Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html

Overview

General Information

Sample URL:https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html
Analysis ID:630134

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
HTML body contains low number of good links
Found iframes
Suspicious form URL found
No HTML title found

Classification

Process Tree

  • System is start
  • chrome.exe (PID: 3032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html MD5: 74859601FB4BEEA84B40D874CCB56CAB)
    • chrome.exe (PID: 7372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,16689440621604081440,12108735069133180836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:8 MD5: 74859601FB4BEEA84B40D874CCB56CAB)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlAvira URL Cloud: detection malicious, Label: phishing
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Number of links: 0
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Number of links: 0
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Iframe src: ./static/domain2.html
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Iframe src: ./static/drag_ele.html
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Iframe src: ./static/domain2.html
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Iframe src: ./static/drag_ele.html
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Form action: loginl.php
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: Form action: loginl.php
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: HTML title missing
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: HTML title missing
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: No <meta name="author".. found
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: No <meta name="author".. found
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 203.205.255.142:443 -> 192.168.2.3:61677 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.164.62.153:443 -> 192.168.2.3:53411 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.164.62.153:443 -> 192.168.2.3:53412 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 5MB later: 27MB
Source: unknownDNS traffic detected: queries for: www.myxgzd.cn
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 56614 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50581 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54664 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57603
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55824
Source: unknownNetwork traffic detected: HTTP traffic on port 57603 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56796
Source: unknownNetwork traffic detected: HTTP traffic on port 62066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54457
Source: unknownNetwork traffic detected: HTTP traffic on port 50877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62232 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62232
Source: unknownNetwork traffic detected: HTTP traffic on port 64231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63559 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64231
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53411
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50581
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54664
Source: unknownNetwork traffic detected: HTTP traffic on port 55824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53410
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49292
Source: unknownNetwork traffic detected: HTTP traffic on port 61676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53412
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61677
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55244
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58671
Source: unknownNetwork traffic detected: HTTP traffic on port 58671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61473
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63379
Source: unknownNetwork traffic detected: HTTP traffic on port 63379 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63611
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61676
Source: unknownNetwork traffic detected: HTTP traffic on port 49292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50609 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50877
Source: unknownNetwork traffic detected: HTTP traffic on port 55883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58638
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57306
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56614
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55883
Source: unknownNetwork traffic detected: HTTP traffic on port 58033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57501
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57701
Source: unknownNetwork traffic detected: HTTP traffic on port 63611 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54457 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57306 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63559
Source: unknownNetwork traffic detected: HTTP traffic on port 55244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61473 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50609
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62066
Source: unknownNetwork traffic detected: HTTP traffic on port 53411 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57208 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.37.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknownHTTPS traffic detected: 203.205.255.142:443 -> 192.168.2.3:61677 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.164.62.153:443 -> 192.168.2.3:53411 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.164.62.153:443 -> 192.168.2.3:53412 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Temp\853bd3f6-641e-4839-aee1-dcc77347c8ff.tmp
Source: classification engineClassification label: mal48.win@30/87@11/193
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,16689440621604081440,12108735069133180836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,16689440621604081440,12108735069133180836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\lockfile
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Drive-by Compromise		Windows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html3%VirustotalBrowse
https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
www.myxgzd.cn1%VirustotalBrowse
exmail.wechatos.net0%VirustotalBrowse
weixin.f1weixin.download.ettdnsv.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
captcha.gtimg.com.sched.legopic1.tdnsv6.com
203.205.136.80
truefalse
    		unknown
    accounts.google.com
    		142.250.74.205
    		truefalse
      		high
      ins-2n7ixenz.ias.tencent-cloud.net
      		129.226.107.149
      		truefalse
        		unknown
        exmail.wechatos.net
        		203.205.255.142
        		truefalseunknown
        weixin.f1weixin.download.ettdnsv.com
        		211.152.136.109
        		truefalseunknown
        clients.l.google.com
        		142.250.185.206
        		truefalse
          		high
          rescdn.qqmail.com.sched.legopic1.tdnsv6.com
          		203.205.136.82
          		truefalse
            		unknown
            www.myxgzd.cn
            		103.164.62.153
            		truefalseunknown
            captcha.gtimg.com
            		unknown
            		unknownfalse
              		high
              tam.cdn-go.cn
              		unknown
              		unknownfalse
                		unknown
                t.captcha.qq.com
                		unknown
                		unknownfalse
                  		high
                  clients2.google.com
                  		unknown
                  		unknownfalse
                    		high
                    exmail.qq.com
                    		unknown
                    		unknownfalse
                      		high
                      rescdn.qqmail.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmltrue
                          		unknown
                          https://t.captcha.qq.com/template/drag_ele.html?t=1652995242786false
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            103.164.62.153
                            		www.myxgzd.cnunknown
                            		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                            9.9.9.9
                            		unknownUnited States
                            		19281QUAD9-AS-1USfalse
                            142.250.185.206
                            		clients.l.google.comUnited States
                            		15169GOOGLEUSfalse
                            74.125.108.199
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.74.205
                            		accounts.google.comUnited States
                            		15169GOOGLEUSfalse
                            211.152.136.109
                            		weixin.f1weixin.download.ettdnsv.comChina
                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                            203.205.136.82
                            		rescdn.qqmail.com.sched.legopic1.tdnsv6.comChina
                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                            203.205.136.80
                            		captcha.gtimg.com.sched.legopic1.tdnsv6.comChina
                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                            142.250.186.106
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.251.37.99
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.181.227
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            203.205.255.142
                            		exmail.wechatos.netChina
                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            142.250.185.195
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.186.142
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            129.226.107.149
                            		ins-2n7ixenz.ias.tencent-cloud.netSingapore
                            		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse

                            Private

                            IP
                            192.168.2.1
                            127.0.0.1

                            General Information

                            Joe Sandbox Version:34.0.0 Boulder Opal
                            Analysis ID:630134
                            Start date and time: 19/05/202214:19:372022-05-19 14:19:37 +02:00
                            Joe Sandbox Product:CloudBasic
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.html
                            Number of analysed new started processes analysed:16
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal48.win@30/87@11/193
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI

                            Warnings

                            • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.142, 74.125.108.199
                            • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenFile calls found.
                            • VT rate limit hit for: tam.cdn-go.cn

                            Created / dropped Files

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\0218e207-1cf3-443a-8765-151f7f32f855.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):101828
                            Entropy (8bit):6.036451270036162
                            Encrypted:false
                            SSDEEP:
                            MD5:2BF6FD73419659EBFA3F9706D539B552
                            SHA1:F9E8C6596A6646DC582F76ECA77E347F657CF8A9
                            SHA-256:A56BF4274FDE568AA3E1350F475E93A8929F895FF5C3E77E8DF167D9985A0FAF
                            SHA-512:C8417F979DD01446EA6ECD647C4FFAE43056F02C8F416193932F4DD5BB9370029A261D8983A9BD6575ED541A6D12D2E7D4F5E7B48F6AA577D7BB06EB3C77EA82
                            Malicious:false
                            Reputation:low
                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652995217312198e+12,"network":1.652962818e+12,"ticks":171213518.0,"uncertainty":3349519.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"last_statistics_update":"13297468814158475"},"profile":{"info_cache":{"Default":{"active_time":1652995215.828089,"avatar_icon":"chrom

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\90a6a0c7-c376-4bee-93f5-90c949a2d8eb.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:modified
                            Size (bytes):106470
                            Entropy (8bit):6.0668470487271655
                            Encrypted:false
                            SSDEEP:
                            MD5:4867BCC605B62C67E95BF6BE5B16C835
                            SHA1:CE774181BB83E2C054235471C7B65E21B03C3B5A
                            SHA-256:DBABDECB7CA84DBC740E0546359EB09BCDBA70267ADF02AF09CC5C606AD47F4D
                            SHA-512:49B8DE577A8E99D2C8C2556CF1B09BEBC84FDDB72FD30138C8D889C81046C83DBB48764BDD43676F586EBB9DCAA2DDB5E422861C6311B5F82BC5404E39ECB64F
                            Malicious:false
                            Reputation:low
                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652995217312198e+12,"network":1.652962818e+12,"ticks":171213518.0,"uncertainty":3349519.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13288110187754473"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):40
                            Entropy (8bit):3.254162526001658
                            Encrypted:false
                            SSDEEP:
                            MD5:FA7200D6F80CD1757911C45559E59C0E
                            SHA1:89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88
                            SHA-256:D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
                            SHA-512:71D9B2DA8EAF404063D918812BA61C3EFB6A23A283B0332180A38C8137FBB21D7977C008D5A57A74469776945CD4ED42C0BCC09F923EDEC52D8F7FE90FA2D104
                            Malicious:false
                            Reputation:low
                            Preview:sdPC.....................A.>'..M..,.,.-.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\16be6797-3ab7-49e1-af1b-326e747272c3.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):3343
                            Entropy (8bit):4.945222848960228
                            Encrypted:false
                            SSDEEP:
                            MD5:CAB8BEABE7E66A4015C98A3C77B3698B
                            SHA1:C960AAAEA7014E105290C7D0F09BFCA837C8E8CC
                            SHA-256:75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
                            SHA-512:0D1E94E84294AEA4BF400FF9D0654748BFFEB92D3A1643A6A13B541ADB1BC13EA2F649560A27C8CC3D8AEF9DA5D6B668C7E3BE696091CE882A475B91A9A4CAC8
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230891381309","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230891381310","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39697},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230887958662","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230887958664","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":52163},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230886326794","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230886326795","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\26225e3b-e925-44fd-b90d-2dd807a634f7.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):16305
                            Entropy (8bit):5.568266041471873
                            Encrypted:false
                            SSDEEP:
                            MD5:E86499196AD1C5E15033C1659289792B
                            SHA1:FAA6AA8CF262F779946D7400EA3296C03B630D02
                            SHA-256:C0F47DFDD0FF35B4D37AAFB0E6F7A7A0693EE85318B43C19495263AD35887D44
                            SHA-512:C34254139EE75027FFF85E0AF5FAD40B0B44AA6E9C45FDE4935A5815E7747A3239DB4180AEB7AECA05288E899FB48BCA4C68BE2A21581492A493D77D24113C8F
                            Malicious:false
                            Reputation:low
                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297468814767080","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\293ab97f-d244-446e-937b-c5a2dcc41244.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):15765
                            Entropy (8bit):5.573481987807745
                            Encrypted:false
                            SSDEEP:
                            MD5:6E0840A72733719BF5D5332D4ACAFFD3
                            SHA1:A815766850C48138317A331F8B40627E732565B2
                            SHA-256:24DDD008673DAD96D1C9CE0DF9F6AC734C53D8A66D6CF82C55E072749CEDEFF1
                            SHA-512:3B2E7F42B0291106DBAF8C5D080388D4D965C075CA4B9D059198805EBE76BC7E6451E39005FD4DE5B6A6A8AAB63B74550BFDAE33D670607F1D9EBF66F5D73E56
                            Malicious:false
                            Reputation:low
                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297468814767080","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\4f5edff6-35d4-4ba5-a75f-39fc3b47a2b8.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):18395
                            Entropy (8bit):5.555588330056511
                            Encrypted:false
                            SSDEEP:
                            MD5:4A99477A8B23A6C3E229B882F4AC7EFB
                            SHA1:E235CF43ADD2966BD71B941BC6A8CEC6C2263E14
                            SHA-256:40A024ADA66E177B6996F10F62A3065A46E380062EC5CEC4251B4C768A474BF3
                            SHA-512:F6D349A22E776B993FB13D5B00D4AE1EF14A73D55217EF37C90234126ADEFB69DD009CD03C1329C2714AFE295210350FE1D23A4FE55E005CBB35B248B4DEED6F
                            Malicious:false
                            Reputation:low
                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297468814767080","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\6eed938f-000c-4b10-b1f4-6e48453c774b.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):3488
                            Entropy (8bit):4.943960887165475
                            Encrypted:false
                            SSDEEP:
                            MD5:46A281BF9C140C04FF85219B00C02ACF
                            SHA1:75C5A82746218BC910EB261A6AEF3F3D94C83E96
                            SHA-256:0EF5C8C38694AF03566958CBA3941EC34E81D1B53F054FBCB349F3B538ACF93A
                            SHA-512:FAAF12E8D7F46DAA2558F61472850408CDC577EF35A83E59F3B1A588B6E82A32FA99B408F96B57FA841047C7D7E2C6AD727580BA4AB54CCC90ECA44A02B9F569
                            Malicious:false
                            Reputation:low
                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297468816147347","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2733},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13297468816143082"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b7bb4703-e461-4e00-a2d3-f4351f2852bd"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"911AFFA1123AB4E7935FA1E9DE102862","engagement":{"schema_version":4}},

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\7ceac2ff-15e3-4353-8c5a-7b50fbb631c8.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):3488
                            Entropy (8bit):4.944196129292588
                            Encrypted:false
                            SSDEEP:
                            MD5:EBA771DF6887C5A1F4C33BD9207B324E
                            SHA1:E42F38ACC42F158C43DE93EF4B3C58C5A2742236
                            SHA-256:4EF8D4540284B6D473E350FC14650E9713B9AA47638149905BB8CEF4992AD699
                            SHA-512:C78A2F85A9E85DD6F6E85E047A6BCCB38D5980AA67B967133948632B6FC44A39BD6A011507979B4CEA1494042CA2498CB0E7DBF75CB4EC67C848D1E62A9F5FEF
                            Malicious:false
                            Reputation:low
                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297468816147347","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2733},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13297468816143082"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gcm":{"product_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"b7bb4703-e461-4e00-a2d3-f4351f2852bd"}},"intl":{"selected_languages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"911AFFA1123AB4E7935FA1E9DE102862","engagement":{"schema_version":4}},

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\8b726dff-7a8f-493c-bc9e-9e806bc92b1f.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):4318
                            Entropy (8bit):5.0330190353630035
                            Encrypted:false
                            SSDEEP:
                            MD5:047F5289F93B8A56C93203B9642DDB9D
                            SHA1:FA76AFB7BCEDCF5870E18984AAA3C9CF77BB7D21
                            SHA-256:13E9CB7E9D2B436AE12BE9D75F7FEE931C48BBB29604909487335321AB6BC032
                            SHA-512:EE8148072D6E3CB0AD1E5C2D7E4981C2D7EE71A83F2F2567EBFDEDC436830B0F0C6BB20665B46E96292FACAE52D67CC40B186EC90E6B997DC04159EFB1DDD69E
                            Malicious:false
                            Reputation:low
                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297468816147347","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2733,"this_week_services_downstream_foreground_kb":{"115188287":49,"21145003":243,"35565745":2,"5151071":2}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13297468816143082"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1652995218.454197,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_subtypes":"com.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):3343
                            Entropy (8bit):4.945222848960228
                            Encrypted:false
                            SSDEEP:
                            MD5:CAB8BEABE7E66A4015C98A3C77B3698B
                            SHA1:C960AAAEA7014E105290C7D0F09BFCA837C8E8CC
                            SHA-256:75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7
                            SHA-512:0D1E94E84294AEA4BF400FF9D0654748BFFEB92D3A1643A6A13B541ADB1BC13EA2F649560A27C8CC3D8AEF9DA5D6B668C7E3BE696091CE882A475B91A9A4CAC8
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230891381309","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230891381310","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39697},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230887958662","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230887958664","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":52163},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230886326794","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13270230886326795","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):4318
                            Entropy (8bit):5.0330190353630035
                            Encrypted:false
                            SSDEEP:
                            MD5:047F5289F93B8A56C93203B9642DDB9D
                            SHA1:FA76AFB7BCEDCF5870E18984AAA3C9CF77BB7D21
                            SHA-256:13E9CB7E9D2B436AE12BE9D75F7FEE931C48BBB29604909487335321AB6BC032
                            SHA-512:EE8148072D6E3CB0AD1E5C2D7E4981C2D7EE71A83F2F2567EBFDEDC436830B0F0C6BB20665B46E96292FACAE52D67CC40B186EC90E6B997DC04159EFB1DDD69E
                            Malicious:false
                            Reputation:low
                            Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13297468816147347","alternate_error_pages":{"backup":true},"autocomplete":{"retention_policy_last_version":92},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2733,"this_week_services_downstream_foreground_kb":{"115188287":49,"21145003":243,"35565745":2,"5151071":2}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13297468816143082"},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"92.0.4515.107"},"gaia_cookie":{"changed_time":1652995218.454197,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product_category_for_subtypes":"com.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):16306
                            Entropy (8bit):5.568276202301809
                            Encrypted:false
                            SSDEEP:
                            MD5:799879D55B782D3DA5B68CB1D702F11A
                            SHA1:9789F69B80DA05C2902D5CDB81DFF591DC7C91A5
                            SHA-256:E04EF0D475B9487B15FFDE45ADDE2F0F0CCA14CC3E52F2E302DFEA3A31C00A91
                            SHA-512:65B62FB8E9DE053E4991C1EAFA239D0E441671E8DD900D40313F60F19CEE3ACA9B3B25BF17E721DCCC9CBEB42646BBD428043EBDD6B83932FC6F3F9DB5C90072
                            Malicious:false
                            Reputation:low
                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297468814767080","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):16
                            Entropy (8bit):3.2743974703476995
                            Encrypted:false
                            SSDEEP:
                            MD5:AEFD77F47FB84FAE5EA194496B44C67A
                            SHA1:DCFBB6A5B8D05662C4858664F81693BB7F803B82
                            SHA-256:4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
                            SHA-512:B733D502138821948267A8B27401D7C0751E590E1298FDA1428E663CCD02F55D0D2446FF4BC265BDCDC61F952D13C01524A5341BC86AFC3C2CDE1D8589B2E1C3
                            Malicious:false
                            Reputation:low
                            Preview:MANIFEST-000006.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\e8c5e606-2d71-48b6-bc9c-64e07e6d1b69.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):16306
                            Entropy (8bit):5.568276202301809
                            Encrypted:false
                            SSDEEP:
                            MD5:799879D55B782D3DA5B68CB1D702F11A
                            SHA1:9789F69B80DA05C2902D5CDB81DFF591DC7C91A5
                            SHA-256:E04EF0D475B9487B15FFDE45ADDE2F0F0CCA14CC3E52F2E302DFEA3A31C00A91
                            SHA-512:65B62FB8E9DE053E4991C1EAFA239D0E441671E8DD900D40313F60F19CEE3ACA9B3B25BF17E721DCCC9CBEB42646BBD428043EBDD6B83932FC6F3F9DB5C90072
                            Malicious:false
                            Reputation:low
                            Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13297468814767080","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\fe119e62-f94e-41bf-aad0-507ad46065a4.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:
                            MD5:5058F1AF8388633F609CADB75A75DC9D
                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                            Malicious:false
                            Reputation:low
                            Preview:.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):106
                            Entropy (8bit):3.138546519832722
                            Encrypted:false
                            SSDEEP:
                            MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                            SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                            SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                            SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                            Malicious:false
                            Reputation:low
                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):13
                            Entropy (8bit):2.873140679513133
                            Encrypted:false
                            SSDEEP:
                            MD5:3A0E5D4F452CF99191634D0FFAB744A0
                            SHA1:F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD
                            SHA-256:B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
                            SHA-512:87BF9DB30598EC454A02A4A32E5458E83870524D4AA497CB167C8A92B7521204B7B75E2BE18D61F9FBE51CA7DE8E35782AA65E6F6F11E4A4926A9B6C85D6528A
                            Malicious:false
                            Reputation:low
                            Preview:92.0.4515.107

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):106555
                            Entropy (8bit):6.066982753456239
                            Encrypted:false
                            SSDEEP:
                            MD5:E89A474222F0E116B73026F0B6E22CAA
                            SHA1:DC746682376491254CBB75CA787E0184BD376C43
                            SHA-256:4B6EE04EB0D1DED55F969DB24F8A1B90799848D7C2F3D38A4754CB618EF1E7E6
                            SHA-512:4D71D339807B474D39555E1039894526EF2C45A882067AD0EE664C4AD76F842A9C18FD1BE1C3686E5011EA4BB19B9A90E9506F5514A1F6444C4254CED614C73F
                            Malicious:false
                            Reputation:low
                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652995217312198e+12,"network":1.652962818e+12,"ticks":171213518.0,"uncertainty":3349519.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13288110187754473"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\aa7b2268-874b-4fb0-86d2-deb0a868a0e7.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):101809
                            Entropy (8bit):6.036134870840213
                            Encrypted:false
                            SSDEEP:
                            MD5:4BB5C4BF10433BDA79C50AF7DF27AD3F
                            SHA1:4E07B8BB4FE050260FF157D70DC657C7F3551BC3
                            SHA-256:54216F8196BD1B559204A2646C16A7F9B1EE7EA24B06E8562DB742E1FCA2CAB0
                            SHA-512:904DAF153DC8CA71A69EDD05EEE3F1AC9DB8E53EC9738ACA8210892CB13DD740F2CFAA5B5EA05112E6325DEA64A41A304E7C97C64F17F54CCC85BE5E3E2B5A9B
                            Malicious:false
                            Reputation:low
                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652995217312198e+12,"network":1.652962818e+12,"ticks":171213518.0,"uncertainty":3349519.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"last_statistics_update":"13297468814158475"},"profile":{"info_cache":{"Default":{"active_time":1652995215.828089,"avatar_icon":"chrom

                            C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\b5ccd10a-cc23-4577-911b-a2514e88b430.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:modified
                            Size (bytes):106555
                            Entropy (8bit):6.066982753456239
                            Encrypted:false
                            SSDEEP:
                            MD5:E89A474222F0E116B73026F0B6E22CAA
                            SHA1:DC746682376491254CBB75CA787E0184BD376C43
                            SHA-256:4B6EE04EB0D1DED55F969DB24F8A1B90799848D7C2F3D38A4754CB618EF1E7E6
                            SHA-512:4D71D339807B474D39555E1039894526EF2C45A882067AD0EE664C4AD76F842A9C18FD1BE1C3686E5011EA4BB19B9A90E9506F5514A1F6444C4254CED614C73F
                            Malicious:false
                            Reputation:low
                            Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.652995217312198e+12,"network":1.652962818e+12,"ticks":171213518.0,"uncertainty":3349519.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrdacpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEtOEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13288110187754473"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                            C:\Users\alfredo\AppData\Local\Temp\1fd2a21e-08ad-4d1e-8d4e-f89d0a7e4de2.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
                            Category:dropped
                            Size (bytes):101891
                            Entropy (8bit):7.9971613680976565
                            Encrypted:true
                            SSDEEP:
                            MD5:173CA02E5B06065771DEB2F28E4E5A9E
                            SHA1:20F1774FB280C94C13082A255C27D7A786EFD5C7
                            SHA-256:634557AE2916F2FAA0CBF2557F8F96E26845ABE94D2784FD73B169EC5618B186
                            SHA-512:D947E3ED56BE1F3C668943E8F066F39650D2E0D76BF64BAD167E100B8B1066B88D8E851346AFBD9777E90445F41C5108A0A2F1514A3F28F02D4EC39978121E71
                            Malicious:false
                            Reputation:low
                            Preview:............{..0......&xqH.....zyIBv9....=...+......I6....3#.l.@..9.s].W7...h4..H...7.^.........Bg.....`.;.S...P.............z.3.........9~.P..{..-.z........b.:......>..'....I8.......'v.M'E.?bA...N8.'.8I.._...<v&.pT{.L'Ne...#.S!].T.-+...r)5.j.U.8q....X..VPo.....F.o..A.~~.?.w......eNJ..a)....i....:?._^..v.<=ei...i.......Q...8k......~j.c.W......~...Q.yq..^9..z.......S..b.E..L3|.9S.pa...a....5...J.\.2l..s..4.....S.u..o.|.Q.K.0.=........0....xj.4....Mie..C..3..... ..........WN........4Vs.B..N.bD...VK%...mb...{{....pd..7..G.....}.J;"..4,.......A.R|0d..)..M......;;.8.h.C.u..pkM..Z@.......r..U....H...],..l:~p..8`....3....5.*.t../S{.{`.^kB=f......ZR..L.$t..D%I..xB../.{rb..h8.!.........Z.0........{PuK%Vv...RR.*.......j.vw.[B..$..|&..eZEW.Z[&..d>.o......@..t.z.O.12C......Kk..oS.[.0.M...<.zq#*g.r......"0+.[.....Tb.E....F...U..U0...G.........t!.+...&K.@.N.#R.]...+.;.M[..x,...J.l........&y.n.....j>..0.|W.+.S.0X.S.E..L....R.....W.u.g.S.&^.g..N/..

                            C:\Users\alfredo\AppData\Local\Temp\3032_1006260583\_metadata\verified_contents.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):1820
                            Entropy (8bit):6.017077005194299
                            Encrypted:false
                            SSDEEP:
                            MD5:8E5AE76D594869DB6EC10D01A1287EF1
                            SHA1:62DF1C79E4905BE171FCD2B01C8ECBB6057042E4
                            SHA-256:750CAC1993B7A40D326D545BD826DAF3572590C1F6DC3020A2F2B1E07F026923
                            SHA-512:F173EE74EE0F9791EEBB6C27D098DFD4E74FE5FE3D01068858C06C7D1B405C0A9D08FA4E1CF1B2F4AB09BAF8DB896701D852DBB19C4BD2FF81117DF3470C3FA6
                            Malicious:false
                            Reputation:low
                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiRDJvbUthMC03TURYRWNpbU9BaHY1SUZZVVY4Q2hHSVYwMTJ3RW1XNWJmcyJ9LHsicGF0aCI6InRsX2VuLXVzXzIwMjItMDQtMDlfNDQwNzAyMzU4XzEwMDAwMF9pbmRleC5iaW4iLCJyb290X2hhc2giOiJrN2VnQ2dPTzduZTQwUWw4X1pxUTJqQnJ1eEJ3VnZ4X09iYkkxQTN2eHJBIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDIyMDQwOS40NDA3MDIzNTgiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"MmTyXyBUFPDQ5d5lwmf-nM5akOPTlWsg83QSgLTbWiUzxiAAeXO49fnF5gpx9dq6v5dU2hOE9lzGsf7iDRCADOyUFRs4RTix56fnsvdf5W-nWHZX-Zbcqst3UUUCTNFxuAPkv6hwwBWnQONMAKAjbdaIQOoyPKAAjNum1TcbBgIa9XAU_VUbRpmaXPdb_B2-icv-aA8HWQ0PUGNrn3UYvnW-erOWZIYLbjSdwbpZsJYZC0SKoDUgvTeU2xRWy9nkWub2MGYUWjb-qiuRI735a1h6TTNb89ytQpO

                            C:\Users\alfredo\AppData\Local\Temp\3032_1006260583\manifest.fingerprint

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):66
                            Entropy (8bit):3.9700022190465654
                            Encrypted:false
                            SSDEEP:
                            MD5:215EFCA186067EF9AE5ED630AFD56024
                            SHA1:C76381D26A393D70E556CF2D431F9F225F86F77D
                            SHA-256:C0C2FCFDD8ECF66D6519C3D83DB08EDD8466F6AD96C37AD0141FA7BCF3060051
                            SHA-512:70573E43D73B7889797E23698FB9191294E428978DE521837C689018A61E911FE0638239506EDE5DD559A4B9472753C653E71BC594E797D9B8FDC46A2A97264F
                            Malicious:false
                            Reputation:low
                            Preview:1.3a762cbaf6b95d800816d4b4ebdb858048be9df79e71871af31a7c555c54e28f

                            C:\Users\alfredo\AppData\Local\Temp\3032_1006260583\manifest.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):196
                            Entropy (8bit):4.823927782735717
                            Encrypted:false
                            SSDEEP:
                            MD5:4C6AC7BBEDF2D62AB0963EBBEC4B9F93
                            SHA1:21D5FF18930EEB10A875DA8CC99859E8D142F14C
                            SHA-256:0F6A2629AD3EECC0D711C8A638086FE48158515F02846215D35DB01265B96DFB
                            SHA-512:0128DB5C9A5C1CA9A779C6C9948D305184C56EA19D2C53885DBC4061D72FBCCA2D3FDF2B3DAB0AE33F89F6756F56E75EE005A8773F76932B730690A8C31789BC
                            Malicious:false
                            Reputation:low
                            Preview:{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS",. "version": "20220409.440702358",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

                            C:\Users\alfredo\AppData\Local\Temp\3032_1006260583\tl_en-us_2022-04-09_440702358_100000_index.bin

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):1390333
                            Entropy (8bit):6.567627924309316
                            Encrypted:false
                            SSDEEP:
                            MD5:0962381D1AC5A927477F6C98B1025945
                            SHA1:50A21EA95EFD8D808A1A72112D2C916021316177
                            SHA-256:88F231807454006812E8CDB3E0C36AFB3FE63DF7029AFF8FF44EFA0C31F12201
                            SHA-512:EAC1EAFEC23B75CCD57F5A2A28C3F3C15F13984E2D6B583A31015E5E4B23A63692D6F5FA4648F5E6B48C6F09297E83AF97B97D087CBA37484026FF61834D28CD
                            Malicious:false
                            Reputation:low
                            Preview:.....wC...yI...a....h.p..gQ#..f...rY...t....eu=..uM...c.(..pS...iiV..d9...zck..mI...n-...b.n..l.;!.s..".v.6&.k..&.o;.'.x.p(.j..(.1'.).q9.).4..).2Y.).3..*.5."*.7.8*.9.F*.8.R*.6.]*...h*.*.i*.&.i*..X..#Ij*%.... ....... . .....Z..0aj*.@gl*....l*........ .l*./.l*.$)m*........ ..........=$... to $v....................r}.... ....|.).g..... ......f...Ng.o....em5..a....i_...h[...w'...s...u....v...r]...y....l....2....4 form;...bU...t....my...g....p....nQ...d....f....9 q...k....c7...-... 9 formR..jhl..x....zzm 13.....I~.r9...l....k."..om#..u.)..nI*..m.,..w.4..eG5..ah vicky...fford basketball......F.d....ld....k-...e....cester....s+...ms...n on tv..riedt.....s.lE... ....reference...s....finderd..ie:..master..hippo...pressV.....e]...yH....... ....2....i...s...rry......t....g....u....a....o....n....hw...w....2....- ....sQ...f....cC...rulesH..p....yesterday...d....es....varia!...liC...infinite......oday....ips....... ...

                            C:\Users\alfredo\AppData\Local\Temp\3032_1193017190\_metadata\verified_contents.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):1766
                            Entropy (8bit):6.0162908061537905
                            Encrypted:false
                            SSDEEP:
                            MD5:C14421F91111743BA8B33E9AED08DD2D
                            SHA1:DC33060954303461857D5D42E8AAD323F0057E33
                            SHA-256:4F4C1D05F7840E69D7E629042895A58F57C2700C47A8955B5BF6150A8A3610FA
                            SHA-512:3E9E16408C3917C26F6799618B52085B5D642A19A72E74ABD844183CFA911F654F26E914C7D09D147980CF46FC3F0651990FEB66BEA6ED0F52DB8711858FBA1E
                            Malicious:false
                            Reputation:low
                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiREdDRzBVQTAyTGE2dE1fNHdSa1pzSTNFNEtlTDE0MEQ2azJEcVlFbUE0YyJ9LHsicGF0aCI6Im9wdGltaXphdGlvbi1oaW50cy5wYiIsInJvb3RfaGFzaCI6IkhBMngxYUdaUFRaUWNMMEc4T1I4RVdWS3JZa3AzWWY1eXd6R0k3ZkVuYjQifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJsbWVsZ2xlamhlbWVqZ2lucGJvYWdkZGdkZmJlcGdtcCIsIml0ZW1fdmVyc2lvbiI6IjMzMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"ACwspwtJWfuU2eNk5nng-tdkBU1IhyZhoXWIbt_ho-KlkaxuItO8nTPCSqpjRIpeRB6MDjeWs9WQGbbpRyRPJ9foZrZm4OA00Od1H0T_ayvrzAtNF-F-Y9crQ8nZmxy6RbSUuZwJpXeqjGb-UyB5BJZo5X9HvmmfeztwJmrt45NPHyl8SMhvMlZvQCGon3toffiXK-3YkY5-x0AQTThYpfYqdZOyM2AiQTWlLwUN5qp2hkxNAAGCKjHG-X6XzAPXJ_n_yBdubpeh2eztNRV5fmQ7kQJdc2foRBX-us4g3OChwE2tAz5Rli8OzAqpK-LE1CDjhMhIRyuCsOJRhEFXj75xU

                            C:\Users\alfredo\AppData\Local\Temp\3032_1193017190\manifest.fingerprint

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):66
                            Entropy (8bit):3.9109092716239875
                            Encrypted:false
                            SSDEEP:
                            MD5:663057EB14E1B387F626B2A870F816CC
                            SHA1:9CFB28EE2734440BE9F0D11C3B921B0D62AAF531
                            SHA-256:791EC33BC8B64DA3164B547F2AF7778C7B3B3E72328742988CADDB7DD8767175
                            SHA-512:2898FB9236C5B0D99A9893C97F1363CFB8C745433FFEC9C98442633BB74BF79E8B5431B63E7A2F7A27D52B4CD5DC2CE1E236E34D81F3E7B4731CA688E6DDF488
                            Malicious:false
                            Reputation:low
                            Preview:1.bdd5297db8e80ac00d6b928cac181cc52fdf068767fedf0c79c0147a8b5d33ec

                            C:\Users\alfredo\AppData\Local\Temp\3032_1193017190\optimization-hints.pb

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):42890
                            Entropy (8bit):7.99335042319369
                            Encrypted:true
                            SSDEEP:
                            MD5:ECDB45F49E57BA9ED8668AF082864B64
                            SHA1:239BC48058A41439DC0462D4AB0FF555C689EFA1
                            SHA-256:D59DAA9BE5FEA7FC64592417FF98C9FD75D99F25A8B6F3566CF8674AC2910EB5
                            SHA-512:2B3526A10BFA935442F9FE073A118768C8C2143BD8FCCE6A6B2CFE931B2B8A1839360695F068E0BA2A82EB660ECBFC82CDFE69659875602E34493EC5A29EB537
                            Malicious:false
                            Reputation:low
                            Preview:............1............H...........r~K..J......x?....`99.E...!..Z'...6K&m.L!.<..G.......7.of..w.Dn.<.).....9. ....45.....(_...sc.+..w_H.T...:.u...D.5;o..F.!t........HEM/....\..x.C[H.R...U..`.<f..`..:.X.0....PZ.We.:...q$.S....t.Y;.k....dd....y.......6..-.l ...)..v.|.s"k0.A...o.(....eI7.....C..>..k...[.].i.L.*Qq.l.........x....:......w. ....4.3....3+ho?.......C..U.wr8...pT.....K....1U=Ftg..|.#.......x.......jQ...y9....X...Z4t...z....Yx....f....N...(.Vb.P.%p.0.......3....1C........F...o.....h.".ZTG...9#......,...-".L..VOy..I.q....O.E&s7.;y.I~'.s.<.`%..e....q...*...*...jd........W..H.{.Q..x|.11.E.o6F...Q3t>......s[....,....+.. .*.....j.7....G...c<t.JW|..sV..i0.f1......E..$HPD..aO.b.Ja.....rSK..i,..VOd.?;....P..3C{.0....!...kc....].}.._... .6.0....7.k..b'n...<,..E(^|with|\.)google(adservices|usercontent|plex|video|prod|apis)?(\.|$)*.(shopping|store)\.google\.com.........'......N ......................o..O.........p.4.L{l.sA.[wP.v.....Y\.Mo.MY.q(

                            C:\Users\alfredo\AppData\Local\Temp\60dbdbd0-dc1b-4127-9bf3-2bea5cf31c79.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Google Chrome extension, version 3
                            Category:modified
                            Size (bytes):248531
                            Entropy (8bit):7.963657412635355
                            Encrypted:false
                            SSDEEP:
                            MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                            SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                            SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                            SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                            Malicious:false
                            Reputation:low
                            Preview:Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\bg\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):796
                            Entropy (8bit):4.864931792423268
                            Encrypted:false
                            SSDEEP:
                            MD5:6F8E288A9AD5B1ED8633B430E2B4D4CA
                            SHA1:F671D3D4BEFA431D1946D706F4192D44E29B6F08
                            SHA-256:A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
                            SHA-512:0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\ca\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):675
                            Entropy (8bit):4.536753193530313
                            Encrypted:false
                            SSDEEP:
                            MD5:1FDAFC926391BD580B655FBAF46ED260
                            SHA1:C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
                            SHA-256:C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
                            SHA-512:39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\cs\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):641
                            Entropy (8bit):4.698608127109193
                            Encrypted:false
                            SSDEEP:
                            MD5:76DEC64ED1556180B452A13C83171883
                            SHA1:CFB1E56FD587BCDC459C1D9A683B71F9849058F9
                            SHA-256:32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
                            SHA-512:5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\da\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):624
                            Entropy (8bit):4.5289746475384565
                            Encrypted:false
                            SSDEEP:
                            MD5:238B97A36E411E42FF37CEFAF2927ED1
                            SHA1:4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
                            SHA-256:4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
                            SHA-512:FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\de\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):651
                            Entropy (8bit):4.583694000020627
                            Encrypted:false
                            SSDEEP:
                            MD5:6B3E916E8C1991AA0453CBA00FEDCAAA
                            SHA1:D6366D15912E40CA107FD42BFE9579C3336A51F9
                            SHA-256:A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
                            SHA-512:87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\el\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):787
                            Entropy (8bit):4.973349962793468
                            Encrypted:false
                            SSDEEP:
                            MD5:05C437A322C1148B5F78B2F341339147
                            SHA1:AB53003A678E44A170E73711FBD9949833BBF3AA
                            SHA-256:A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
                            SHA-512:C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\en\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):593
                            Entropy (8bit):4.483686991119526
                            Encrypted:false
                            SSDEEP:
                            MD5:91F5BC87FD478A007EC68C4E8ADF11AC
                            SHA1:D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
                            SHA-256:92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
                            SHA-512:FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\es\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):661
                            Entropy (8bit):4.450938335136508
                            Encrypted:false
                            SSDEEP:
                            MD5:82719BD3999AD66193A9B0BB525F97CD
                            SHA1:41194D511F1ACC16C1CA828AC81C18C8C6B47287
                            SHA-256:4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
                            SHA-512:D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\es_419\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):637
                            Entropy (8bit):4.47253983486615
                            Encrypted:false
                            SSDEEP:
                            MD5:6B2583D8D1C147E36A69A88009CBEBC7
                            SHA1:4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
                            SHA-256:6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
                            SHA-512:37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\et\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):595
                            Entropy (8bit):4.467205425399467
                            Encrypted:false
                            SSDEEP:
                            MD5:CFF6CB76EC724B17C1BC920726CB35A7
                            SHA1:14ED068251D65A840F00C05409D705259D329FFC
                            SHA-256:C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
                            SHA-512:53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\fi\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):647
                            Entropy (8bit):4.595421267152647
                            Encrypted:false
                            SSDEEP:
                            MD5:3A01FEE829445C482D1721FF63153D16
                            SHA1:F3EAAADDC03F943FC88B30B67F534AA13E3336DD
                            SHA-256:0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
                            SHA-512:3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\fil\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):658
                            Entropy (8bit):4.5231229502550745
                            Encrypted:false
                            SSDEEP:
                            MD5:57AF5B654270A945BDA8053A83353A06
                            SHA1:EEEF7A4F869F97CF471A05D345E74F982D15E167
                            SHA-256:EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
                            SHA-512:5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\fr\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):677
                            Entropy (8bit):4.552569602149629
                            Encrypted:false
                            SSDEEP:
                            MD5:8D11C90F44A6585B57B933AB38D1FFF8
                            SHA1:3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
                            SHA-256:599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
                            SHA-512:D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\hi\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):835
                            Entropy (8bit):4.791154467711985
                            Encrypted:false
                            SSDEEP:
                            MD5:E376D757C8FD66AC70A7D2D49760B94E
                            SHA1:1525C5B1312D409604F097768503298EC440CC4D
                            SHA-256:8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
                            SHA-512:673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\hr\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):618
                            Entropy (8bit):4.56999230891419
                            Encrypted:false
                            SSDEEP:
                            MD5:8185D0490C86363602A137F9A261CC50
                            SHA1:5BD933B874441CEACB9201CCC941FF67BAED6DC0
                            SHA-256:A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
                            SHA-512:D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\hu\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):683
                            Entropy (8bit):4.675370843321512
                            Encrypted:false
                            SSDEEP:
                            MD5:85609CF8623582A8376C206556ED2131
                            SHA1:1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
                            SHA-256:32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
                            SHA-512:27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\id\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):604
                            Entropy (8bit):4.465685261172395
                            Encrypted:false
                            SSDEEP:
                            MD5:EAB2B946D1232AB98137E760954003AA
                            SHA1:60BDC2937905B311D2C9844DF2D639D7AC9F7F67
                            SHA-256:C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
                            SHA-512:970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\it\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:UTF-8 Unicode text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.479418964635223
                            Encrypted:false
                            SSDEEP:
                            MD5:A328EEF5E841E0C72D3CD7366899C5C8
                            SHA1:2851ED658385804E87911643F5A4200B1FB26E13
                            SHA-256:CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
                            SHA-512:E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\ja\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines
                            Category:dropped
                            Size (bytes):806
                            Entropy (8bit):4.671841695172103
                            Encrypted:false
                            SSDEEP:
                            MD5:96C8CBD161D3CE9CB1A46CB2CD0C6583
                            SHA1:78BBFCF035B5B620E353C8E520653ADD3F4E7DB8
                            SHA-256:81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
                            SHA-512:692468B7B44D961D8248BBC30CC11DE9F3F7E89D01A609E6CB71CAF653D8212C15DFA834C5FB6E8261FD21A25E9616861C0A3FC01DB27CBBE79C3FDE2C6549DD
                            Malicious:false
                            Reputation:low
                            Preview:{"craw_app_unavailable":{"message":"\u30a2\u30d7\u30ea\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"craw_connect_to_network":{"message":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"app_name":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"app_description":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"iap_unavailable":{"message":"\u30a2\u30d7\u30ea\u5185\u30da\u30a4\u30e1\u30f3\u30c8\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"please_sign_in":{"message":"Chrome \u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_locales\zh_TW\messages.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines
                            Category:dropped
                            Size (bytes):680
                            Entropy (8bit):4.916281462386558
                            Encrypted:false
                            SSDEEP:
                            MD5:CD30D132A7213FC1B7E03C6D0A49CCF7
                            SHA1:1141DED39023B821FE9BB4682E0D1EB5469DAF76
                            SHA-256:5717F13D10E63255947F750C79CBB6BD04A6D97A08261E8D5764AF5EB0561A28
                            SHA-512:0DCD3CEB93AB58655551B00D7AD4FE4A6F1F6B24EDD31244FF9B57AE529BF1A9E0220A6258C64790F9CC9F026AB9DA3AEE1575809CC94DC4F8754194C958FD19
                            Malicious:false
                            Reputation:low
                            Preview:{"craw_app_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u3002"},"craw_connect_to_network":{"message":"\u8acb\u9023\u4e0a\u7db2\u8def\u3002"},"app_name":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"app_description":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"iap_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u61c9\u7528\u7a0b\u5f0f\u5167\u4ed8\u6b3e\u529f\u80fd\u3002"},"please_sign_in":{"message":"\u8acb\u767b\u5165 Chrome\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\_metadata\verified_contents.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines, with no line terminators
                            Category:dropped
                            Size (bytes):7780
                            Entropy (8bit):5.791315351651491
                            Encrypted:false
                            SSDEEP:
                            MD5:0834821960CB5C6E9D477AEF649CB2E4
                            SHA1:7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
                            SHA-256:52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
                            SHA-512:9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
                            Malicious:false
                            Reputation:low
                            Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\craw_background.js

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines
                            Category:dropped
                            Size (bytes):544643
                            Entropy (8bit):5.385396177420207
                            Encrypted:false
                            SSDEEP:
                            MD5:6EEBED29E6A6301E92A9B8B347807F5F
                            SHA1:65DFB69B650560551110B33DCBA50B25E5B876DE
                            SHA-256:04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
                            SHA-512:FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
                            Malicious:false
                            Reputation:low
                            Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var d,e=e||{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\craw_window.js

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines
                            Category:dropped
                            Size (bytes):261316
                            Entropy (8bit):5.444466092380538
                            Encrypted:false
                            SSDEEP:
                            MD5:1709B6F00A136241185161AA3DF46A06
                            SHA1:33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
                            SHA-256:5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
                            SHA-512:26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
                            Malicious:false
                            Reputation:low
                            Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var b,k=k||{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5||"function"==typeof Object.cre

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\css\craw_window.css

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1741
                            Entropy (8bit):4.912380256743454
                            Encrypted:false
                            SSDEEP:
                            MD5:67BF9AABE17541852F9DDFF8245096CD
                            SHA1:A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
                            SHA-256:10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
                            SHA-512:298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
                            Malicious:false
                            Reputation:low
                            Preview:html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\html\craw_window.html

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:dropped
                            Size (bytes):810
                            Entropy (8bit):4.723481385335562
                            Encrypted:false
                            SSDEEP:
                            MD5:34A839BC40DEBC746BBD181D9EF9310C
                            SHA1:8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
                            SHA-256:BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
                            SHA-512:EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
                            Malicious:false
                            Reputation:low
                            Preview:<!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\flapper.gif

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:GIF image data, version 89a, 30 x 30
                            Category:dropped
                            Size (bytes):70364
                            Entropy (8bit):7.119902236613185
                            Encrypted:false
                            SSDEEP:
                            MD5:398ABB308EEBC355DA70BCE907B22E29
                            SHA1:CFFB77B8A1724B8F81D98C6D6AD0071D10162252
                            SHA-256:2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
                            SHA-512:FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
                            Malicious:false
                            Reputation:low
                            Preview:GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("g*k..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\icon_128.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):4364
                            Entropy (8bit):7.915848007375225
                            Encrypted:false
                            SSDEEP:
                            MD5:4DBC9F9E6F5A08D299BAC9E54DF07694
                            SHA1:BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
                            SHA-256:91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
                            SHA-512:A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{*.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.*].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...|....

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\icon_16.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):558
                            Entropy (8bit):7.505638146035601
                            Encrypted:false
                            SSDEEP:
                            MD5:FB9C46EA81AD3E456D90D58697C12C06
                            SHA1:5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
                            SHA-256:016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
                            SHA-512:ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.|`......p...f.?.D$.y^..........y*...\..Z..t6..oRj.@&.u..G.qN).t.-V*.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\topbar_floating_button.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):160
                            Entropy (8bit):5.475799237015411
                            Encrypted:false
                            SSDEEP:
                            MD5:8803665A6328D23CC1014A7B0E9BE295
                            SHA1:9DA6EE729D5A6E9F30658B8EC954710F107A641F
                            SHA-256:D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
                            SHA-512:ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\topbar_floating_button_close.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):252
                            Entropy (8bit):6.512071394066515
                            Encrypted:false
                            SSDEEP:
                            MD5:0599DFD9107C7647F27E69331B0A7D75
                            SHA1:3198C0A5F34DB67F91A0035DBC297354CBC95525
                            SHA-256:131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
                            SHA-512:0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\topbar_floating_button_hover.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):160
                            Entropy (8bit):5.423186859407619
                            Encrypted:false
                            SSDEEP:
                            MD5:7CB6B9DC1A30F63B8BD976924B75AD96
                            SHA1:0C40B0C496D2F2B5F2021C117EC8610AC03AB469
                            SHA-256:721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
                            SHA-512:4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\topbar_floating_button_maximize.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):166
                            Entropy (8bit):5.8155898293424775
                            Encrypted:false
                            SSDEEP:
                            MD5:232CE72808B60CBE0F4FA788A76523DF
                            SHA1:721A9C98C835D2CD734153BBE07833C6637ECD68
                            SHA-256:AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
                            SHA-512:4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\images\topbar_floating_button_pressed.png

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):160
                            Entropy (8bit):5.46068685940762
                            Encrypted:false
                            SSDEEP:
                            MD5:E0862317407F2D54C85E12945799413B
                            SHA1:FA557F8F761A04C41C9A4BA81994E43C6C275DBB
                            SHA-256:5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
                            SHA-512:07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.

                            C:\Users\alfredo\AppData\Local\Temp\scoped_dir3032_404697192\CRX_INSTALL\manifest.json

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):1322
                            Entropy (8bit):5.449026004350873
                            Encrypted:false
                            SSDEEP:
                            MD5:01334FB9D092AF2AA46C4185E405C627
                            SHA1:47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
                            SHA-256:F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
                            SHA-512:888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
                            Malicious:false
                            Reputation:low
                            Preview:{.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.

                            C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Little-endian UTF-16 Unicode text, with no line terminators
                            Category:dropped
                            Size (bytes):2
                            Entropy (8bit):1.0
                            Encrypted:false
                            SSDEEP:
                            MD5:F3B25701FE362EC84616A93A45CE9998
                            SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                            SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                            SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                            Malicious:false
                            Reputation:low
                            Preview:..

                            Static File Info

                            No static file info