Create Interactive Tour

Windows Analysis Report http://checkip.dyndns.org

Overview

General Information

Sample URL:	http://checkip.dyndns.org
Analysis ID:	457396
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2492 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://checkip.dyndns.org' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6048 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11368793495184802417,8477967722688805842,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: checkip.dyndns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: checkip.dyndns.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://checkip.dyndns.org/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: Current Session.0.dr, History.0.dr	String found in binary or memory: http://checkip.dyndns.org/
Source: History Provider Cache.0.dr	String found in binary or memory: http://checkip.dyndns.org/2
Source: History.0.dr	String found in binary or memory: http://checkip.dyndns.org/Current
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://accounts.google.com
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://apis.google.com
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, cd2682de-6b1b-4b4e-b181-2f1bdcf3d73b.tmp.1.dr, 447e791b-b6e1-4d11-b9bf-342139c8d7bd.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: classification engine

Classification label: clean0.win@28/194@4/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6106499B-9BC.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\0958ab33-1235-41ad-b1f7-5f9902b33166.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://checkip.dyndns.org'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11368793495184802417,8477967722688805842,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11368793495184802417,8477967722688805842,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org	0%	Virustotal		Browse
http://checkip.dyndns.org	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
checkip.dyndns.com	0%	Virustotal		Browse
checkip.dyndns.org	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org/	0%	Virustotal		Browse
https://dns.google	0%	URL Reputation	safe
http://checkip.dyndns.org/Current	0%	Virustotal		Browse
http://checkip.dyndns.org/Current	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/2	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/favicon.ico	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	172.217.168.45	true	false		high
clients.l.google.com	172.217.16.142	true	false		high
googlehosted.l.googleusercontent.com	142.250.203.97	true	false		high
checkip.dyndns.com	193.122.130.0	true	false	0%, Virustotal, Browse	unknown
clients2.googleusercontent.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
checkip.dyndns.org	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	0%, Virustotal, Browse	unknown
http://checkip.dyndns.org/	false	0%, Virustotal, Browse	unknown
http://checkip.dyndns.org/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	false		high
https://dns.google	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, cd2682de-6b1b-4b4e-b181-2f1bdcf3d73b.tmp.1.dr, 447e791b-b6e1-4d11-b9bf-342139c8d7bd.tmp.1.dr	false	URL Reputation: safe	unknown
https://ogs.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	false		high
http://checkip.dyndns.org/Current	History.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/chromecast/troubleshooter/2995236	messages.json41.0.dr	false		high
https://play.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	false		high
https://accounts.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
http://checkip.dyndns.org/2	History Provider Cache.0.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com;	manifest.json0.0.dr	false	Avira URL Cloud: safe	low
https://support.google.com/chromecast/answer/2998456	messages.json41.0.dr	false		high
https://hangouts.google.com/	manifest.json0.0.dr	false		high
https://clients2.googleusercontent.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	false		high
https://apis.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr, manifest.json0.0.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://csp.withgoogle.com/csp/report-to/downloads-lorry	Reporting and NEL.1.dr	false	URL Reputation: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://clients2.google.com	010389fb-a734-4f8b-bc1d-272d302a337f.tmp.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.203.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.142	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	457396
Start date:	01.08.2021
Start time:	00:12:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://checkip.dyndns.org
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@28/194@4/7
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 13.88.21.125, 104.43.193.48, 52.255.188.83, 172.217.168.14, 74.125.8.72, 34.104.35.123, 172.217.168.67, 172.217.168.10, 172.217.168.42, 172.217.168.74, 142.250.203.106, 216.58.215.234, 20.82.210.154, 23.211.4.86, 40.112.88.60 Excluded domains from analysis (whitelisted): fs.microsoft.com, r3---sn-5hneknee.gvt1.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, clientservices.googleapis.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, www.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, redirector.gvt1.com, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net, r3.sn-5hneknee.gvt1.com Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\380bb07a-bf88-4676-887c-08bd37391332.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174648
Entropy (8bit):	6.078839071232448
Encrypted:	false
SSDEEP:	3072:ZFYvzhzJaLT+AaYtkGljDMIyt+ikt8cYRFcbXafIB0u1GOJmA3iuRX:XgDwTTKcjmQiE5Y/aqfIlUOoSiuRX
MD5:	A411597D8160D25384D03A5BB0B2F661
SHA1:	CFDDCABF160EE167E14203207E44BE056AE9FBCD
SHA-256:	D8074F35E0CEF130B97B222681183B496237A8B218F29CF6FE99E3A0E519D86B
SHA-512:	2EB5B15BA804CF0A3DDDCF6DFD5BD646F9551B1896616243262F496CDD4EFA9AF84FB9343E5ECDDBF9EB426005EF158956E08F3FFEAE313A7B8EF84383A1A81F
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.6278020155154e+12,"network":1.627769617e+12,"ticks":3713829605.0,"uncertainty":4323635.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\3c3b780e-4329-48e9-865e-3096c51f4892.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174648
Entropy (8bit):	6.078839071232448
Encrypted:	false
SSDEEP:	3072:ZFYvzhzJaLT+AaYtkGljDMIyt+ikt8cYRFcbXafIB0u1GOJmA3iuRX:XgDwTTKcjmQiE5Y/aqfIlUOoSiuRX
MD5:	A411597D8160D25384D03A5BB0B2F661
SHA1:	CFDDCABF160EE167E14203207E44BE056AE9FBCD
SHA-256:	D8074F35E0CEF130B97B222681183B496237A8B218F29CF6FE99E3A0E519D86B
SHA-512:	2EB5B15BA804CF0A3DDDCF6DFD5BD646F9551B1896616243262F496CDD4EFA9AF84FB9343E5ECDDBF9EB426005EF158956E08F3FFEAE313A7B8EF84383A1A81F
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.6278020155154e+12,"network":1.627769617e+12,"ticks":3713829605.0,"uncertainty":4323635.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\010389fb-a734-4f8b-bc1d-272d302a337f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0d7f3507-8f5b-457f-82ae-f10b4ca4ea0d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22594
Entropy (8bit):	5.535313578561214
Encrypted:	false
SSDEEP:	384:GP7tLLlBkXX1kXqKf/pUZNCgVLH2HfDkrURHG2nTKK6Dfw4LX:cLl8X1kXqKf/pUZNCgVLH2HfYrUFG2nc
MD5:	3D93CC8FC4076B3012BDD96106624A7D
SHA1:	6F1EB582DD466F63710315070086E5A8575BBEE8
SHA-256:	380B8F5AF1DC7833D56C3A54AA3DE866ECF574A41B8C45588D58C7A1333B37AD
SHA-512:	CAA0D00D1AE6FDB88DE52A9449B87A250FDEA2DBF9FA4A1FFBFC67A3F15219CBB3ED26187C13203557310AE0E4214D78E74605965515235EE10C8EACC6B63B83
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272275611582782","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\946ae938-e18d-4b47-9d30-0cb6b1e925c0.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.562929726222197
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXv27wUERUenHQ:YI6UUhVseKUewqPeUer2UefIwUIUenw
MD5:	BCC02EF8B6CCD7A02FAEC43181F17E3D
SHA1:	5D37AB7F4ED6D945B1258117484E896F3648EA40
SHA-256:	002499369433EA6B9EAEAC771CD7906CDF197896ED7E6286470095A999EB7C8D
SHA-512:	47D693ABF12A449B7B78004A10C5E2EEC16568243815771A3FFED94DFA952F1591A45C47818CCAE02B40C9E83C06F154B726A7A61529D1857EAD30FFE3BACE42
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1659338015.331332,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1627802015.331336},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\96993fbb-8ec9-48b3-a149-e96c90906f35.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.191017565958069
Encrypted:	false
SSDEEP:	6:mXvIq2PWXp+N23iKKdK9RXXTZIFUtpNVXZmwP+kwOWXp+N23iKKdK9RXX5LJ:UAva5Kk7XT2FUtpNVX/P+5f5Kk7XVJ
MD5:	2714D91A1179D68F3235ACA8B1DED0BB
SHA1:	69D8C6C7A0022F9A68D7BC4467E95013A736FEBB
SHA-256:	13F4AD4C566AB15D923B0F3E5BA56930D5E9F6E541875E37E45397985F529CA6
SHA-512:	26272FC727C41FB03AB057F861DBF54E4906B09AA2E752919E4345E854B14A09C458936C0DBEFEB0A22C7B9ED45D83B1A07B5705AE3ABD7FF0EBBFF61F4A211C
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.672 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/01-00:13:37.673 13c0 Recovering log #3.2021/08/01-00:13:37.674 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.191017565958069
Encrypted:	false
SSDEEP:	6:mXvIq2PWXp+N23iKKdK9RXXTZIFUtpNVXZmwP+kwOWXp+N23iKKdK9RXX5LJ:UAva5Kk7XT2FUtpNVX/P+5f5Kk7XVJ
MD5:	2714D91A1179D68F3235ACA8B1DED0BB
SHA1:	69D8C6C7A0022F9A68D7BC4467E95013A736FEBB
SHA-256:	13F4AD4C566AB15D923B0F3E5BA56930D5E9F6E541875E37E45397985F529CA6
SHA-512:	26272FC727C41FB03AB057F861DBF54E4906B09AA2E752919E4345E854B14A09C458936C0DBEFEB0A22C7B9ED45D83B1A07B5705AE3ABD7FF0EBBFF61F4A211C
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.672 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/01-00:13:37.673 13c0 Recovering log #3.2021/08/01-00:13:37.674 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.176085095055311
Encrypted:	false
SSDEEP:	6:mTBjFIq2PWXp+N23iKKdKyDZIFUtpaaDZmwPaaZkwOWXp+N23iKKdKyJLJ:KJFIva5Kk02FUtpaaD/PaaZ5f5KkWJ
MD5:	113501E2E6FBEA7BAB9D180A025329D4
SHA1:	72FD864B3448E486254D85D7045BFC59FA921CC8
SHA-256:	9C523861CECC20F9A527086E411148AA5274FA1313F341CEC37DEE31B87EE595
SHA-512:	B40A6C163F01817DC2C2E05352C99EBB4D24F763A3A627C7FF10E18B0B108ED9FDB4BC7A3CD542ABB826F98CFFF5D5D0A5DBA1E1FA01CC5B427C2DCC1A296DB5
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.665 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/01-00:13:37.666 13c0 Recovering log #3.2021/08/01-00:13:37.666 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.176085095055311
Encrypted:	false
SSDEEP:	6:mTBjFIq2PWXp+N23iKKdKyDZIFUtpaaDZmwPaaZkwOWXp+N23iKKdKyJLJ:KJFIva5Kk02FUtpaaD/PaaZ5f5KkWJ
MD5:	113501E2E6FBEA7BAB9D180A025329D4
SHA1:	72FD864B3448E486254D85D7045BFC59FA921CC8
SHA-256:	9C523861CECC20F9A527086E411148AA5274FA1313F341CEC37DEE31B87EE595
SHA-512:	B40A6C163F01817DC2C2E05352C99EBB4D24F763A3A627C7FF10E18B0B108ED9FDB4BC7A3CD542ABB826F98CFFF5D5D0A5DBA1E1FA01CC5B427C2DCC1A296DB5
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.665 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/01-00:13:37.666 13c0 Recovering log #3.2021/08/01-00:13:37.666 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9685914143494523
Encrypted:	false
SSDEEP:	24:7cLgAZOZD/YJqLbJLbXaFpEO5bNmISHn06UwG8:78NOZYJq5LLOpEO5J/Kn7UR8
MD5:	7CADF4D70CA2C076D3468D22D864BC01
SHA1:	5CEFB1FBD0824DAB35864A938814BF7E845DD075
SHA-256:	7A0DE312391BBB2DC2AF2BF685AEBD8017A52DB8F54DB1C2A5EB6D4300B2A363
SHA-512:	98DC76AFA74A187D2C9E67AAEA3ABB129AB906B6CA1F1F7079A595D20F41A217F002B54762F9E4AD1B0C7347607457949CEEDF37EFDF36F4476366B06CCF2E01
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	933
Entropy (8bit):	3.1467989336445217
Encrypted:	false
SSDEEP:	12:3olydJhCR56Z3PlpxlpN8kIyTrlo/uZit4c21b5lptlpl:34S0z6dlrlAEloIi03lLlL
MD5:	4AE33292C833C66395244B9B4B8E332F
SHA1:	E705BDC82AD47549DC5C68895C22E567082964AE
SHA-256:	9AF26D8CAA16317181B64E4A02812569699B1D34DC3E3824AD24F0047AB8824E
SHA-512:	FF2B1C2B246E66373841D9440CC6F8A07C9E53FE618771E2B345D04862B519F8076FE250A8C2F89F7D78F4E4DEBCF8643523D2E31CA8214F9662780ECE7E687E
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...3830212d_9c6f_4ae8_b391_4162a4773f56........................#.................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............!..................http://checkip.dyndns.org/..................x...................................h.......`........................................................~.0z....~.0z...........................................<.......h.t.t.p.:././.c.h.e.c.k.i.p...d.y.n.d.n.s...o.r.g./.....................................8.......0.......8....................................................................... ...........................................................http://checkip.dyndns.org/.......dhy.'/..........................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.158678707378084
Encrypted:	false
SSDEEP:	6:mp+9+q2PWXp+N23iKKdK8aPrqIFUtpr2WZmwPr9VkwOWXp+N23iKKdK8amLJ:U+9+va5KkL3FUtprJ/Pr9V5f5KkQJ
MD5:	DA41816F567A8EE3827A2228D91D7328
SHA1:	307028B8D3DA9D101D31091D6DB56B70C33DCAE7
SHA-256:	DC030C87C887CCD2C518F627439E146A4341C5A56F3AAB0C0784F066B2046E02
SHA-512:	BD3E786BFB7BACD110B8F30BE77374D560B356DAA99131BF41AE86E4E18A450F207EA77EDF39DE0C175A98E3BAFA682729EB41E1DFA3A34E828407BF297E0C57
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.834 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/01-00:13:31.836 140c Recovering log #3.2021/08/01-00:13:31.836 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.158678707378084
Encrypted:	false
SSDEEP:	6:mp+9+q2PWXp+N23iKKdK8aPrqIFUtpr2WZmwPr9VkwOWXp+N23iKKdK8amLJ:U+9+va5KkL3FUtprJ/Pr9V5f5KkQJ
MD5:	DA41816F567A8EE3827A2228D91D7328
SHA1:	307028B8D3DA9D101D31091D6DB56B70C33DCAE7
SHA-256:	DC030C87C887CCD2C518F627439E146A4341C5A56F3AAB0C0784F066B2046E02
SHA-512:	BD3E786BFB7BACD110B8F30BE77374D560B356DAA99131BF41AE86E4E18A450F207EA77EDF39DE0C175A98E3BAFA682729EB41E1DFA3A34E828407BF297E0C57
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.834 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/01-00:13:31.836 140c Recovering log #3.2021/08/01-00:13:31.836 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.221792821332738
Encrypted:	false
SSDEEP:	6:mnqq2PWXp+N23iKKdK8NIFUtp6CZmwPyDFkwOWXp+N23iKKdK8+eLJ:7va5KkpFUtp6C/PyDF5f5KkqJ
MD5:	6E848CBD0CF02EDC1A3A3AA47AB0D15B
SHA1:	571F0F3663BE6F762B114590576A875740142F08
SHA-256:	486C5942117693ABFF78743BBF03FB94EAD011CA32BFDE2282B03211E2EE3C94
SHA-512:	830C82C577A968D0494FD8273C70CEDE4A6EB5D01C546E0AD393389E8B01A2E65C2618DE9504892160397D2A1F507403BB9C7349D9C2E26A5E569234FB8AFFA9
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:35.097 1474 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/01-00:13:35.098 1474 Recovering log #3.2021/08/01-00:13:35.099 1474 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old} (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.221792821332738
Encrypted:	false
SSDEEP:	6:mnqq2PWXp+N23iKKdK8NIFUtp6CZmwPyDFkwOWXp+N23iKKdK8+eLJ:7va5KkpFUtp6C/PyDF5f5KkqJ
MD5:	6E848CBD0CF02EDC1A3A3AA47AB0D15B
SHA1:	571F0F3663BE6F762B114590576A875740142F08
SHA-256:	486C5942117693ABFF78743BBF03FB94EAD011CA32BFDE2282B03211E2EE3C94
SHA-512:	830C82C577A968D0494FD8273C70CEDE4A6EB5D01C546E0AD393389E8B01A2E65C2618DE9504892160397D2A1F507403BB9C7349D9C2E26A5E569234FB8AFFA9
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:35.097 1474 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/01-00:13:35.098 1474 Recovering log #3.2021/08/01-00:13:35.099 1474 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.2427705262267805
Encrypted:	false
SSDEEP:	6:mnGvIq2PWXp+N23iKKdK25+Xqx8chI+IFUtpnZZmwPAkwOWXp+N23iKKdK25+Xqp:xIva5KkTXfchI3FUtpnZ/PA5f5KkTXfE
MD5:	A3D4CAFC78917060A780554D23377E00
SHA1:	795122C164ABEDB857800B671150DF2BC33EF67D
SHA-256:	582EA116EF60B3B12924C9841007D25B073DDCEB224238943363DD49DF3D03B0
SHA-512:	BC6CA3DBBF2D441452EAD375A54423059AAB52D81FE43C21F4956B734FE4E7D4974BBD269ACE316F10B21E5EEEF365324D9001002660D64E42E6B08D199B2E17
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.655 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/01-00:13:37.657 13c0 Recovering log #3.2021/08/01-00:13:37.658 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.2427705262267805
Encrypted:	false
SSDEEP:	6:mnGvIq2PWXp+N23iKKdK25+Xqx8chI+IFUtpnZZmwPAkwOWXp+N23iKKdK25+Xqp:xIva5KkTXfchI3FUtpnZ/PA5f5KkTXfE
MD5:	A3D4CAFC78917060A780554D23377E00
SHA1:	795122C164ABEDB857800B671150DF2BC33EF67D
SHA-256:	582EA116EF60B3B12924C9841007D25B073DDCEB224238943363DD49DF3D03B0
SHA-512:	BC6CA3DBBF2D441452EAD375A54423059AAB52D81FE43C21F4956B734FE4E7D4974BBD269ACE316F10B21E5EEEF365324D9001002660D64E42E6B08D199B2E17
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.655 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/01-00:13:37.657 13c0 Recovering log #3.2021/08/01-00:13:37.658 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.202166363250736
Encrypted:	false
SSDEEP:	6:mRYq2PWXp+N23iKKdK25+XuoIFUtpsZZmwP9kwOWXp+N23iKKdK25+XuxWLJ:jva5KkTXYFUtpA/P95f5KkTXHJ
MD5:	D68464A2515395C10C9AA4D816310760
SHA1:	B82AEAE7B2AD1F6C466189BBB8F86E764C2A8D7C
SHA-256:	9DAF29D4FB83B4E17751594D6C373A3DC1C0AA6077DB069FAD0601008D44B6F2
SHA-512:	41F8B3A863CA0FCB6C6E09EC2130010ADB115434D3F9914A89D2CEA143EF1B7FD1718A9312EC56E97D3FD9F7B8DA60CE604F722FBB88F8A95EF66837C3A52427
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.649 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/01-00:13:37.650 13c0 Recovering log #3.2021/08/01-00:13:37.651 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.202166363250736
Encrypted:	false
SSDEEP:	6:mRYq2PWXp+N23iKKdK25+XuoIFUtpsZZmwP9kwOWXp+N23iKKdK25+XuxWLJ:jva5KkTXYFUtpA/P95f5KkTXHJ
MD5:	D68464A2515395C10C9AA4D816310760
SHA1:	B82AEAE7B2AD1F6C466189BBB8F86E764C2A8D7C
SHA-256:	9DAF29D4FB83B4E17751594D6C373A3DC1C0AA6077DB069FAD0601008D44B6F2
SHA-512:	41F8B3A863CA0FCB6C6E09EC2130010ADB115434D3F9914A89D2CEA143EF1B7FD1718A9312EC56E97D3FD9F7B8DA60CE604F722FBB88F8A95EF66837C3A52427
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.649 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/01-00:13:37.650 13c0 Recovering log #3.2021/08/01-00:13:37.651 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.198401361871592
Encrypted:	false
SSDEEP:	6:mXNq2PWXp+N23iKKdKWT5g1IdqIFUtpYv+ZZmwPYv+zkwOWXp+N23iKKdKWT5g1L:ONva5Kkg5gSRFUtpt/Pf5f5Kkg5gS3SJ
MD5:	053D278728C58218FF3925B638F5F74D
SHA1:	93FB84F737453C9B4FFB5BAAF2D4FBA61DE99885
SHA-256:	52389DE2F8A0D6BDE8974EBF1EA442EB0C275564383EE5753306D0DF96D35F8F
SHA-512:	FEC36C89DE74D49481BD62E6173F3DC7286F4A79F92B8D30A665B2D1EC632505FE3C119CE6DAF009D72B3E68E6DF17A2F2EA5CC361153B5EE1ACF31A7B277743
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.626 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/01-00:13:37.640 13c0 Recovering log #3.2021/08/01-00:13:37.640 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old.d (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.198401361871592
Encrypted:	false
SSDEEP:	6:mXNq2PWXp+N23iKKdKWT5g1IdqIFUtpYv+ZZmwPYv+zkwOWXp+N23iKKdKWT5g1L:ONva5Kkg5gSRFUtpt/Pf5f5Kkg5gS3SJ
MD5:	053D278728C58218FF3925B638F5F74D
SHA1:	93FB84F737453C9B4FFB5BAAF2D4FBA61DE99885
SHA-256:	52389DE2F8A0D6BDE8974EBF1EA442EB0C275564383EE5753306D0DF96D35F8F
SHA-512:	FEC36C89DE74D49481BD62E6173F3DC7286F4A79F92B8D30A665B2D1EC632505FE3C119CE6DAF009D72B3E68E6DF17A2F2EA5CC361153B5EE1ACF31A7B277743
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.626 13c0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/01-00:13:37.640 13c0 Recovering log #3.2021/08/01-00:13:37.640 13c0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.09370312594552364
Encrypted:	false
SSDEEP:	6:l9bNFlqQCNa/lvCtBl5LMb2ow2Oo/lCxthiZ1c3AGCxC+/er1J0bv5L5:TL+A/jjNuQL2AGI/1T
MD5:	A3A787FDFAD9F9F7AA0ED54640C550B4
SHA1:	1923786C11A74094FA66DCCDEF8AFA0EDC9D838E
SHA-256:	E46079890747BAF61BD9B69A5213F32F44D1232988708D3B84B7D66179DF1D1C
SHA-512:	AFD6BBCBEE914CCC4D44C7B47CBC2039A2FFD67B0FA56748A9C16B74EB8EED696BBFD5658262BAA2B7303ADEBE94B979A59E8881C3D5A498941AE2D6BAE7BBDA
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	468
Entropy (8bit):	5.106013520709614
Encrypted:	false
SSDEEP:	12:s2h1grmBLLlXGEJidsfEC++En12eqLUERMBk778B/xgskJnTgB:s2h1grmNRGAiOff+9123Yg2Y78BJgskS
MD5:	65516852D010BE93B41A7E1A01E286B1
SHA1:	036EB173787657F402EC506D83324B7D2D196D54
SHA-256:	62E57F0DB836CE712A7DD26CE248CB343F23593BB1E542E9EF55DECEA013C750
SHA-512:	446D1F38252C29B9BD15CC42C621F3AABFCB09EB961D7603365ABCBEAF140F2ED91845A16D3D5F48032A4BA83A39DC3BC9C427B81AD9322377F5EF25DE38C0F8
Malicious:	false
Reputation:	low
Preview:	..........."2....check..checkip..current..dyndns..http..ip..orgN......check......checkip......current......dyndns......http......ip......org..2.........c..........d........e..........g........h..........i.........k.........n.........o........p..........r.........s........t.........u........y...:A.................................................................BR...N...... .......http://checkip.dyndns.org/2.Current IP Check:..............J..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	33356
Entropy (8bit):	0.04747596494984344
Encrypted:	false
SSDEEP:	6:1l0Cl7cl5/Fl1DlIrl3Dl5clpg9bNFlWCj/lqIhl3n:cHFSFUqLBj/dz3n
MD5:	A42D2C9FFB9C38483686898364360B0F
SHA1:	41E81DB7BD6D2A0A21CB4D1BA68D3C5473D50565
SHA-256:	67BA52E76C61AFB26E3FB911826D7975B2B2B9E3C9372D12B86674CA88240FB2
SHA-512:	16EE91146A31B9DC70AB57CDC6555DB24453B1F81203577C4BABD592E1448E0DCF3BA21FC675F76466AFF7E554B2A7814315E27D4F5F73FFF3DB6650089FA688
Malicious:	false
Reputation:	low
Preview:	............8...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	933
Entropy (8bit):	3.1467989336445217
Encrypted:	false
SSDEEP:	12:3olydJhCR56Z3PlpxlpN8kIyTrlo/uZit4c21b5lptlpl:34S0z6dlrlAEloIi03lLlL
MD5:	4AE33292C833C66395244B9B4B8E332F
SHA1:	E705BDC82AD47549DC5C68895C22E567082964AE
SHA-256:	9AF26D8CAA16317181B64E4A02812569699B1D34DC3E3824AD24F0047AB8824E
SHA-512:	FF2B1C2B246E66373841D9440CC6F8A07C9E53FE618771E2B345D04862B519F8076FE250A8C2F89F7D78F4E4DEBCF8643523D2E31CA8214F9662780ECE7E687E
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...3830212d_9c6f_4ae8_b391_4162a4773f56........................#.................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............!..................http://checkip.dyndns.org/..................x...................................h.......`........................................................~.0z....~.0z...........................................<.......h.t.t.p.:././.c.h.e.c.k.i.p...d.y.n.d.n.s...o.r.g./.....................................8.......0.......8....................................................................... ...........................................................http://checkip.dyndns.org/.......dhy.'/..........................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsd (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2954
Entropy (8bit):	5.475882948172282
Encrypted:	false
SSDEEP:	48:zqnxsGRl08Qna7PnMrq8dbD52G4bQSefgyNrS0U9RdiN9w:zQia7/Mddb12G4bQ5fgerS0S
MD5:	D223619D60300004A7FD2D6845805F06
SHA1:	6240F96B5F187EB993D052111EFF047452F2A2D2
SHA-256:	95220DA1F7A099D5E9ADC615C2B1C8AE50325280E2E0EF6FE021185B7DCAB1DC
SHA-512:	FF26F87E3C40CBE29190090805755FEDF29CE4F1B23EABC67274A8DD2E6A5B7C0282066CAD71F2CF236D9A53B8C6603011905AED10A6E7C6249FEF03F3A80DB7
Malicious:	false
Reputation:	low
Preview:	.:....*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..117351000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-08-01 00:13:39.26][INFO][mr.Init] MR instance ID: 3d9ed8c4-48bf-4662-be90-8ad563044483\n","[2021-08-01 00:13:39.26][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-08-01 00:13:39.26][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-08-01 00:13:39.26][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-08-01 00:13:39.26][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-08-01 00:13:39.26][INFO][mr.CastProvider] Query enabled: true\n","[2021-08-01 00:13:39.26][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.186825040022822
Encrypted:	false
SSDEEP:	6:mpjq2PWXp+N23iKKdK8a2jMGIFUtpT6JZmwPOtkwOWXp+N23iKKdK8a2jMmLJ:6va5Kk8EFUtp2J/POt5f5Kk8bJ
MD5:	D0861891227EE6DC9E9136931D6D54DD
SHA1:	B799E35B8430657F5A6FF3E695C52636F31ECF63
SHA-256:	24026C6C35B2CC31AB3F7CDF7A16B20ADADF4470C443F8AD8419FB5840D379CE
SHA-512:	61F6B71B98E8A0A1F8357714A7DCCFF5BB3A1195EE0AAF634932D82AEBC89086D22C6EB73E73438E58970982DF8458DF8665691EAC60A9402D71E37990B1AC1B
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.594 834 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:31.597 834 Recovering log #3.2021/08/01-00:13:31.603 834 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.186825040022822
Encrypted:	false
SSDEEP:	6:mpjq2PWXp+N23iKKdK8a2jMGIFUtpT6JZmwPOtkwOWXp+N23iKKdK8a2jMmLJ:6va5Kk8EFUtp2J/POt5f5Kk8bJ
MD5:	D0861891227EE6DC9E9136931D6D54DD
SHA1:	B799E35B8430657F5A6FF3E695C52636F31ECF63
SHA-256:	24026C6C35B2CC31AB3F7CDF7A16B20ADADF4470C443F8AD8419FB5840D379CE
SHA-512:	61F6B71B98E8A0A1F8357714A7DCCFF5BB3A1195EE0AAF634932D82AEBC89086D22C6EB73E73438E58970982DF8458DF8665691EAC60A9402D71E37990B1AC1B
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.594 834 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:31.597 834 Recovering log #3.2021/08/01-00:13:31.603 834 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent Statev (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.226467758107651
Encrypted:	false
SSDEEP:	6:mRqq2PWXp+N23iKKdKgXz4rRIFUtp6H9ZmwP6mPkwOWXp+N23iKKdKgXz4q8LJ:yqva5KkgXiuFUtp6H9/P6mP5f5KkgX2J
MD5:	BC0516E0D146A3D62A4213B87AD4B69B
SHA1:	0CAC4FD3174E729BCD69924B4C4DC461D358DC06
SHA-256:	1741CB84EC14F751594B91F79969B9A34B969E6842AB19D451E6339DA7942A10
SHA-512:	05830859ED239AFAA98D8A27E0134229D6C4682DE374F002A51996002C27D2423A124BABEF2A94AFC0ED503342A502892FF470AB6FCD835B1E877F162B55A465
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.859 1474 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:31.860 1474 Recovering log #3.2021/08/01-00:13:31.861 1474 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.226467758107651
Encrypted:	false
SSDEEP:	6:mRqq2PWXp+N23iKKdKgXz4rRIFUtp6H9ZmwP6mPkwOWXp+N23iKKdKgXz4q8LJ:yqva5KkgXiuFUtp6H9/P6mP5f5KkgX2J
MD5:	BC0516E0D146A3D62A4213B87AD4B69B
SHA1:	0CAC4FD3174E729BCD69924B4C4DC461D358DC06
SHA-256:	1741CB84EC14F751594B91F79969B9A34B969E6842AB19D451E6339DA7942A10
SHA-512:	05830859ED239AFAA98D8A27E0134229D6C4682DE374F002A51996002C27D2423A124BABEF2A94AFC0ED503342A502892FF470AB6FCD835B1E877F162B55A465
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.859 1474 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:31.860 1474 Recovering log #3.2021/08/01-00:13:31.861 1474 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5715
Entropy (8bit):	5.189195750171625
Encrypted:	false
SSDEEP:	96:noCdPtMg0rYgOcKIVok0JCKL8VxkZ1sbOTQVuwn:noCDMBOc24KgxkZY
MD5:	6E22C72D9E2479D7C32A1EA914C9FBC0
SHA1:	6449AF320933A9E6D7A797672350A22407CA999C
SHA-256:	0C6B9E018D81451105A426CE4411668311FB6EBF9748F02D1099983C656CE4FC
SHA-512:	D12D967D8C21FEBA7EFF8332908E337A1197F8DAA31793AA3D634987906462D65CF6DDF726CE4F1DE78EC3E175BE2626F3C58849217FA10567430098CCB39A38
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272275611808681","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	modified
Size (bytes):	20480
Entropy (8bit):	1.0019841477262315
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGURT1kN3:wIElwQF8mpcSdJK3
MD5:	90784973FD7BC319C12427222C1175C1
SHA1:	C742A3FEFF3C1D6BFBA2880F6E1395D679A9B092
SHA-256:	957046C9659BF3C315DC7A7F1E58DA2B9B5ECF400F5BE296C6448D794030DDB5
SHA-512:	3EC80F99FFB922BD512BE0BE9222078989565307754B45FFD0F6D267A6EC54DB35F7DE567D6B82E70942A5CDF9829B7B8235C446FD88A354E9BE8273F560AA26
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	21044
Entropy (8bit):	0.8265079133232883
Encrypted:	false
SSDEEP:	48:x4qkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUS6:x4hIElwQF8mpcSz
MD5:	948DA564D7C068078A706AB46D116EF7
SHA1:	C1D7699DF1A709217321E6E133D130DEFB767393
SHA-256:	6A1E21CC3E3F07E7E80F369AD8907FF12DC48BBFC8C6D35916CD7C58DF01EAFA
SHA-512:	5BD1BCB016D79F271491B1C852B2F0CB7FE9EAC12BE6D9F3A9B16FD7F6EC33BFB1009CF4C4AEEF2B4B06945E508D72F2F8B2F317AA0C7684B2283C3129F7F740
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences/ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22594
Entropy (8bit):	5.535313578561214
Encrypted:	false
SSDEEP:	384:GP7tLLlBkXX1kXqKf/pUZNCgVLH2HfDkrURHG2nTKK6Dfw4LX:cLl8X1kXqKf/pUZNCgVLH2HfYrUFG2nc
MD5:	3D93CC8FC4076B3012BDD96106624A7D
SHA1:	6F1EB582DD466F63710315070086E5A8575BBEE8
SHA-256:	380B8F5AF1DC7833D56C3A54AA3DE866ECF574A41B8C45588D58C7A1333B37AD
SHA-512:	CAA0D00D1AE6FDB88DE52A9449B87A250FDEA2DBF9FA4A1FFBFC67A3F15219CBB3ED26187C13203557310AE0E4214D78E74605965515235EE10C8EACC6B63B83
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272275611582782","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferenceswe (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.53563292686082
Encrypted:	false
SSDEEP:	384:GP7teLlBkXX1kXqKf/pUZNCgVLH2HfDkrURHGhnTfK6xfw4s:rLl8X1kXqKf/pUZNCgVLH2HfYrUFGhn2
MD5:	54FD3F5C19146AB45E0111C394E6758A
SHA1:	09C7F20198E9B691BF9EF6E461E5C39E4B713A16
SHA-256:	60372093F4B0E8A1CD604957ABCB8D67E80A0F6E558ECE25C7985D12BF7D5CED
SHA-512:	7367111B840B7B40E0329D0A5E2EFE53451672F6A73062FBD370A05E591F2214D4BA3482C3051991373D9217B72959B68E76BBE0AC802B68EE431E814A7DF707
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272275611582782","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljljl:5ljljljljljl
MD5:	1B4FA89099996CE3C9E5A0A9768230E8
SHA1:	9026E1E0906E3B3FE0E414EE814CC5A042807A04
SHA-256:	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
SHA-512:	4279C9380ACC5AB329EC6BCDA10CCF0A7437CEF63845B63E741CE517042CFE83340D2D362DD6B9E039BF55E61F484CCF72B8FD8477D1D0292E0B879CB949461B
Malicious:	false
Reputation:	low
Preview:	..&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.1225030547176225
Encrypted:	false
SSDEEP:	6:mJW9+q2PWXp+N23iKKdKrQMxIFUtpU5ZmwPnFNVkwOWXp+N23iKKdKrQMFLJ:iW4va5KkCFUtpU/PnF5f5KktJ
MD5:	D675C7C0E0D646BA2C34A3E054A5CC9D
SHA1:	564FBCAD556ADCD06EE016025C1F1B54F200DB91
SHA-256:	5073538FEC0CEA3574FDFBED2D07D379CAEC5FAFA1E0EA1F0993E47E71850827
SHA-512:	D9164B65DE81B44A60AC00CF521272E4F5A8D0113DF0D1C945C6E104853F9E49BB16313698E8691AC2B2A2C80BC5F726EDCC662202855C6CBBCBAF2F29D2D035
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.786 718 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/01-00:13:31.787 718 Recovering log #3.2021/08/01-00:13:31.788 718 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.1225030547176225
Encrypted:	false
SSDEEP:	6:mJW9+q2PWXp+N23iKKdKrQMxIFUtpU5ZmwPnFNVkwOWXp+N23iKKdKrQMFLJ:iW4va5KkCFUtpU/PnF5f5KktJ
MD5:	D675C7C0E0D646BA2C34A3E054A5CC9D
SHA1:	564FBCAD556ADCD06EE016025C1F1B54F200DB91
SHA-256:	5073538FEC0CEA3574FDFBED2D07D379CAEC5FAFA1E0EA1F0993E47E71850827
SHA-512:	D9164B65DE81B44A60AC00CF521272E4F5A8D0113DF0D1C945C6E104853F9E49BB16313698E8691AC2B2A2C80BC5F726EDCC662202855C6CBBCBAF2F29D2D035
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.786 718 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/01-00:13:31.787 718 Recovering log #3.2021/08/01-00:13:31.788 718 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.138026782226276
Encrypted:	false
SSDEEP:	6:mjy4q2PWXp+N23iKKdK7Uh2ghZIFUtpzZmwPOhzkwOWXp+N23iKKdK7Uh2gnLJ:wy4va5KkIhHh2FUtpz/POB5f5KkIhHLJ
MD5:	25BFA6F08DF88AC4F6EFD415A5F337F6
SHA1:	CD1BB306075038E75A225FAE838E49426463C887
SHA-256:	6406A23E786D37DAE5320F80A624FEAB2B90C0FD9194591527387773F5C50AD0
SHA-512:	827896C006F6F06FAA9474CA2BBF6A691F8D63E3E4B69EBEC5A4630684BF10BE325241E0AA145646235E1097D6B7D4307A93B5C967E576D3E05209999B93AD78
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.594 250 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/01-00:13:31.598 250 Recovering log #3.2021/08/01-00:13:31.603 250 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.138026782226276
Encrypted:	false
SSDEEP:	6:mjy4q2PWXp+N23iKKdK7Uh2ghZIFUtpzZmwPOhzkwOWXp+N23iKKdK7Uh2gnLJ:wy4va5KkIhHh2FUtpz/POB5f5KkIhHLJ
MD5:	25BFA6F08DF88AC4F6EFD415A5F337F6
SHA1:	CD1BB306075038E75A225FAE838E49426463C887
SHA-256:	6406A23E786D37DAE5320F80A624FEAB2B90C0FD9194591527387773F5C50AD0
SHA-512:	827896C006F6F06FAA9474CA2BBF6A691F8D63E3E4B69EBEC5A4630684BF10BE325241E0AA145646235E1097D6B7D4307A93B5C967E576D3E05209999B93AD78
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.594 250 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/01-00:13:31.598 250 Recovering log #3.2021/08/01-00:13:31.603 250 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\447e791b-b6e1-4d11-b9bf-342139c8d7bd.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.238150824379923
Encrypted:	false
SSDEEP:	6:m739+q2PWXp+N23iKKdKusNpV/2jMGIFUtpBX2WZmwPBX9VkwOWXp+N23iKKdKux:e9+va5KkFFUtpVJ/PV9V5f5KkOJ
MD5:	A22B8E79A24F93333D526E9F23657A6E
SHA1:	AF6C7F613F04B50E76BB810F4110D5CBCCB783A6
SHA-256:	2AAD25E1B362E3AE1BD37EA696BA9350310489879A0A2249CD0175B812198566
SHA-512:	87A0B9EB623FC48348A38A19FA7C5258E9C7B6C5F9ACBCF5279583660B921949ABCEE2A8C8C88A3CE05EF349B63E92B373393DD4DC82B402D733C656CF445218
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.798 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:31.799 140c Recovering log #3.2021/08/01-00:13:31.799 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.238150824379923
Encrypted:	false
SSDEEP:	6:m739+q2PWXp+N23iKKdKusNpV/2jMGIFUtpBX2WZmwPBX9VkwOWXp+N23iKKdKux:e9+va5KkFFUtpVJ/PV9V5f5KkOJ
MD5:	A22B8E79A24F93333D526E9F23657A6E
SHA1:	AF6C7F613F04B50E76BB810F4110D5CBCCB783A6
SHA-256:	2AAD25E1B362E3AE1BD37EA696BA9350310489879A0A2249CD0175B812198566
SHA-512:	87A0B9EB623FC48348A38A19FA7C5258E9C7B6C5F9ACBCF5279583660B921949ABCEE2A8C8C88A3CE05EF349B63E92B373393DD4DC82B402D733C656CF445218
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.798 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:31.799 140c Recovering log #3.2021/08/01-00:13:31.799 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.270245740545862
Encrypted:	false
SSDEEP:	12:qoajL+va5KkmiuFUtp6hW/P69LV5f5Kkm2J:qUa5KkSgQvtf5Kkr
MD5:	62B92EBA7D2B127B82F4F57E342F653E
SHA1:	BD9E955D89B4459EBFF79FBA482794C59A128A52
SHA-256:	145817F97AD193E56B085DB6EEBDA77295CFDB4B55654C56F6E7ED4316AABEE1
SHA-512:	43E1B805ED7B3F11938A6535CD51684F48D8DDD1C55D8DD88C9ACB320CDD4BFD5EDBE5295DE3B1BED2551F7B6C204F78A07CAD5C4319A6840B5F2E8573ED4648
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.864 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:31.865 153c Recovering log #3.2021/08/01-00:13:31.866 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.270245740545862
Encrypted:	false
SSDEEP:	12:qoajL+va5KkmiuFUtp6hW/P69LV5f5Kkm2J:qUa5KkSgQvtf5Kkr
MD5:	62B92EBA7D2B127B82F4F57E342F653E
SHA1:	BD9E955D89B4459EBFF79FBA482794C59A128A52
SHA-256:	145817F97AD193E56B085DB6EEBDA77295CFDB4B55654C56F6E7ED4316AABEE1
SHA-512:	43E1B805ED7B3F11938A6535CD51684F48D8DDD1C55D8DD88C9ACB320CDD4BFD5EDBE5295DE3B1BED2551F7B6C204F78A07CAD5C4319A6840B5F2E8573ED4648
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.864 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:31.865 153c Recovering log #3.2021/08/01-00:13:31.866 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.253349027033147
Encrypted:	false
SSDEEP:	6:m7L+q2PWXp+N23iKKdKusNpZQMxIFUtpGB1KWZmwPDUiLVkwOWXp+N23iKKdKusx:aL+va5KkMFUtpGBAW/PDUiLV5f5KkTJ
MD5:	74E0D7813029E2E1B274ACCA94542A57
SHA1:	366BEB6B4AB340167DE269F7C12BDE56E0D20970
SHA-256:	93C9833A25CF02047071C4908E0E313AD9F7E4EB0568052F4999C36F743CD1ED
SHA-512:	C5BE21B7D42F788BD0B846C90C1C484296D0E8A77AB10ECDA1E4246F9309A9EF868270E6F76FCCF8069ED9AEBD702AF102088FD758148EAF21DFD3D821D47F29
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:49.106 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/01-00:13:49.108 153c Recovering log #3.2021/08/01-00:13:49.109 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.oldat (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.253349027033147
Encrypted:	false
SSDEEP:	6:m7L+q2PWXp+N23iKKdKusNpZQMxIFUtpGB1KWZmwPDUiLVkwOWXp+N23iKKdKusx:aL+va5KkMFUtpGBAW/PDUiLV5f5KkTJ
MD5:	74E0D7813029E2E1B274ACCA94542A57
SHA1:	366BEB6B4AB340167DE269F7C12BDE56E0D20970
SHA-256:	93C9833A25CF02047071C4908E0E313AD9F7E4EB0568052F4999C36F743CD1ED
SHA-512:	C5BE21B7D42F788BD0B846C90C1C484296D0E8A77AB10ECDA1E4246F9309A9EF868270E6F76FCCF8069ED9AEBD702AF102088FD758148EAF21DFD3D821D47F29
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:49.106 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/01-00:13:49.108 153c Recovering log #3.2021/08/01-00:13:49.109 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.1640912599331035
Encrypted:	false
SSDEEP:	6:mWFt+q2PWXp+N23iKKdKkGckArV/2jMGIFUtpbcJZmwPbLVkwOWXp+N23iKKdKkc:+va5KkkGHArBFUtpC/Pd5f5KkkGHAryJ
MD5:	C9B45D0A2FD9240EE1780DD67B4BFB20
SHA1:	ABE94A69C4649CE575A126C76C4DB8F3D3C7EBEB
SHA-256:	1109340FE38B1527725AE21144CABB4CEB8722927AB733CAFCED0D4767610619
SHA-512:	EBC24EF588048B53B24B22ED2E05EA2F320D9539F445AF425E17EB02E7415F99F7CB16FB42EBCFB23910434FC12D907E372646D05AE438DE53C4F9B69621B6C8
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:38.198 718 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:38.199 718 Recovering log #3.2021/08/01-00:13:38.200 718 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.1640912599331035
Encrypted:	false
SSDEEP:	6:mWFt+q2PWXp+N23iKKdKkGckArV/2jMGIFUtpbcJZmwPbLVkwOWXp+N23iKKdKkc:+va5KkkGHArBFUtpC/Pd5f5KkkGHAryJ
MD5:	C9B45D0A2FD9240EE1780DD67B4BFB20
SHA1:	ABE94A69C4649CE575A126C76C4DB8F3D3C7EBEB
SHA-256:	1109340FE38B1527725AE21144CABB4CEB8722927AB733CAFCED0D4767610619
SHA-512:	EBC24EF588048B53B24B22ED2E05EA2F320D9539F445AF425E17EB02E7415F99F7CB16FB42EBCFB23910434FC12D907E372646D05AE438DE53C4F9B69621B6C8
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:38.198 718 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/01-00:13:38.199 718 Recovering log #3.2021/08/01-00:13:38.200 718 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.196813105342681
Encrypted:	false
SSDEEP:	12:WQva5KkkGHArqiuFUtp41/Pn5f5KkkGHArq2J:Wia5KkkGgCgyLf5KkkGg7
MD5:	B760C9AEFEF25432498BA2D985F933AF
SHA1:	B0432A804237D6BC42EB96D55A7ECDD01C118702
SHA-256:	8B11C27B071078C1D99ECAEBDC6D4AE03D7E0DE881E5AED78B0B599ADBFE4CB0
SHA-512:	A92C83E8A24EF18D6343BAAA67802471065503FB593196713E11AD961D63E0B5FCE204D07C30B7C9B5645DE5F61288420E45C07FDC7919DC7F2056B01678FFE6
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:38.209 1478 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:38.210 1478 Recovering log #3.2021/08/01-00:13:38.211 1478 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.196813105342681
Encrypted:	false
SSDEEP:	12:WQva5KkkGHArqiuFUtp41/Pn5f5KkkGHArq2J:Wia5KkkGgCgyLf5KkkGg7
MD5:	B760C9AEFEF25432498BA2D985F933AF
SHA1:	B0432A804237D6BC42EB96D55A7ECDD01C118702
SHA-256:	8B11C27B071078C1D99ECAEBDC6D4AE03D7E0DE881E5AED78B0B599ADBFE4CB0
SHA-512:	A92C83E8A24EF18D6343BAAA67802471065503FB593196713E11AD961D63E0B5FCE204D07C30B7C9B5645DE5F61288420E45C07FDC7919DC7F2056B01678FFE6
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:38.209 1478 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/01-00:13:38.210 1478 Recovering log #3.2021/08/01-00:13:38.211 1478 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.157485194584449
Encrypted:	false
SSDEEP:	12:4u39+va5KkkGHArAFUtpIFJ/PI+9V5f5KkkGHArfJ:rKa5KkkGgkgE/Vf5KkkGgV
MD5:	A942577A7D4725BA876F1BEB709C804E
SHA1:	F334D584CF7F35A5B7AF5D5A81987F8E4DF91286
SHA-256:	551EA91AA30BFF8096323F3B3DF9FC8C914C7EAB1808140F18D083929180C005
SHA-512:	AB13A97FF92842F8658EB70D35A9BB36E33AFFCBCF20F8E892F59B077EAA82FB1580F6E970AB3C9674F42AB9E423971575D7630DDE9075566F7885D4CE8B37CF
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:53.443 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/01-00:13:53.444 140c Recovering log #3.2021/08/01-00:13:53.445 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.oldat (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.157485194584449
Encrypted:	false
SSDEEP:	12:4u39+va5KkkGHArAFUtpIFJ/PI+9V5f5KkkGHArfJ:rKa5KkkGgkgE/Vf5KkkGgV
MD5:	A942577A7D4725BA876F1BEB709C804E
SHA1:	F334D584CF7F35A5B7AF5D5A81987F8E4DF91286
SHA-256:	551EA91AA30BFF8096323F3B3DF9FC8C914C7EAB1808140F18D083929180C005
SHA-512:	AB13A97FF92842F8658EB70D35A9BB36E33AFFCBCF20F8E892F59B077EAA82FB1580F6E970AB3C9674F42AB9E423971575D7630DDE9075566F7885D4CE8B37CF
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:53.443 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/01-00:13:53.444 140c Recovering log #3.2021/08/01-00:13:53.445 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\cd2682de-6b1b-4b4e-b181-2f1bdcf3d73b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Reputation:	low
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.182152205830393
Encrypted:	false
SSDEEP:	6:mqQq2PWXp+N23iKKdKpIFUtpT/JZmwPdrkwOWXp+N23iKKdKa/WLJ:Iva5KkmFUtpd/Pdr5f5KkaUJ
MD5:	44535D8222EBEC8259EABBA659B5530E
SHA1:	8B0856133C5A491BAF3E75DB35C6453A2D8EEE40
SHA-256:	75B9A184B48EA8B0E2B18EEFEE8D0953894D7FE5E1FDCD25E56ADD3921B6FBE0
SHA-512:	D4F8DD618AA7AF700178290745C3905464BEEC06184ED953D1592ADC00A7AE6EE85C0925B6AF3D03A1E0904976639F67E8F8644CB709D1E2F2DFC7C77192B42F
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.593 ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/01-00:13:31.597 ce0 Recovering log #3.2021/08/01-00:13:31.599 ce0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.182152205830393
Encrypted:	false
SSDEEP:	6:mqQq2PWXp+N23iKKdKpIFUtpT/JZmwPdrkwOWXp+N23iKKdKa/WLJ:Iva5KkmFUtpd/Pdr5f5KkaUJ
MD5:	44535D8222EBEC8259EABBA659B5530E
SHA1:	8B0856133C5A491BAF3E75DB35C6453A2D8EEE40
SHA-256:	75B9A184B48EA8B0E2B18EEFEE8D0953894D7FE5E1FDCD25E56ADD3921B6FBE0
SHA-512:	D4F8DD618AA7AF700178290745C3905464BEEC06184ED953D1592ADC00A7AE6EE85C0925B6AF3D03A1E0904976639F67E8F8644CB709D1E2F2DFC7C77192B42F
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:31.593 ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/01-00:13:31.597 ce0 Recovering log #3.2021/08/01-00:13:31.599 ce0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.289798331690839
Encrypted:	false
SSDEEP:	12:PL+va5KkkOrsFUtpayW/PaZLV5f5KkkOrzJ:ga5Kk+gYwRf5Kkn
MD5:	900A012A5EDCC0D1CE0769DC42308215
SHA1:	1166202E0DA6CC2C1AAD6B6CFB6BD8019F06A220
SHA-256:	47F18AC0762D48A72F73CB6393ABA2BA30469CD1D5F98AE8823DD1467076992C
SHA-512:	7BB4780CB7017D67B1E0D684FA20EFC488DDA39296BE5588548F1F5ECBA508914203FCB9218610DE8985F54AFE0C850B7AFAD081EB8A42CEE1B32F365F66577B
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:39.250 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/01-00:13:39.251 153c Recovering log #3.2021/08/01-00:13:39.251 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.289798331690839
Encrypted:	false
SSDEEP:	12:PL+va5KkkOrsFUtpayW/PaZLV5f5KkkOrzJ:ga5Kk+gYwRf5Kkn
MD5:	900A012A5EDCC0D1CE0769DC42308215
SHA1:	1166202E0DA6CC2C1AAD6B6CFB6BD8019F06A220
SHA-256:	47F18AC0762D48A72F73CB6393ABA2BA30469CD1D5F98AE8823DD1467076992C
SHA-512:	7BB4780CB7017D67B1E0D684FA20EFC488DDA39296BE5588548F1F5ECBA508914203FCB9218610DE8985F54AFE0C850B7AFAD081EB8A42CEE1B32F365F66577B
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:39.250 153c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/01-00:13:39.251 153c Recovering log #3.2021/08/01-00:13:39.251 153c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.562929726222197
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXv27wUERUenHQ:YI6UUhVseKUewqPeUer2UefIwUIUenw
MD5:	BCC02EF8B6CCD7A02FAEC43181F17E3D
SHA1:	5D37AB7F4ED6D945B1258117484E896F3648EA40
SHA-256:	002499369433EA6B9EAEAC771CD7906CDF197896ED7E6286470095A999EB7C8D
SHA-512:	47D693ABF12A449B7B78004A10C5E2EEC16568243815771A3FFED94DFA952F1591A45C47818CCAE02B40C9E83C06F154B726A7A61529D1857EAD30FFE3BACE42
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1659338015.331332,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1627802015.331336},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:332:3m
MD5:	3F622EA4A455DEF8E6866EB35294C043
SHA1:	7348E33A5C50961EEF5E7A6FC5F11ACC10BB21CC
SHA-256:	FCEC722527B78E769F96E20311A4266531BEC31BED6D9392F466BD7C30F827E8
SHA-512:	7365A4740A2C821EEC3463E69F2994493B6E82A40C32E872E1B3B156D9B68A83ED3FDB2872A589857E8674F726609AE6937593B8414C024EDAECB729E4A44B74
Malicious:	false
Reputation:	low
Preview:	.......H..k!

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c1b2e761-baff-4a11-b36f-dfe546d9b929.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	22596
Entropy (8bit):	5.53563292686082
Encrypted:	false
SSDEEP:	384:GP7teLlBkXX1kXqKf/pUZNCgVLH2HfDkrURHGhnTfK6xfw4s:rLl8X1kXqKf/pUZNCgVLH2HfYrUFGhn2
MD5:	54FD3F5C19146AB45E0111C394E6758A
SHA1:	09C7F20198E9B691BF9EF6E461E5C39E4B713A16
SHA-256:	60372093F4B0E8A1CD604957ABCB8D67E80A0F6E558ECE25C7985D12BF7D5CED
SHA-512:	7367111B840B7B40E0329D0A5E2EFE53451672F6A73062FBD370A05E591F2214D4BA3482C3051991373D9217B72959B68E76BBE0AC802B68EE431E814A7DF707
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272275611582782","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.356461872098368
Encrypted:	false
SSDEEP:	3:tUK6P8D0RSgZmwv3IP8bEmFO01V8sIP8bEmFO01WGv:mxSgZmwPlVvltv
MD5:	5B29328C4016C2BCC937223415E144B3
SHA1:	66ED8E2A73713913892A902C70DD9D8976220EA8
SHA-256:	FF100598F531FE1918BFA45A7C69EF673F656C2713B4EF83506A2F27F1785443
SHA-512:	D868152D3357716DE8C77498F805BD0C647BB33201106AE58C9161C9E4D6922C90382E4D3C56D25CBDDE8244D4BE9C0D7E9CA2780989340D503F5330C3A360B5
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.439 1870 Recovering log #3.2021/08/01-00:13:37.500 1870 Delete type=0 #3.2021/08/01-00:13:37.500 1870 Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.356461872098368
Encrypted:	false
SSDEEP:	3:tUK6P8D0RSgZmwv3IP8bEmFO01V8sIP8bEmFO01WGv:mxSgZmwPlVvltv
MD5:	5B29328C4016C2BCC937223415E144B3
SHA1:	66ED8E2A73713913892A902C70DD9D8976220EA8
SHA-256:	FF100598F531FE1918BFA45A7C69EF673F656C2713B4EF83506A2F27F1785443
SHA-512:	D868152D3357716DE8C77498F805BD0C647BB33201106AE58C9161C9E4D6922C90382E4D3C56D25CBDDE8244D4BE9C0D7E9CA2780989340D503F5330C3A360B5
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.439 1870 Recovering log #3.2021/08/01-00:13:37.500 1870 Delete type=0 #3.2021/08/01-00:13:37.500 1870 Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Reputation:	low
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f7021960-2633-45dc-b0e9-03dc2a7cc74b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5715
Entropy (8bit):	5.189195750171625
Encrypted:	false
SSDEEP:	96:noCdPtMg0rYgOcKIVok0JCKL8VxkZ1sbOTQVuwn:noCDMBOc24KgxkZY
MD5:	6E22C72D9E2479D7C32A1EA914C9FBC0
SHA1:	6449AF320933A9E6D7A797672350A22407CA999C
SHA-256:	0C6B9E018D81451105A426CE4411668311FB6EBF9748F02D1099983C656CE4FC
SHA-512:	D12D967D8C21FEBA7EFF8332908E337A1197F8DAA31793AA3D634987906462D65CF6DDF726CE4F1DE78EC3E175BE2626F3C58849217FA10567430098CCB39A38
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272275611808681","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fade10a8-a968-45b9-a95b-6c54d033dd80.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5715
Entropy (8bit):	5.189195750171625
Encrypted:	false
SSDEEP:	96:noCdPtMg0rYgOcKIVok0JCKL8VxkZ1sbOTQVuwn:noCDMBOc24KgxkZY
MD5:	6E22C72D9E2479D7C32A1EA914C9FBC0
SHA1:	6449AF320933A9E6D7A797672350A22407CA999C
SHA-256:	0C6B9E018D81451105A426CE4411668311FB6EBF9748F02D1099983C656CE4FC
SHA-512:	D12D967D8C21FEBA7EFF8332908E337A1197F8DAA31793AA3D634987906462D65CF6DDF726CE4F1DE78EC3E175BE2626F3C58849217FA10567430098CCB39A38
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272275611808681","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.209256445756339
Encrypted:	false
SSDEEP:	6:mdXqF39+q2PWXp+N23iKKdKfrzAdIFUtpU+2WZmwPU+9VkwOWXp+N23iKKdKfrzS:G+39+va5Kk9FUtptJ/Pt9V5f5Kk2J
MD5:	CF28BB38178BA5DB73D6D7AB0F3787CD
SHA1:	6D7369D536F7A72F3595A0CCAC2FB2CF7097808E
SHA-256:	810B2B2493A04DB8BBC4EE2DE8378D18A98C7C8DA883CFAAF59ECAFC0E9157D7
SHA-512:	5ED5A8DBD731871E9950139B953CAF45AFF449C3627B1A4A35497E89396CE20C4A97D7588548613369447DD3E28B2DDE45ACF23C0608EF7EC1A57D2BE910E583
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.683 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/08/01-00:13:37.685 140c Recovering log #3.2021/08/01-00:13:37.685 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldl" (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.209256445756339
Encrypted:	false
SSDEEP:	6:mdXqF39+q2PWXp+N23iKKdKfrzAdIFUtpU+2WZmwPU+9VkwOWXp+N23iKKdKfrzS:G+39+va5Kk9FUtptJ/Pt9V5f5Kk2J
MD5:	CF28BB38178BA5DB73D6D7AB0F3787CD
SHA1:	6D7369D536F7A72F3595A0CCAC2FB2CF7097808E
SHA-256:	810B2B2493A04DB8BBC4EE2DE8378D18A98C7C8DA883CFAAF59ECAFC0E9157D7
SHA-512:	5ED5A8DBD731871E9950139B953CAF45AFF449C3627B1A4A35497E89396CE20C4A97D7588548613369447DD3E28B2DDE45ACF23C0608EF7EC1A57D2BE910E583
Malicious:	false
Reputation:	low
Preview:	2021/08/01-00:13:37.683 140c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/08/01-00:13:37.685 140c Recovering log #3.2021/08/01-00:13:37.685 140c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Reputation:	low
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Reputation:	low
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State} (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174648
Entropy (8bit):	6.078839071232448
Encrypted:	false
SSDEEP:	3072:ZFYvzhzJaLT+AaYtkGljDMIyt+ikt8cYRFcbXafIB0u1GOJmA3iuRX:XgDwTTKcjmQiE5Y/aqfIlUOoSiuRX
MD5:	A411597D8160D25384D03A5BB0B2F661
SHA1:	CFDDCABF160EE167E14203207E44BE056AE9FBCD
SHA-256:	D8074F35E0CEF130B97B222681183B496237A8B218F29CF6FE99E3A0E519D86B
SHA-512:	2EB5B15BA804CF0A3DDDCF6DFD5BD646F9551B1896616243262F496CDD4EFA9AF84FB9343E5ECDDBF9EB426005EF158956E08F3FFEAE313A7B8EF84383A1A81F
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.6278020155154e+12,"network":1.627769617e+12,"ticks":3713829605.0,"uncertainty":4323635.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.743997045152979
Encrypted:	false
SSDEEP:	768:O1rnKfdI0JU6Le1WrUYICM+H5eryif5JBcBT1AsvtIWYiiKPr+yNXj5k:oK3terUvfy
MD5:	3166ED283EFA95AED7193F5246CC8778
SHA1:	C21011E1B6FEE2BDB9618223750FE69BBBDF2469
SHA-256:	04E79B4575A1346C62B4DC4ADEC82F135C66DE4872E2CEFD2F38BF06678AF153
SHA-512:	0C322DF2936FC0AE04423D4F0889CCF895D202527DCECE8AC6002617F4B4C2BECD0F067316E1B5960D20F9D40E973A653572A7B36494B150CCE388AED357221E
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...WA8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\fc1155a5-648b-44ef-868a-368f981a09fe.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.743997045152979
Encrypted:	false
SSDEEP:	768:O1rnKfdI0JU6Le1WrUYICM+H5eryif5JBcBT1AsvtIWYiiKPr+yNXj5k:oK3terUvfy
MD5:	3166ED283EFA95AED7193F5246CC8778
SHA1:	C21011E1B6FEE2BDB9618223750FE69BBBDF2469
SHA-256:	04E79B4575A1346C62B4DC4ADEC82F135C66DE4872E2CEFD2F38BF06678AF153
SHA-512:	0C322DF2936FC0AE04423D4F0889CCF895D202527DCECE8AC6002617F4B4C2BECD0F067316E1B5960D20F9D40E973A653572A7B36494B150CCE388AED357221E
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...WA8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Temp\0958ab33-1235-41ad-b1f7-5f9902b33166.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\423cbef8-8837-43bd-8c68-7ab7ca830fae.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Temp\67e89133-0ba9-48bc-a922-17a0ddbfbaea.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Temp\68755d54-c784-477d-9365-f038b2bc8f68.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\browser-sslkeys.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	5446
Entropy (8bit):	4.642587764175262
Encrypted:	false
SSDEEP:	96:LVGK+XU1agOxMjMXrEUB//nC+mCeyWMbNrg+AMmIGCGlXHMzDg:LV2XUUg4PfrbZAZZ1NH0Dg
MD5:	ED8F1808A503C0F52F38813B6EF5D0C7
SHA1:	989CBD1E69E1A0698D8C23F0B0FDCB52B97FC713
SHA-256:	B2C5842B59EA4F068B6C74158259B52AF9D8FE22A223ED18F253E6A949D43522
SHA-512:	5E161846CF99927231C774401C96D3CB745E0C6E266C0251A954EB65964ACCD1EE3527B84953D4EA7EA6DEC69429AB02E24868F8AECC79BDA5246237CADBB6F8
Malicious:	false
Reputation:	low
Preview:	CLIENT_HANDSHAKE_TRAFFIC_SECRET b910bb336fdd63ff91efee440e304ab1cc36674eb87176abef88469028141098 0f5f39abea55b32357df3501a50ecd6bc1731b0dc808df14af9f942c2757912f.SERVER_HANDSHAKE_TRAFFIC_SECRET b910bb336fdd63ff91efee440e304ab1cc36674eb87176abef88469028141098 b24bbc4b51a15c27b036f8818c3127ba89d8a3eb6fc2d124d99388d3d339c2e0.CLIENT_HANDSHAKE_TRAFFIC_SECRET db51dd89b4c1ec7eb6ec58418fa607ef7b2ee44e567eeba16d2a9a7cc1b7d7a1 bc2f3c12d5397392bdd5cccbd27f9220ecf070eb62aeb3f50f90e57731f25229.SERVER_HANDSHAKE_TRAFFIC_SECRET db51dd89b4c1ec7eb6ec58418fa607ef7b2ee44e567eeba16d2a9a7cc1b7d7a1 18352bcfafb63509bbce5429ed9e643051f865b4b5305f69cdc1dd7db4d396b8.CLIENT_HANDSHAKE_TRAFFIC_SECRET d32278b7e33ae781a6d14858f905f246cffc957ebf72cb93c1e32f2b35ed7c18 0a6993a8d23b67684aa09412459c3bf3db14d6ee127447688047d7d30aa55203.SERVER_HANDSHAKE_TRAFFIC_SECRET d32278b7e33ae781a6d14858f905f246cffc957ebf72cb93c1e32f2b35ed7c18 38a01641574e867ffad04c36bff45d01de3c392a077ddcdd5917dec0ac6794ec.CLIENT_TRAFFIC_SECRET_0 db51

C:\Users\user\AppData\Local\Temp\scoped_dir2492_1461019771\68755d54-c784-477d-9365-f038b2bc8f68.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 88
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 1, 2021 00:13:35.404577017 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.405395985 CEST	49718	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.406141043 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.406512022 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.422049999 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.422204018 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.426223993 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.433841944 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.433978081 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.434412003 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.443766117 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451023102 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451077938 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451153040 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451204062 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451230049 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.451252937 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.451275110 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.461790085 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.474781990 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.474870920 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.474955082 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.491249084 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.511383057 CEST	80	49719	193.122.130.0	192.168.2.3
Aug 1, 2021 00:13:35.511512041 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.512017012 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.513365030 CEST	80	49718	193.122.130.0	192.168.2.3
Aug 1, 2021 00:13:35.513442993 CEST	49718	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.617141962 CEST	80	49719	193.122.130.0	192.168.2.3
Aug 1, 2021 00:13:35.618525028 CEST	80	49719	193.122.130.0	192.168.2.3
Aug 1, 2021 00:13:35.652340889 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.652689934 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.653212070 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.653260946 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.654931068 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.655083895 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.655342102 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.658855915 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.672700882 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.672750950 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.672826052 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.672853947 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.673532009 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.683315992 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.683376074 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.683446884 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.683475018 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.683588028 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.685399055 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.685456038 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.685504913 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.685539961 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.685554028 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.685617924 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.687069893 CEST	49717	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:35.695764065 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.704099894 CEST	443	49717	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:35.715894938 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.720449924 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.720491886 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.720532894 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.720555067 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.746164083 CEST	49720	443	192.168.2.3	172.217.168.45
Aug 1, 2021 00:13:35.778985977 CEST	443	49720	172.217.168.45	192.168.2.3
Aug 1, 2021 00:13:35.793559074 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:35.899266005 CEST	80	49719	193.122.130.0	192.168.2.3
Aug 1, 2021 00:13:35.940306902 CEST	49719	80	192.168.2.3	193.122.130.0
Aug 1, 2021 00:13:38.042546988 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.070777893 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.070878029 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.071121931 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.099244118 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112304926 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112371922 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112420082 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112468958 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112468958 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.112519979 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.112533092 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.136281967 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.136420965 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.136600018 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.164733887 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.164786100 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.164987087 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.166800976 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.166866064 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.166925907 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.166944981 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.166990995 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.167045116 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.168467999 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.168756962 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.168811083 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.168824911 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.168863058 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.170763969 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.170825958 CEST	443	49735	142.250.203.97	192.168.2.3
Aug 1, 2021 00:13:38.170840025 CEST	49735	443	192.168.2.3	142.250.203.97
Aug 1, 2021 00:13:38.170888901 CEST	49735	443	192.168.2.3	142.250.203.97

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 1, 2021 00:13:24.053353071 CEST	55984	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:24.077923059 CEST	53	55984	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:25.071477890 CEST	64185	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:25.104944944 CEST	53	64185	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:25.992897987 CEST	65110	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:26.017638922 CEST	53	65110	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:27.808022022 CEST	58361	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:27.833935022 CEST	53	58361	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:28.634814024 CEST	63492	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:28.660929918 CEST	53	63492	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:29.439655066 CEST	60831	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:29.473983049 CEST	53	60831	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:30.452277899 CEST	60100	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:30.477428913 CEST	53	60100	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:31.277796984 CEST	53195	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:31.302972078 CEST	53	53195	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:32.665993929 CEST	50141	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:32.693619967 CEST	53	50141	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.121514082 CEST	51352	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.157077074 CEST	53	51352	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.370718956 CEST	59349	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.372323036 CEST	57084	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.373157024 CEST	58823	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.376283884 CEST	57568	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.397089958 CEST	53	59349	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.403959036 CEST	53	57568	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.404931068 CEST	53	57084	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.416630983 CEST	53	58823	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.757831097 CEST	50540	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.779933929 CEST	54366	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.801402092 CEST	53	50540	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.820219994 CEST	53	54366	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:35.886408091 CEST	53034	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:35.918699980 CEST	53	53034	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:37.205502987 CEST	55435	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:37.233234882 CEST	53	55435	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:37.320617914 CEST	50713	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:37.354279041 CEST	53	50713	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:37.798228025 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.823283911 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.823728085 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.848200083 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.848259926 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.848309994 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.848359108 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.848542929 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.850182056 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.850569963 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.882105112 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.882643938 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.893289089 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.893352032 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.893400908 CEST	443	50715	172.217.16.142	192.168.2.3
Aug 1, 2021 00:13:37.894546986 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.920490026 CEST	50715	443	192.168.2.3	172.217.16.142
Aug 1, 2021 00:13:37.998672009 CEST	56132	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:38.041491032 CEST	53	56132	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:38.424321890 CEST	58987	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:38.448914051 CEST	53	58987	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:39.441597939 CEST	63619	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:39.484992981 CEST	53	63619	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:39.695197105 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:39.727988958 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:40.687894106 CEST	61946	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:40.712805986 CEST	53	61946	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:41.767257929 CEST	64910	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:41.792213917 CEST	53	64910	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:42.781869888 CEST	52123	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:42.806858063 CEST	53	52123	8.8.8.8	192.168.2.3
Aug 1, 2021 00:13:54.720458984 CEST	58784	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:13:54.763278008 CEST	53	58784	8.8.8.8	192.168.2.3
Aug 1, 2021 00:14:00.456358910 CEST	63978	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:14:00.494513988 CEST	53	63978	8.8.8.8	192.168.2.3
Aug 1, 2021 00:14:09.477725029 CEST	62938	53	192.168.2.3	8.8.8.8
Aug 1, 2021 00:14:09.519023895 CEST	53	62938	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 1, 2021 00:13:35.370718956 CEST	192.168.2.3	8.8.8.8	0x8a6a	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.372323036 CEST	192.168.2.3	8.8.8.8	0x5ba	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.376283884 CEST	192.168.2.3	8.8.8.8	0x829e	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:37.998672009 CEST	192.168.2.3	8.8.8.8	0xb13f	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 1, 2021 00:13:35.397089958 CEST	8.8.8.8	192.168.2.3	0x8a6a	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 1, 2021 00:13:35.397089958 CEST	8.8.8.8	192.168.2.3	0x8a6a	No error (0)	clients.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.403959036 CEST	8.8.8.8	192.168.2.3	0x829e	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:35.404931068 CEST	8.8.8.8	192.168.2.3	0x5ba	No error (0)	accounts.google.com		172.217.168.45	A (IP address)	IN (0x0001)
Aug 1, 2021 00:13:38.041491032 CEST	8.8.8.8	192.168.2.3	0xb13f	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Aug 1, 2021 00:13:38.041491032 CEST	8.8.8.8	192.168.2.3	0xb13f	No error (0)	googlehosted.l.googleusercontent.com		142.250.203.97	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49719	193.122.130.0	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Aug 1, 2021 00:13:35.512017012 CEST	1159	OUT	GET / HTTP/1.1 Host: checkip.dyndns.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 1, 2021 00:13:35.618525028 CEST	1164	IN	HTTP/1.1 200 OK Date: Sat, 31 Jul 2021 22:13:35 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.25</body></html>
Aug 1, 2021 00:13:35.793559074 CEST	1177	OUT	GET /favicon.ico HTTP/1.1 Host: checkip.dyndns.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Referer: http://checkip.dyndns.org/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 1, 2021 00:13:35.899266005 CEST	1210	IN	HTTP/1.1 200 OK Date: Sat, 31 Jul 2021 22:13:35 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 32 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.25</body></html>

Code Manipulations

Statistics

Behavior

• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 2492 Parent PID: 2124

General

Start time:	00:13:30
Start date:	01/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://checkip.dyndns.org'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Analysis Process: chrome.exe PID: 6048 Parent PID: 2492

General

Start time:	00:13:32
Start date:	01/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,11368793495184802417,8477967722688805842,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report http://checkip.dyndns.org

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 2492 Parent PID: 2124

General

File Activities

File Created

File Deleted

File Moved

File Written

Registry Activities

Key Created

Key Value Created

Key Value Modified

Analysis Process: chrome.exe PID: 6048 Parent PID: 2492

General

File Activities

File Created

File Deleted

File Moved

File Written