Windows Analysis Report https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip

Overview

General Information

Sample URL:	https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip
Analysis ID:	479875
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Found inlined nop instructions (likely shell or obfuscated code)

PE file does not import any functions

Drops PE files

May sleep (evasive loops) to hinder dynamic analysis

Binary contains a suspicious time stamp

Detected potential crypto function

Found dropped PE file which has not been started or loaded

Creates a process in suspended mode (likely to inject code)

Contains long sleeps (>= 3 min)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll	Virustotal: Detection: 28%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll	Metadefender: Detection: 17%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll	ReversingLabs: Detection: 37%

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source:	Binary string: C:\Programming\nicehash\NiceHashMiner\src\Miners\CryptoDredge\obj\Release\netstandard2.0\MP.CryptoDredge.pdb source: MP.CryptoDredge.dll.6.dr
Source:	Binary string: C:\Programming\nicehash\NiceHashMiner\src\Miners\CryptoDredge\obj\Release\netstandard2.0\MP.CryptoDredge.pdbSHA256 source: MP.CryptoDredge.dll.6.dr

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 4x nop then jmp 04B4099Bh		5_2_04B402A8
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 4x nop then jmp 04B4099Ah		5_2_04B402A8

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)

Source: manifest.json0.0.dr, 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.0.dr, 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 894ab119-5f77-4d31-87bf-3f3e83eed5ff.tmp.1.dr, fa216826-8e74-4cfb-b79b-be68cbbf5cd7.tmp.1.dr, 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log3.0.dr, CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip_Zone.Identifier.4.dr	String found in binary or memory: https://github-releases.githubusercontent.com/195045184/49908900-9c5e-11eb-9897-9484750f4979?X-Amz-A
Source: History.0.dr	String found in binary or memory: https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mpt
Source: MP.CryptoDredge.dll.6.dr	String found in binary or memory: https://github.com/technobyl/CryptoDredge/releases/download/v0.26.0/CryptoDredge_0.26.0_cuda_11.2_wi
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr	String found in binary or memory: https://r1---sn-5hnekn7s.gvt1.com
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json1.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.0.dr, 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 43a58191-4e79-4070-8703-44dfe9c58b35.tmp.1.dr, f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: github.com

Source: global traffic	HTTP traffic detected: GET /nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip HTTP/1.1Host: github.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /195045184/49908900-9c5e-11eb-9897-9484750f4979?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210908%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210908T134658Z&X-Amz-Expires=300&X-Amz-Signature=091b604827ca9250a0758b5a479d50b8598f2606cf741abe791905c7afbbc61f&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=195045184&response-content-disposition=attachment%3B%20filename%3DCryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip&response-content-type=application%2Foctet-stream HTTP/1.1Host: github-releases.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

System Summary:

PE file does not import any functions

Source: MP.CryptoDredge.dll.6.dr

Static PE information: No import functions for PE file found

Detected potential crypto function

Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 5_2_04B402A8		5_2_04B402A8
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 5_2_04B40299		5_2_04B40299

Source: C:\Windows\SysWOW64\unarchiver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,11712432474224128058,11765405648561526018,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1616,11712432474224128058,11765405648561526018,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4852 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\hee0gukh.eki' 'C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,11712432474224128058,11765405648561526018,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1616,11712432474224128058,11765405648561526018,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4852 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\hee0gukh.eki' 'C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5988:120:WilError_01

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61393D5C-1600.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user~1\AppData\Local\Temp\3e3f8d37-5341-46a8-acb7-375f529408a6.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.win@47/279@5/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source:	Binary string: C:\Programming\nicehash\NiceHashMiner\src\Miners\CryptoDredge\obj\Release\netstandard2.0\MP.CryptoDredge.pdb source: MP.CryptoDredge.dll.6.dr
Source:	Binary string: C:\Programming\nicehash\NiceHashMiner\src\Miners\CryptoDredge\obj\Release\netstandard2.0\MP.CryptoDredge.pdbSHA256 source: MP.CryptoDredge.dll.6.dr

Data Obfuscation:

Binary contains a suspicious time stamp

Source: MP.CryptoDredge.dll.6.dr

Static PE information: 0xE9E63BD3 [Sat May 8 17:58:43 2094 UTC]

Persistence and Installation Behavior:

Drops PE files

Source: C:\Windows\SysWOW64\7za.exe

File created: C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll

Jump to dropped file

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\unarchiver.exe TID: 384

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\SysWOW64\7za.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll

Jump to dropped file

Contains long sleeps (>= 3 min)

Source: C:\Windows\SysWOW64\unarchiver.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Code function: 5_2_00A5B0F2 GetSystemInfo,

5_2_00A5B0F2

Source: C:\Windows\SysWOW64\unarchiver.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\unarchiver.exe

Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\hee0gukh.eki' 'C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip'

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.27.84	accounts.google.com	United States	15169	GOOGLEUS	false
140.82.121.4	github.com	United States	36459	GITHUBUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.199.108.154	github-releases.githubusercontent.com	Netherlands	54113	FASTLYUS	false
142.250.184.238	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.36.1	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
accounts.google.com	142.250.27.84	true
github.com	140.82.121.4	true
clients.l.google.com	142.250.184.238	true
github-releases.githubusercontent.com	185.199.108.154	true
googlehosted.l.googleusercontent.com	142.251.36.1	true
clients2.googleusercontent.com	unknown	unknown
clients2.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip	false	high
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false	high

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\0a2aa677-c64b-4cde-bd1b-db6cd9e678b4.tmp	ASCII text, with very long lines, with no line terminators	E36BA852742AEC8FA8B35034DCF8FE66	B63B2C0CAE8FA33DA70F082934E7853C0EE03350	DAB5B1351A37C32330934FBD78C26812CD9E3242E8CF015438B3ABEADC628FD7
C:\Users\user\AppData\Local\Google\Chrome\User Data\30dbb1ef-fb5b-40f6-9816-8925082c0878.tmp	data	D96E2DA80C52BA327A6189C3043161D0	8446AE32624430763BA1F1B747FF4465D592AA12	41733DE4B56DE88A2D7D6FD2E42A361FEED1AA02C10769EDF13C1840BCEFD796
C:\Users\user\AppData\Local\Google\Chrome\User Data\474a9c9f-bc15-4cf3-a0d3-2f948622b9fe.tmp	ASCII text, with very long lines, with no line terminators	E0B8C849F87D54F25B793EB7FD0AC8B0	A1235DF5B1CAAB0629610C2A10EF6A14C57607ED	D4C28891794A107B410CD4C39A0B6018E2D6959D693D239807CCC7AE934F38A5
C:\Users\user\AppData\Local\Google\Chrome\User Data\6661b9b7-0535-485c-8a45-a36557e50aba.tmp	ASCII text, with very long lines, with no line terminators	85F6FC0A7716E3C768602D691084DD22	D48BF1A07FC52A3C70DF0C1E9117E83692D5207A	8196B6298087BC864AC4711AFD5CB51C400DED9077A7C9FB16E5768F17A8B523
C:\Users\user\AppData\Local\Google\Chrome\User Data\8d70bb28-9230-453a-a3ae-4c538f326abc.tmp	data	9AAAC57002ADED4F7E1417C768C40370	277C29BC60FE2AD235B9526B275ADC5DC4AC1386	2183EE969CFB9DCFD02696AE255C77D11499FCB060A9889B5506DF4C952B1E47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	E4C3A0CCEDB71D53052C719DE30FD750	C89D101217D4AA05AD9C6FB24DB2037B3BCC630E	B9ABED457F567199890198C9CE3B20954C73C458014CEB77C5E4514B1A8D8BF9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000003.log	data	2A476D34443EFF158F3524C6A7C57360	D08395FE07CB462F56B9274CF80DDBAF332CCB31	2A1F7C252AA78C628C3A8E4F351A61A943680565EA7CA4060EA31A64307740C2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\01cfa0fc-69b9-4f07-8b6b-b47c0399aef7.tmp	ASCII text, with very long lines, with no line terminators	B6FA380A044FE23A8C77D96C5F1C0312	FE71666565BCE9320F1020A23EAFFBAEEE132FA7	EB5A763E212D2ADF0D761B3EC3F5806A5B7FF7C6565B295F12993B4C386E90EF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\206fe310-e8db-4350-b38b-a76df418dafb.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	B9BCE4426D634890CE4737857198035A	27DAA561C3DCE89BB75EF8B857E53F7D0833AA03	630470DC3BCFC84526ECB4F8EAE32AA407430702BE05E10C8D83C4A2FAF3A082
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\43a58191-4e79-4070-8703-44dfe9c58b35.tmp	ASCII text, with very long lines, with no line terminators	754F8704D64B1258710D1AC5B96A766B	321F307E61168356BA64BA1247D4A31E50744897	8D896A1D99738F110FEE0D29B01F3C3E398693F20328591CC711CE5919E4A2CC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c2c14f9-d601-4a33-a8c7-2535d37b9b0d.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	31649D7D99825E62346B4FA87617AE18	8B18A7F323A4334FB2AAD3C1297CBAF0765552EC	E413A3A2FB124BF05FAF5556BEC245D90E99E03BCDD8A82830187E40A160CC25
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\71f10eb4-6dca-4591-8e9d-c7ce219249df.tmp	ASCII text, with very long lines, with no line terminators	AA790C9F0FFF5EE321DEEA50A41D18E4	92B27AC85819AE89CB12AF5441AE52145AF19145	1B715732F2C4560D2AC6AD34F5CA18F70111092D4D7F2198CFBCA71269D1C5FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\860b8eb7-6106-4a6a-82c8-c184540cdcb4.tmp	ASCII text, with very long lines, with no line terminators	AA790C9F0FFF5EE321DEEA50A41D18E4	92B27AC85819AE89CB12AF5441AE52145AF19145	1B715732F2C4560D2AC6AD34F5CA18F70111092D4D7F2198CFBCA71269D1C5FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	2EFDA351D6DD9C84EB5FE426BFD88949	C0B32A9CEB11C6C4885F249AF8FC8386DF84D1BD	E9EDFF88705D8E4D21F5B82583BCBBE210D44C871918DDBEBEB73692ACC199DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldG (copy)	ASCII text	2EFDA351D6DD9C84EB5FE426BFD88949	C0B32A9CEB11C6C4885F249AF8FC8386DF84D1BD	E9EDFF88705D8E4D21F5B82583BCBBE210D44C871918DDBEBEB73692ACC199DE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	5BB7C33E05E8895E2C238764897FF5CE	5DC75767A4B59ACE5F684A0B5CDD08ED03A9397F	B3F060529427F10DE36D102B2EA4690E78F2FE1CAA9C2472AB9DC299D6A1FDE2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old.. (copy)	ASCII text	5BB7C33E05E8895E2C238764897FF5CE	5DC75767A4B59ACE5F684A0B5CDD08ED03A9397F	B3F060529427F10DE36D102B2EA4690E78F2FE1CAA9C2472AB9DC299D6A1FDE2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT.I (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENTl (copy)	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal	data	7BD02F567FA55CA82D22763E189EC143	7CDA1B32157B8A1707338E2D3EEA2F0CEBD17251	5B9A9E24C9A67B51D8BD2EACE05F66B57F1E406771E23B42B9F6C7C1AD74B829
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	9833C2122CC3E6B80C414196BB9E6777	9C6F4679DB486465884E8455EEA3EA6659394806	8F702CFECBF5B98E70227F99CBC05FAF54798B1C768EC0A7D7E5FD0740E5ABC3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	7FA0F874EABF1EED31988230680AD210	E71B360F1E8D5C278A051AD03DFB9027ACCF38C3	09E15F8939364145E710C314EBD93FD19BF60C2B6B20BF8023315D617B6B141B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	DC6CCBA38652F7B08D37BA64599467AF	2240601FB68B04537CFA860E1B50C027167F8AFC	843F83C56D6172FD7A65504C6EDC1DC63FB71DB1F9480241169BF95E6C05CC47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldTM (copy)	ASCII text	DC6CCBA38652F7B08D37BA64599467AF	2240601FB68B04537CFA860E1B50C027167F8AFC	843F83C56D6172FD7A65504C6EDC1DC63FB71DB1F9480241169BF95E6C05CC47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	9D7435EA49A80FDD66E4915F513017F9	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	57A73BC11BA0E3EEDED8FE171CD31631	5BB417450C0BA3D911F04BDC89EA164D3A994D7C	26E133ABA92FE473B9C6587456A307128A9880DB35F6EE01B1F57F40DB60A034
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	6AE2135EA4583C2F06CDEBEA4AE70FA4	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	0407B455F23E3655661BA46A574CFCA4	855CB7CC8EAC30458B4207614D046CB09EE3A591	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	A7E67E95FB9674E6EE59301A17735821	FFF5E417678F95BF993690E1E480901304C9060A	9DB3CB2EA737944169B0BD15043504E859CEA2C0F6103ECD8AEA8BC6673A86B9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	A7E67E95FB9674E6EE59301A17735821	FFF5E417678F95BF993690E1E480901304C9060A	9DB3CB2EA737944169B0BD15043504E859CEA2C0F6103ECD8AEA8BC6673A86B9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	D70A037632AB277FC5667201CFE9BE34	E6CC52B37767C1CD9659E6F62018430860A0002C	FCA02844CEDA7B8C61A131636C45D3F4D00CE34928A63ECA60D99B6E2D3F94E5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old. (copy)	ASCII text	D70A037632AB277FC5667201CFE9BE34	E6CC52B37767C1CD9659E6F62018430860A0002C	FCA02844CEDA7B8C61A131636C45D3F4D00CE34928A63ECA60D99B6E2D3F94E5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	CD137D4481F3D51D1876C33427629820	2FD3BFFD0FF02613967145A5249CABF542F24872	8B24F878CFE291653391562BCFDA3A9E3FF7C9BFA70903792FD9F667A54B50E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old. (copy)	ASCII text	CD137D4481F3D51D1876C33427629820	2FD3BFFD0FF02613967145A5249CABF542F24872	8B24F878CFE291653391562BCFDA3A9E3FF7C9BFA70903792FD9F667A54B50E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	9A0CA2F40BC0429585230AC812A8F933	A3D91B0C5E8CF2E1BA0233FF2A944251D8FFB230	E0408280A480EB543F1EDEF2AD942027B93C5FC0B770173FB2FCB87668F6F21F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	216131BE960CA8D4AEB11E674551E21A	85D5FA973BEFBA98FA63C88F07F5B7D9409D168D	724F3B4C698AF5348EEDFAAF8CE2C789B6F372567F6D731F78EDED9BC7D3810B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG	ASCII text	BB9E96E5F76F36E7418CB402215521A0	9999A431456DAACD5B2DEAB606D035C3E76FDA4D	2E731383154232C4CC69634D7C2182E6DB9B361C954EB710F0500AD8AD0A56A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session0 (copy)	data	9833C2122CC3E6B80C414196BB9E6777	9C6F4679DB486465884E8455EEA3EA6659394806	8F702CFECBF5B98E70227F99CBC05FAF54798B1C768EC0A7D7E5FD0740E5ABC3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (copy)	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	5C2617CFCBF1B2B39B41978218C6FF23	26CC5B794C92B8FD24F2C04144C0B2AF7FC379E3	189F3EDB089B3EADD24046B9956389CBA7F2A118084620B0F3E75E7D8C82F80E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	53952DB634D372E40DFF89F6E0865657	DEB7ACC498BFB8D81C3B4AF3A65F39185E67DDBE	5EC33776B33EFB86B86B0417972EB299920620230FF93E3AD45D24638C22EB37
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old) (copy)	ASCII text	53952DB634D372E40DFF89F6E0865657	DEB7ACC498BFB8D81C3B4AF3A65F39185E67DDBE	5EC33776B33EFB86B86B0417972EB299920620230FF93E3AD45D24638C22EB37
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002	MPEG-4 LOAS	22BF0E81636B1B45051B138F48B3D148	56755D203579AB356E5620CE7E85519AD69D614A	E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	754F8704D64B1258710D1AC5B96A766B	321F307E61168356BA64BA1247D4A31E50744897	8D896A1D99738F110FEE0D29B01F3C3E398693F20328591CC711CE5919E4A2CC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	CCA4E9973D3A75EB1A9AC38B1C354EA1	F0FF59BAB9E4623DA190783691A1FC128CE44387	CBE1176D3522C6C7EC6AA2903888EC6D6391AD133595FA73BCC0CFA88056B080
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldg (copy)	ASCII text	CCA4E9973D3A75EB1A9AC38B1C354EA1	F0FF59BAB9E4623DA190783691A1FC128CE44387	CBE1176D3522C6C7EC6AA2903888EC6D6391AD133595FA73BCC0CFA88056B080
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesg (copy)	ASCII text, with very long lines, with no line terminators	B6FA380A044FE23A8C77D96C5F1C0312	FE71666565BCE9320F1020A23EAFFBAEEE132FA7	EB5A763E212D2ADF0D761B3EC3F5806A5B7FF7C6565B295F12993B4C386E90EF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesk (copy)	ASCII text, with very long lines, with no line terminators	AA790C9F0FFF5EE321DEEA50A41D18E4	92B27AC85819AE89CB12AF5441AE52145AF19145	1B715732F2C4560D2AC6AD34F5CA18F70111092D4D7F2198CFBCA71269D1C5FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesl (copy)	ASCII text, with very long lines, with no line terminators	AA790C9F0FFF5EE321DEEA50A41D18E4	92B27AC85819AE89CB12AF5441AE52145AF19145	1B715732F2C4560D2AC6AD34F5CA18F70111092D4D7F2198CFBCA71269D1C5FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	1E7F55175BDD0327E7A744F4C2FB1C88	871BC22603B0AAF795FA3F9DF5032109E6076147	922E59207D475A818046434D9FC5BF66FD661E65834E6F139A66B9910A1FDC51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal	data	BE3E80598F5B96D83B694135AFFF7856	1DBCCC12AE1411DE4339DF1D229F386973D319C5	D9FED77FEA5B832F8235F2F8C13226DF51C464479281A42D070F8E7862F6492E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	B9BCE4426D634890CE4737857198035A	27DAA561C3DCE89BB75EF8B857E53F7D0833AA03	630470DC3BCFC84526ECB4F8EAE32AA407430702BE05E10C8D83C4A2FAF3A082
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	994750B1B85BFB0F2763655289CA909D	DEBE4D1F42CD509BA2E9D6DCDFAE5A8046838E23	E7509F1A4DAE29BE403770423C78165310DA1FB10A1630C554BC44A3792B9DD9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesLL (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	31649D7D99825E62346B4FA87617AE18	8B18A7F323A4334FB2AAD3C1297CBAF0765552EC	E413A3A2FB124BF05FAF5556BEC245D90E99E03BCDD8A82830187E40A160CC25
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesdm (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	DA37A6CACECB5D267526E3B2778A7CDC	C68E26313DDD74F47E29CBAC14CA35DBE90B6B02	4B1227AD26AB6685CB88BAEA9E2D3424C0920DF41B4DFDD027CE85D8A051A88A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	1B4FA89099996CE3C9E5A0A9768230E8	9026E1E0906E3B3FE0E414EE814CC5A042807A04	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	C1322ADF920081C9DDD13EAFF0A57A20	6CF6ABE267B2E36AFB67C128DABA831E4439C6CC	E329DD265446B7A1AFD18ABA149071552059E9A5D36C17F9F3E12C1CD76E0FC1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old.C (copy)	ASCII text	C1322ADF920081C9DDD13EAFF0A57A20	6CF6ABE267B2E36AFB67C128DABA831E4439C6CC	E329DD265446B7A1AFD18ABA149071552059E9A5D36C17F9F3E12C1CD76E0FC1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	8D27582F304998DC1A26A275F95498A9	C218BD4B93713A35C3A3A6AE91D83D0D6011BB00	28D89575D455549B008BE7985130C5B11C5A2A0EFC6E47271AB1DC37FE0BE63C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old]" (copy)	ASCII text	8D27582F304998DC1A26A275F95498A9	C218BD4B93713A35C3A3A6AE91D83D0D6011BB00	28D89575D455549B008BE7985130C5B11C5A2A0EFC6E47271AB1DC37FE0BE63C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	C4DF0FB10C4332150B2C336396CE1B66	780A76E101DE3DE2E68D23E64AB1A44D47A73207	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	0FB1E8B53E32E0F95F2AA414AE04A175	84B22FAEB9382A9E897B37C4019EEAA050F0F879	0584CF4E1DD3562B91F83DDF129369E51A6AC998D97083A9755906557836CF69
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	0FB1E8B53E32E0F95F2AA414AE04A175	84B22FAEB9382A9E897B37C4019EEAA050F0F879	0584CF4E1DD3562B91F83DDF129369E51A6AC998D97083A9755906557836CF69
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	363D9EBEDB5030036B53B6B28E8A8EA5	1C7C9012156AC8295EB465BC774430A866096832	466FE09323B709A587648157D77298132B29F7CD916CD68EF6B28A0FC5EE355B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	1AFE45D88A374F3FC43EFF545563318E	43FF9EA944C452E4643AEE5B734962F858A4F04E	3638BA2107FBC8A2ECFFB04EF82E8EB45846B71A584A735C9387A311554B10B3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old. (copy)	ASCII text	1AFE45D88A374F3FC43EFF545563318E	43FF9EA944C452E4643AEE5B734962F858A4F04E	3638BA2107FBC8A2ECFFB04EF82E8EB45846B71A584A735C9387A311554B10B3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	E556F26DF3E95C19DBAECA8F5DF0C341	247A89F0557FC3666B5173833DB198B188F3AA2E	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	8C9E0C65267C9FD4B8EF824AC0B872C4	6EDEFEE4F80E38F7DCFD52682801F6F4035E851F	E61F9A7B8F7F8234CA2C74D3CF6945674AA0B8905C6667B2C12B0AE13E021EAC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy)	ASCII text	8C9E0C65267C9FD4B8EF824AC0B872C4	6EDEFEE4F80E38F7DCFD52682801F6F4035E851F	E61F9A7B8F7F8234CA2C74D3CF6945674AA0B8905C6667B2C12B0AE13E021EAC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\fa216826-8e74-4cfb-b79b-be68cbbf5cd7.tmp	ASCII text, with very long lines, with no line terminators	363D9EBEDB5030036B53B6B28E8A8EA5	1C7C9012156AC8295EB465BC774430A866096832	466FE09323B709A587648157D77298132B29F7CD916CD68EF6B28A0FC5EE355B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\894ab119-5f77-4d31-87bf-3f3e83eed5ff.tmp	ASCII text, with very long lines, with no line terminators	1FE877DDE8B96DED122AC08BB07A83C5	5BEA5FFAF686474CE8ACA1D95500C29D65007745	3AD373EB6FF8EA394964EDA2A9E53ADD8DBA11DC9716ED3CA672F10DF369BA4D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	B505641E5E90B7CF4BC869DD1B4BE451	0EC7B13DC043E054AB48B8F45FE49EF1209C01AA	2755F85F14CF33404CEEBF053D0CB79DC3B98D643A51075737E6A5BE154FE1D9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	56BE6CC6866E7542B145CDBE11B9A4BD	F27E8D76A9362195372972D0040A0AF82B0D99DC	82EB969280808D80D817C6918C5E7BE8FD88B5FFC3CCA55352B82736DFAE982C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	56BE6CC6866E7542B145CDBE11B9A4BD	F27E8D76A9362195372972D0040A0AF82B0D99DC	82EB969280808D80D817C6918C5E7BE8FD88B5FFC3CCA55352B82736DFAE982C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	1FE877DDE8B96DED122AC08BB07A83C5	5BEA5FFAF686474CE8ACA1D95500C29D65007745	3AD373EB6FF8EA394964EDA2A9E53ADD8DBA11DC9716ED3CA672F10DF369BA4D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	FFEE6AD05E1E62B99836B086407B322F	CB85671F7EBFE9911D0833EA3762C3F460E97D6A	3DB1126AC7FFE4CBF2ED8D65813AA0D50BEF0F3D336078652E556AEFA753C77E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old.* (copy)	ASCII text	FFEE6AD05E1E62B99836B086407B322F	CB85671F7EBFE9911D0833EA3762C3F460E97D6A	3DB1126AC7FFE4CBF2ED8D65813AA0D50BEF0F3D336078652E556AEFA753C77E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	E9C694B34731BF91073CF432768A9C44	861F5A99AD9EF017106CA6826EFE42413CDA1A0E	01C766E2C0228436212045FA98D970A0AD1F1F73ABAA6A26E97C6639A4950D85
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	AB7D73B4194C54DA86E04778E84E1C05	14612410A22C1E73839E94739D9D14A3C63D9C13	832AB2A9336EAFC439F47C38DCF97C77DA808CD3911AB2DB74DF4E0F24C37884
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old. (copy)	ASCII text	AB7D73B4194C54DA86E04778E84E1C05	14612410A22C1E73839E94739D9D14A3C63D9C13	832AB2A9336EAFC439F47C38DCF97C77DA808CD3911AB2DB74DF4E0F24C37884
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	45A8ECA4E5C4A6B1395080C1B728B6C9	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	4515D444EA78D98F83DD36C39A726D22	B1E94510AAD36075EC2F37304DC80E721EE66F6F	22F7FA82A2CA639BBAF94E9BAAD8F84EB0EE126BD874583E072B0455BFA37B39
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	4515D444EA78D98F83DD36C39A726D22	B1E94510AAD36075EC2F37304DC80E721EE66F6F	22F7FA82A2CA639BBAF94E9BAAD8F84EB0EE126BD874583E072B0455BFA37B39
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	218D14B45D868A92BC074AAFC66624D5	44F7A49E42DC8C17A24BA75C4A935A2313D98F19	7B6828AD5CBB63F28E15A09E68B3D5F8B7F5370E69021AD4A9DA58FF510DF2CA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.oldn. (copy)	ASCII text	218D14B45D868A92BC074AAFC66624D5	44F7A49E42DC8C17A24BA75C4A935A2313D98F19	7B6828AD5CBB63F28E15A09E68B3D5F8B7F5370E69021AD4A9DA58FF510DF2CA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\85e5757f-fce9-40b8-bccd-d4023346da13.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	33EABC19FDF40F3D36B6870EF5861957	CF3EF59C3940B58C314E9F6A1616751553F2D9A2	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5	data	61B979ECA159ECAC9C7F8F1D6FD43E9D	0373696351FC2172E811DA8393DEC84036FA34A0	AB05E0A6FF7E8FFF89F924B279D93AFC72ACCE817C4D250C60BB8059CC534303
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.icokr (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	33EABC19FDF40F3D36B6870EF5861957	CF3EF59C3940B58C314E9F6A1616751553F2D9A2	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b23e0c0d-46f8-4457-994d-e60e9abad5c1.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	DA37A6CACECB5D267526E3B2778A7CDC	C68E26313DDD74F47E29CBAC14CA35DBE90B6B02	4B1227AD26AB6685CB88BAEA9E2D3424C0920DF41B4DFDD027CE85D8A051A88A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d0614375-d4a7-4979-a257-d6c25ac99df9.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	994750B1B85BFB0F2763655289CA909D	DEBE4D1F42CD509BA2E9D6DCDFAE5A8046838E23	E7509F1A4DAE29BE403770423C78165310DA1FB10A1630C554BC44A3792B9DD9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d6ba8792-4147-467b-b60f-eb238b6ce21c.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	8371B992A7D5B9C9B2908203ECE978A7	7730FBD1E5D8B1B10541A3480073A3C1D0E49C0E	0EB2ED8E9D802D1A73AD531048E3F4548C7888AA5DA6F10F3663E6C8DA5F6F40
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldlo (copy)	ASCII text	8371B992A7D5B9C9B2908203ECE978A7	7730FBD1E5D8B1B10541A3480073A3C1D0E49C0E	0EB2ED8E9D802D1A73AD531048E3F4548C7888AA5DA6F10F3663E6C8DA5F6F40
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f101569a-bf7d-4a06-bec9-b8cb74a95d8f.tmp	ASCII text, with very long lines, with no line terminators	9E0C31BCE1C83C78981EB86A29E2879B	3973E5D4DA1BC0BB99B78D1DFA7BEA045C85E173	3D1BDA968D1CFF79DBD0C4B9D2A22367E9D9B8374622CD4263BD39137D8FE584
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	B50682811CA35380C24AA7823E99F6F9	2998C5EFD9B7D4578F912B5F6F65C7F1B083660A	EA3332C45D31A19A4A68F92FA7407890918A9211FDBDA4C2FE17BB495D2F1C35
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old.. (copy)	ASCII text	B50682811CA35380C24AA7823E99F6F9	2998C5EFD9B7D4578F912B5F6F65C7F1B083660A	EA3332C45D31A19A4A68F92FA7407890918A9211FDBDA4C2FE17BB495D2F1C35
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	DD00E5A0AFFA9EA214FCB0BF5CBA030C	76BB1BEE095F9F02ED56D851FBCFA432887542B6	A29248777265C51EA25865E6E600C5B3A8EB51D1892E55B952A682C197DACDEA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State. (copy)	ASCII text, with very long lines, with no line terminators	85F6FC0A7716E3C768602D691084DD22	D48BF1A07FC52A3C70DF0C1E9117E83692D5207A	8196B6298087BC864AC4711AFD5CB51C400DED9077A7C9FB16E5768F17A8B523
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.. (copy)	ASCII text, with very long lines, with no line terminators	E36BA852742AEC8FA8B35034DCF8FE66	B63B2C0CAE8FA33DA70F082934E7853C0EE03350	DAB5B1351A37C32330934FBD78C26812CD9E3242E8CF015438B3ABEADC628FD7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache.. (copy)	data	0F3FBB09496E7E784E19F47EFAEB42E0	2193635CC6AB7EBB67CC47D2099D987E5E88027E	4F7735EE75486742E6ABD7791AD166CFD5AD35C8CEAFC22C98682F05ED20F8E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache\c (copy)	data	D96E2DA80C52BA327A6189C3043161D0	8446AE32624430763BA1F1B747FF4465D592AA12	41733DE4B56DE88A2D7D6FD2E42A361FEED1AA02C10769EDF13C1840BCEFD796
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cachewi (copy)	data	9AAAC57002ADED4F7E1417C768C40370	277C29BC60FE2AD235B9526B275ADC5DC4AC1386	2183EE969CFB9DCFD02696AE255C77D11499FCB060A9889B5506DF4C952B1E47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.29.4\Indexing in Progress	empty	D41D8CD98F00B204E9800998ECF8427E	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir5632_1292533735\Ruleset Data	data	3A5AEBAF630E27C3F01A2D346CD9FEBC	CC5C596D2E87365A61534464E2673FD5361A1AFF	6BA1B0DDFC423800683B3CE0D60BAB4AA14FFE35B2B1A394FABD499CE5AFBF39
C:\Users\user\AppData\Local\Google\Chrome\User Data\a8098418-5b91-47d7-9116-4b048239a08c.tmp	ASCII text, with very long lines, with no line terminators	17F43AF74BD55BCCD9DD231162CA073A	2F5EA767BF2BE31356B68A781AC787B829914210	D60C8089BBBE251DB25421828ABDCE246A2EFC7B637DA434F72882C980CE7B04
C:\Users\user\AppData\Local\Google\Chrome\User Data\acf6e640-fc7e-4992-881d-a0bf193973bd.tmp	ASCII text, with very long lines, with no line terminators	85F6FC0A7716E3C768602D691084DD22	D48BF1A07FC52A3C70DF0C1E9117E83692D5207A	8196B6298087BC864AC4711AFD5CB51C400DED9077A7C9FB16E5768F17A8B523
C:\Users\user\AppData\Local\Google\Chrome\User Data\b0688188-9e5b-483e-b5d1-6c82682116b5.tmp	ASCII text, with very long lines, with no line terminators	DD00E5A0AFFA9EA214FCB0BF5CBA030C	76BB1BEE095F9F02ED56D851FBCFA432887542B6	A29248777265C51EA25865E6E600C5B3A8EB51D1892E55B952A682C197DACDEA
C:\Users\user\AppData\Local\Google\Chrome\User Data\b83dff6a-35ef-4801-92b7-65b74924478b.tmp	ASCII text, with very long lines, with no line terminators	E36BA852742AEC8FA8B35034DCF8FE66	B63B2C0CAE8FA33DA70F082934E7853C0EE03350	DAB5B1351A37C32330934FBD78C26812CD9E3242E8CF015438B3ABEADC628FD7
C:\Users\user\AppData\Local\Google\Chrome\User Data\d1b16602-2ffe-473a-b691-e1104a7fb693.tmp	data	0F3FBB09496E7E784E19F47EFAEB42E0	2193635CC6AB7EBB67CC47D2099D987E5E88027E	4F7735EE75486742E6ABD7791AD166CFD5AD35C8CEAFC22C98682F05ED20F8E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\f84e30fc-f812-474d-9f76-647b602cddbf.tmp	ASCII text, with very long lines, with no line terminators	8922BD5C6A5D02D9BD0709A18CAB950B	D1859830BA270013D1588E9FE0D96893798AFF9F	C78E279823531CE6F453A17314B5C981A42FA5DF9BFDA6817BF1DBB92A890A69
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log	ASCII text, with CRLF line terminators	FF3B761A021930205BEC9D7664AE9258	1039D595C6333358D5F7EE5619FE6794E6F5FDB1	A3517BC4B1E6470905F9A38466318B302186496E8706F1976F1ED76F3E87AF0F
C:\Users\user\AppData\Local\Temp\19e9d7b1-9f73-43b1-adb7-7cd4a3a118e7.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\1a6ecee9-95e0-401c-853e-6987d4ec6944.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\3e3f8d37-5341-46a8-acb7-375f529408a6.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\422f2897-a25d-4e2e-b4af-a457104d2247.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\5632_1178174069\manifest.fingerprint	ASCII text, with no line terminators	423CB83A2A3B602B0AA82B51B3DA2869	58BC924AF90A89CE87807919F228FE6C915AD854	0047059C732D70AF8C2F407089237F745838A0FE4F75710ABF1E669B81243E9C
C:\Users\user\AppData\Local\Temp\5632_1179978503\manifest.fingerprint	ASCII text, with no line terminators	C00BCE97F21B1AD61EB9B8CD001795EE	8E0392FF3DB267D847711C3F4E0D7468060E1535	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
C:\Users\user\AppData\Local\Temp\5632_1924295626\manifest.fingerprint	ASCII text, with no line terminators	65FB5567E005DA75F5685DC4D852C4F1	1E825C378CB10F91279338E8FFF822291984FF6C	FD3317D5171F4C516C7DB089DDF5DD75B6BDD0BE45446507751AF55B78B7E728
C:\Users\user\AppData\Local\Temp\5632_304794728\manifest.fingerprint	ASCII text, with no line terminators	7A1DFB1CEBD22123E2FCAA955D7B4DEB	91D7388CBEC915A37483D069E524E8DD84682F85	78D7D486CD2811679A3455BEFAA9C5645D73CB4DA93AD1865FE3692B951D9EAE
C:\Users\user\AppData\Local\Temp\a6e226d5-702e-4692-96ac-477b8244dd35.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\bf09cc1d-b6fa-41c6-9e03-09c5b810a198.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log	ASCII text	DE19B43D066982D0533B21D5268B04A0	246F2477CBD87EB6E74BF57D30D09A026E2F1BE7	A9179C7A251A6DEABA8501329F2534E3369835B760893EFDAB6F5ABA20A1BA26
C:\Users\user\AppData\Local\Temp\hee0gukh.eki\MP.CryptoDredge.dll	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows	B48704C2B661A38C20ED8D423B180AD0	6E84FF8D59DBEBFD1EC41F09E8ECFBD55D2403B6	5FAACDFC9B6B0C7B26F6A8738D1A354CB1D6ABF4C6D945122347E75A58F49CCB
C:\Users\user\AppData\Local\Temp\mxj5wytn.pid\unarchiver.log	ASCII text, with CRLF line terminators	8240A7AF8CFF703B7EC6C21C78817F28	BD09510FB6480D419381E5649F28EAFB45F8C084	A86A036803D8D138425C5F6CABBCE663C1847950F1B370935AE120E06C69ED7B
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1370245085\bf09cc1d-b6fa-41c6-9e03-09c5b810a198.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\1a6ecee9-95e0-401c-853e-6987d4ec6944.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8EF94823972EA8D2FC9BB7EC09AB1846	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C314FAC15AFF6A2EE9C732C64AB5A66D	D51F3362B5FDD2F3756DE42D7D6227DC818C6344	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F60AB4E9A79FD6F32909AFAC226446B3	07C9E383D4488BEBE316CA86966FC728F55A2E32	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	4E233461D805CA7E54B0B394FFF42CAB	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	897DAE6B0CF0FDE42648F0B47CB26E06	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\sw\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	EC233129047C1202D87DC140F7BA266D	537E4C887428081365D028F32C53E3C92F29AAA6	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\ta\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C50C5D2EDFC79DBDCBD5A58A027A3231	14314D760A18C39F06CD072CF5843832AFB86689	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\te\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F740F25488BE253FCF5355D5A7022CEE	203A8DF19BA5A602A43DE18E99A6615D950C450E	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9F926FCB8BAEA23453B99EA162CCDEA1	04D1E45591C0435A39DCA00A81E83E68585E8B64	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	B0420F071E7C6C2DE11715A0BF026C63	F41CC696786B18805DB8DC9E1E476146C0D6BE90	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FF06E78C06E8DFF4A422EA24F0AB3760	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C3A40E8433D96D7E766C011D9EC7502B	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\zh\messages.json	UTF-8 Unicode text, with CRLF line terminators	D4513639FFC58664556B4607BF8A3F19	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	494CE2ACB21A426E051C146E600E7564	D045ECC2A69C963D5D34A148FE4A7939DE6A1322	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_1731189974\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\3e3f8d37-5341-46a8-acb7-375f529408a6.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir5632_395307677\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip.crdownloadf (copy)	Zip archive data, at least v2.0 to extract	5D120DD4A09B7514522779C23A9C6041	E93AEF543D60376AF2793DA34F0260738FE8A84F	0B36E57CE03DAFE5F4A862FD7EFBB131C7B6F24E6490C1E374645E3AC4A304B8
C:\Users\user\Downloads\CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip:Zone.Identifier	ASCII text, with very long lines, with CRLF line terminators	D1AB1E4387545FA6CD45F79F00471B52	031B6C17BB2349F4FB61DDFE210D82FE7812B2DB	214BBB8404CDEAB165FEA39239777B55DD2AD767685CE0B26A01C9F3D96ED999
C:\Users\user\Downloads\bb62edea-b890-43f2-934e-b6e80d1d2244.tmp	Zip archive data, at least v2.0 to extract	5D120DD4A09B7514522779C23A9C6041	E93AEF543D60376AF2793DA34F0260738FE8A84F	0B36E57CE03DAFE5F4A862FD7EFBB131C7B6F24E6490C1E374645E3AC4A304B8

ID:	479875
Product:	CloudBasic
Start time:	15:45:52
Start date:	08.09.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report https://github.com/nicehash/NHM_MinerPluginsDownloads/releases/download/v16.x/CryptoDredge_v16.0_mptoolkitV1_e294f620-94eb-11ea-a64d-17be303ea466.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs