTALL\content.js

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                Category:dropped
                Size (bytes):9815
                Entropy (8bit):6.1716321262973315
                Encrypted:false
                SSDEEP:
                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                Malicious:false
                Reputation:unknown
                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_568224425\CRX_INSTALL\content_new.js

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                Category:dropped
                Size (bytes):10388
                Entropy (8bit):6.174387413738973
                Encrypted:false
                SSDEEP:
                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                Malicious:false
                Reputation:unknown
                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_568224425\CRX_INSTALL\manifest.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):5.698567446030411
                Encrypted:false
                SSDEEP:
                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                Malicious:false
                Reputation:unknown
                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\128.png

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                Category:dropped
                Size (bytes):4982
                Entropy (8bit):7.929761711048726
                Encrypted:false
                SSDEEP:
                MD5:913064ADAAA4C4FA2A9D011B66B33183
                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                Malicious:false
                Reputation:unknown
                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\af\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):908
                Entropy (8bit):4.512512697156616
                Encrypted:false
                SSDEEP:
                MD5:12403EBCCE3AE8287A9E823C0256D205
                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\am\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1285
                Entropy (8bit):4.702209356847184
                Encrypted:false
                SSDEEP:
                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                SHA1:58979859B28513608626B563138097DC19236F1F
                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ar\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):4.5533961615623735
                Encrypted:false
                SSDEEP:
                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\az\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):977
                Entropy (8bit):4.867640976960053
                Encrypted:false
                SSDEEP:
                MD5:9A798FD298008074E59ECC253E2F2933
                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\be\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):3107
                Entropy (8bit):3.535189746470889
                Encrypted:false
                SSDEEP:
                MD5:68884DFDA320B85F9FC5244C2DD00568
                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\bg\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1389
                Entropy (8bit):4.561317517930672
                Encrypted:false
                SSDEEP:
                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\bn\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1763
                Entropy (8bit):4.25392954144533
                Encrypted:false
                SSDEEP:
                MD5:651375C6AF22E2BCD228347A45E3C2C9
                SHA1:109AC3A912326171D77869854D7300385F6E628C
                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ca\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):930
                Entropy (8bit):4.569672473374877
                Encrypted:false
                SSDEEP:
                MD5:D177261FFE5F8AB4B3796D26835F8331
                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\cs\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):913
                Entropy (8bit):4.947221919047
                Encrypted:false
                SSDEEP:
                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\cy\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):806
                Entropy (8bit):4.815663786215102
                Encrypted:false
                SSDEEP:
                MD5:A86407C6F20818972B80B9384ACFBBED
                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\da\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):883
                Entropy (8bit):4.5096240460083905
                Encrypted:false
                SSDEEP:
                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\de\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1031
                Entropy (8bit):4.621865814402898
                Encrypted:false
                SSDEEP:
                MD5:D116453277CC860D196887CEC6432FFE
                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\el\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1613
                Entropy (8bit):4.618182455684241
                Encrypted:false
                SSDEEP:
                MD5:9ABA4337C670C6349BA38FDDC27C2106
                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\en\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):851
                Entropy (8bit):4.4858053753176526
                Encrypted:false
                SSDEEP:
                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\en_GB\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):848
                Entropy (8bit):4.494568170878587
                Encrypted:false
                SSDEEP:
                MD5:3734D498FB377CF5E4E2508B8131C0FA
                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\en_US\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1425
                Entropy (8bit):4.461560329690825
                Encrypted:false
                SSDEEP:
                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                Malicious:false
                Reputation:unknown
                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\es\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):4.537633413451255
                Encrypted:false
                SSDEEP:
                MD5:F61916A206AC0E971CDCB63B29E580E3
                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\es_419\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):4.570019855018913
                Encrypted:false
                SSDEEP:
                MD5:535331F8FB98894877811B14994FEA9D
                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\et\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):968
                Entropy (8bit):4.633956349931516
                Encrypted:false
                SSDEEP:
                MD5:64204786E7A7C1ED9C241F1C59B81007
                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\eu\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):838
                Entropy (8bit):4.4975520913636595
                Encrypted:false
                SSDEEP:
                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\fa\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1305
                Entropy (8bit):4.673517697192589
                Encrypted:false
                SSDEEP:
                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\fi\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):911
                Entropy (8bit):4.6294343834070935
                Encrypted:false
                SSDEEP:
                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\fil\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):939
                Entropy (8bit):4.451724169062555
                Encrypted:false
                SSDEEP:
                MD5:FCEA43D62605860FFF41BE26BAD80169
                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\fr\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):977
                Entropy (8bit):4.622066056638277
                Encrypted:false
                SSDEEP:
                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\fr_CA\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):972
                Entropy (8bit):4.621319511196614
                Encrypted:false
                SSDEEP:
                MD5:6CAC04BDCC09034981B4AB567B00C296
                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\gl\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):990
                Entropy (8bit):4.497202347098541
                Encrypted:false
                SSDEEP:
                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\gu\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1658
                Entropy (8bit):4.294833932445159
                Encrypted:false
                SSDEEP:
                MD5:BC7E1D09028B085B74CB4E04D8A90814
                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\hi\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1672
                Entropy (8bit):4.314484457325167
                Encrypted:false
                SSDEEP:
                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\hr\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):935
                Entropy (8bit):4.6369398601609735
                Encrypted:false
                SSDEEP:
                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\hu\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1065
                Entropy (8bit):4.816501737523951
                Encrypted:false
                SSDEEP:
                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\hy\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2771
                Entropy (8bit):3.7629875118570055
                Encrypted:false
                SSDEEP:
                MD5:55DE859AD778E0AA9D950EF505B29DA9
                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\id\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):858
                Entropy (8bit):4.474411340525479
                Encrypted:false
                SSDEEP:
                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\is\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):954
                Entropy (8bit):4.6457079159286545
                Encrypted:false
                SSDEEP:
                MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\it\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):899
                Entropy (8bit):4.474743599345443
                Encrypted:false
                SSDEEP:
                MD5:0D82B734EF045D5FE7AA680B6A12E711
                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\iw\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2230
                Entropy (8bit):3.8239097369647634
                Encrypted:false
                SSDEEP:
                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ja\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):5.292894989863142
                Encrypted:false
                SSDEEP:
                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ka\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):3264
                Entropy (8bit):3.586016059431306
                Encrypted:false
                SSDEEP:
                MD5:83F81D30913DC4344573D7A58BD20D85
                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\kk\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):3235
                Entropy (8bit):3.6081439490236464
                Encrypted:false
                SSDEEP:
                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\km\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):3122
                Entropy (8bit):3.891443295908904
                Encrypted:false
                SSDEEP:
                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\kn\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1895
                Entropy (8bit):4.28990403715536
                Encrypted:false
                SSDEEP:
                MD5:38BE0974108FC1CC30F13D8230EE5C40
                SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ko\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):5.3945675025513955
                Encrypted:false
                SSDEEP:
                MD5:F3E59EEEB007144EA26306C20E04C292
                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\lo\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2535
                Entropy (8bit):3.8479764584971368
                Encrypted:false
                SSDEEP:
                MD5:E20D6C27840B406555E2F5091B118FC5
                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\lt\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1028
                Entropy (8bit):4.797571191712988
                Encrypted:false
                SSDEEP:
                MD5:970544AB4622701FFDF66DC556847652
                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\lv\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):994
                Entropy (8bit):4.700308832360794
                Encrypted:false
                SSDEEP:
                MD5:A568A58817375590007D1B8ABCAEBF82
                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ml\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2091
                Entropy (8bit):4.358252286391144
                Encrypted:false
                SSDEEP:
                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\mn\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2778
                Entropy (8bit):3.595196082412897
                Encrypted:false
                SSDEEP:
                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\mr\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1719
                Entropy (8bit):4.287702203591075
                Encrypted:false
                SSDEEP:
                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ms\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):936
                Entropy (8bit):4.457879437756106
                Encrypted:false
                SSDEEP:
                MD5:7D273824B1E22426C033FF5D8D7162B7
                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\my\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):3830
                Entropy (8bit):3.5483353063347587
                Encrypted:false
                SSDEEP:
                MD5:342335A22F1886B8BC92008597326B24
                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ne\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1898
                Entropy (8bit):4.187050294267571
                Encrypted:false
                SSDEEP:
                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\nl\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):914
                Entropy (8bit):4.513485418448461
                Encrypted:false
                SSDEEP:
                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\no\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):878
                Entropy (8bit):4.4541485835627475
                Encrypted:false
                SSDEEP:
                MD5:A1744B0F53CCF889955B95108367F9C8
                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\pa\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2766
                Entropy (8bit):3.839730779948262
                Encrypted:false
                SSDEEP:
                MD5:97F769F51B83D35C260D1F8CFD7990AF
                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\pl\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):978
                Entropy (8bit):4.879137540019932
                Encrypted:false
                SSDEEP:
                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\pt_BR\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):907
                Entropy (8bit):4.599411354657937
                Encrypted:false
                SSDEEP:
                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\pt_PT\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):914
                Entropy (8bit):4.604761241355716
                Encrypted:false
                SSDEEP:
                MD5:0963F2F3641A62A78B02825F6FA3941C
                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ro\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):937
                Entropy (8bit):4.686555713975264
                Encrypted:false
                SSDEEP:
                MD5:BED8332AB788098D276B448EC2B33351
                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ru\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1337
                Entropy (8bit):4.69531415794894
                Encrypted:false
                SSDEEP:
                MD5:51D34FE303D0C90EE409A2397FCA437D
                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\si\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2846
                Entropy (8bit):3.7416822879702547
                Encrypted:false
                SSDEEP:
                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\sk\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):934
                Entropy (8bit):4.882122893545996
                Encrypted:false
                SSDEEP:
                MD5:8E55817BF7A87052F11FE554A61C52D5
                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\sl\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):4.6041913416245
                Encrypted:false
                SSDEEP:
                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\sr\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1320
                Entropy (8bit):4.569671329405572
                Encrypted:false
                SSDEEP:
                MD5:7F5F8933D2D078618496C67526A2B066
                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\sv\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):884
                Entropy (8bit):4.627108704340797
                Encrypted:false
                SSDEEP:
                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\sw\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):4.50673686618174
                Encrypted:false
                SSDEEP:
                MD5:D0579209686889E079D87C23817EDDD5
                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ta\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1941
                Entropy (8bit):4.132139619026436
                Encrypted:false
                SSDEEP:
                MD5:DCC0D1725AEAEAAF1690EF8053529601
                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\te\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1969
                Entropy (8bit):4.327258153043599
                Encrypted:false
                SSDEEP:
                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\th\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1674
                Entropy (8bit):4.343724179386811
                Encrypted:false
                SSDEEP:
                MD5:64077E3D186E585A8BEA86FF415AA19D
                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\tr\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1063
                Entropy (8bit):4.853399816115876
                Encrypted:false
                SSDEEP:
                MD5:76B59AAACC7B469792694CF3855D3F4C
                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\uk\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1333
                Entropy (8bit):4.686760246306605
                Encrypted:false
                SSDEEP:
                MD5:970963C25C2CEF16BB6F60952E103105
                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\ur\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1263
                Entropy (8bit):4.861856182762435
                Encrypted:false
                SSDEEP:
                MD5:8B4DF6A9281333341C939C244DDB7648
                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\vi\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1074
                Entropy (8bit):5.062722522759407
                Encrypted:false
                SSDEEP:
                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\zh_CN\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):879
                Entropy (8bit):5.7905809868505544
                Encrypted:false
                SSDEEP:
                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\zh_HK\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1205
                Entropy (8bit):4.50367724745418
                Encrypted:false
                SSDEEP:
                MD5:524E1B2A370D0E71342D05DDE3D3E774
                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\zh_TW\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):843
                Entropy (8bit):5.76581227215314
                Encrypted:false
                SSDEEP:
                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                Malicious:false
                Reputation:unknown
                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_locales\zu\messages.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):912
                Entropy (8bit):4.65963951143349
                Encrypted:false
                SSDEEP:
                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                Malicious:false
                Reputation:unknown
                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\_metadata\verified_contents.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):11280
                Entropy (8bit):5.753540530582996
                Encrypted:false
                SSDEEP:
                MD5:3B2ADA9A6C4A36317B9F2FD4DC477286
                SHA1:AAA98236263AF2E89EC656FB77C1CE6109A0C406
                SHA-256:D65B75256E92E254A2901FC8B098B085BACDE8C8B4573D62A767685C99CF4E13
                SHA-512:9999147C4A20D03E11E2493FC74BA6EF4BDE16F173E66A9E32D4E1AC136BFA205C64FD43349FBEA07FFCBC855BF07CF2D15B1F274CA80B1BFC8463F6AA4AB2F1
                Malicious:false
                Reputation:unknown
                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\dasherSettingSchema.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):854
                Entropy (8bit):4.284628987131403
                Encrypted:false
                SSDEEP:
                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                Malicious:false
                Reputation:unknown
                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\manifest.json

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2525
                Entropy (8bit):5.417733522687455
                Encrypted:false
                SSDEEP:
                MD5:82C1E68CE5BC74836539190CC694B1D8
                SHA1:E600E8B60478DA55D39D89EDBA5F60BD6C305EDC
                SHA-256:D2E1293ADB0B65ACA5128C17ACC307909DA5472118D15D27114E7606966411CD
                SHA-512:CA5BB920C7E8FC729EDFA1926CB200A3AC1136C748C8B4C35F3B765FC2EB76D3CB0F6E8FC7F4B547136DDAE00A65BD1DE60ACBB52C8EE69DCA58F06FBE83C3C0
                Malicious:false
                Reputation:unknown
                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\offscreendocument.html

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:HTML document, ASCII text
                Category:dropped
                Size (bytes):97
                Entropy (8bit):4.862433271815736
                Encrypted:false
                SSDEEP:
                MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                Malicious:false
                Reputation:unknown
                Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\offscreendocument_main.js

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (3700)
                Category:dropped
                Size (bytes):95559
                Entropy (8bit):5.406118145711936
                Encrypted:false
                SSDEEP:
                MD5:67381D084AEE4867CBCC3AF7318D6397
                SHA1:97930142424414C431417E87DB916E74D5F76BCB
                SHA-256:DD2AE861331E64CDB52CB96BC907F570F9D092F16665BD4E9B08737642F99667
                SHA-512:5BBD4E64151159384E5B6EC3B8062D7664E6E64C5AB372DCA28393D85905F18719C0830A02182A8042243C6EDC4D60C141C3C3BB6E4F5CDDA01BA84EB08100AB
                Malicious:false
                Reputation:unknown
                Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\page_embed_script.js

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (337)
                Category:dropped
                Size (bytes):338
                Entropy (8bit):4.672548006448335
                Encrypted:false
                SSDEEP:
                MD5:DB5BCE8EA2BD54C070ED20C4A6375334
                SHA1:A34210E996527FF7E0EDD2196928BA315051191E
                SHA-256:BB441AA10157F7251798B1CF89A46BDC314A0A78E20B1F30613ED8DA5297D916
                SHA-512:A4F8AB801290EB5366314856AEC151412AF68E2C3FA88D20BC717616E3546B4D0C5A8221DA79CB66B5C6D405968328629774A2E70BF3B3710C1AC4A01A003319
                Malicious:false
                Reputation:unknown
                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;window._docs_chrome_extension_version="1.81.0";}).call(this);.

                C:\Users\user\AppData\Local\Temp\scoped_dir7080_578824436\CRX_INSTALL\service_worker_bin_prod.js

                Download File
                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                File Type:ASCII text, with very long lines (3705)
                Category:dropped
                Size (bytes):104596
                Entropy (8bit):5.385504551355741
                Encrypted:false
                SSDEEP:
                MD5:A9BDEDDFD309A1901CF146424F10C0EE
                SHA1:2859F6D2C6624CDCD60357D1874016B5228DE47A
                SHA-256:6D00D7DFF15286E5299ECE90B215B0AA280666EE95E10BE250798E5624C13D4A
                SHA-512:0E6462D83CE8511924FC2F046185F800C931C71D385C0B8536469E11AE2A5A67BCC22D02858202C1F6E88D8CD5BC911292E36F2F51E39BFFB722AF48C1B449AF
                Malicious:false
                Reputation:unknown
                Preview:'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):5.70101327171199
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                • Win32 Executable (generic) a (10002005/4) 49.78%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Generic Win/DOS Executable (2004/3) 0.01%
                • DOS Executable Generic (2002/1) 0.01%
                File name:HP Service File Loader.exe
                File size:163'840 bytes
                MD5:3861c6c41df7d15d33bdd19fc717f763
                SHA1:6489e0cee36472514cbe6510b69478440cf39945
                SHA256:b6c4c0fcd614dfca1a6a7e61a633196d0e55b5a9ecbb3cbfd57e7de03198670c
                SHA512:085f5692b0118f4d7cf6ea8cbe0dcce98aff705803eb6ee5ed323f0cf24e72aa7326c1fafb0e2e064373834f34b62011dea7ec419310ffe577ab99d533f3a8ef
                SSDEEP:3072:df+tpAVCn5SD6ILFMuQRtcfx3F1GMW0VyEPG:6XYD7L63RtWHP
                TLSH:0AF31745F3FC4506F8BE4B7A987399250576BD226C20CB5D09AC789E2D327C184A1FBB
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w.f..............0.................. ... ....@.. ....................................`................................

                File Icon

                Icon Hash:0ecfcd4d19cf6613

                Static PE Info

                General

                Entrypoint:0x421cb6
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x66DF779B [Mon Sep 9 22:32:59 2024 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                Entrypoint Preview

                Instruction
                jmp dword ptr [00402000h]
                sbb esp, dword ptr [3332312Dh]
                xor al, 35h
                pop eax
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x21c640x4f.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x7d78.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2a0000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x21b2c0x1c.text
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000x1fccc0x1fe00e6d5a0b60fd447ededd6a91251678617False0.4118642769607843OpenPGP Public Key Version 25.671581981391698IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rsrc0x220000x7d780x7e005877d8161674b431243211c30e869c98False0.4441344246031746data5.411532912660974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x2a0000xc0x200ac1d19424c31c9bbf4a7e2e9e07c58f6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_ICON0x222600x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.4036585365853659
                RT_ICON0x228d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.5147849462365591
                RT_ICON0x22bd00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.5368852459016393
                RT_ICON0x22dc80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.47297297297297297
                RT_ICON0x22f000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.591684434968017
                RT_ICON0x23db80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.6908844765342961
                RT_ICON0x246700x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.6042626728110599
                RT_ICON0x24d480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.24638728323699421
                RT_ICON0x252c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.40311203319502076
                RT_ICON0x278780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.5114915572232646
                RT_ICON0x289300x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.5688524590163935
                RT_ICON0x292c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.324468085106383
                RT_GROUP_ICON0x297400xaedata0.5977011494252874
                RT_VERSION0x298000x378data0.39864864864864863
                RT_MANIFEST0x29b880x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                Imports

                DLLImport
                mscoree.dll_CorExeMain