Automated Malware Analysis Management Report for {89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Sample name:	{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Analysis ID:	1541101
MD5:	2d3c508321b32b43ee4192d54bc0ed15
SHA1:	e60a6dc0e6374c5adffce59e1b34635769e39767
SHA256:	96003b2bc14e105d7649310c9f5f0cb1b71c809a17b07a6456be4e4841cba187
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

Potential browser exploit detected (process start blacklist hit)

Sigma detected: Use Short Name Path in Command Line

Classification

Signatures

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3

Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730370312&P2=404&P3=2&P4=CRZF1LDXsqws7CBJZ6V7OUHNF7jy64ulhnPdvEkt51hRSvw%2baaHOaMlD29YRKeFdxjMIDLnGJlk%2bfIyzZUl6yw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: fYgkVLIQWmc10c8o/2zhxNSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: 000003.log.9.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log.9.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log.9.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: msapplication.xml1.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x144b3694,0x01db25ff</date><accdate>0x144d98c1,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x14525df8,0x01db25ff</date><accdate>0x14525df8,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x14525df8,0x01db25ff</date><accdate>0x14525df8,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: msapplication.xml.2.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml2.2.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml3.2.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml4.2.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.2.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.2.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.2.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.2.dr	String found in binary or memory: http://www.youtube.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.9.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr, c1a9dd93-23a1-4e5b-ad6c-e84ac4f2a7d5.tmp.10.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.9.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr, c1a9dd93-23a1-4e5b-ad6c-e84ac4f2a7d5.tmp.10.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json.9.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.9.dr	String found in binary or memory: https://drive.google.com/
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: content_new.js.9.dr, content.js.9.dr	String found in binary or memory: https://www.google.com/chrome
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr	String found in binary or memory: https://www.googleapis.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: classification engine

Classification label: clean2.winXML@49/219@8/5

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA8146A3F7DD53FBF.TMP

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7348 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2044,i,16802615332830959518,16888877389882489269,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6000 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7348 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2044,i,16802615332830959518,16888877389882489269,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6000 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: appvisvsubsystems32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: c2r32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Web Data.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.9.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.9.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.9.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.9.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Web Data.9.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.9.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.9.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Web Data.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.9.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.9.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.9.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.9.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.9.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: ie_to_edge_stub.exe, 00000004.00000002.2073943203.0000027AD3045000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&00000
Source: Web Data.9.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.9.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.9.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492			Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.218.232.185	unknown	United States	24835	RAYA-ASEG	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Domain

Country

Flag

ASN

ASN Name

Malicious

162.159.61.3

unknown

United States

13335

CLOUDFLARENETUS

false

239.255.255.250

unknown

Reserved

unknown

false

23.218.232.185

unknown

United States

24835

RAYA-ASEG

false

172.64.41.3

chrome.cloudflare-dns.com

United States

13335

CLOUDFLARENETUS

false

142.250.185.225

googlehosted.l.googleusercontent.com

United States

15169

GOOGLEUS

false

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
googlehosted.l.googleusercontent.com	142.250.185.225	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
clients2.googleusercontent.com	unknown	unknown

Name

Active

chrome.cloudflare-dns.com

172.64.41.3

true

googlehosted.l.googleusercontent.com

142.250.185.225

true

sni1gl.wpc.nucdn.net

152.199.21.175

true

clients2.googleusercontent.com

unknown

Name	Malicious	Antivirus Detection	Reputation
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false		unknown

Name

Malicious

Antivirus Detection

Reputation

https://chrome.cloudflare-dns.com/dns-query

false

URL Reputation: safe

unknown

https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx

false

unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\241bc438-98be-4899-b095-f8e10fa6c69b.tmp	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\34c09d58-27eb-4d54-b042-25490a88fa10.tmp	JSON data	D79885A1C674F97B2490695E9CFEF344	EB660A452370DB6F5311B3EB6594F41FFC6FE5FA	74332194010DA00C4C6B827CB24632D263613E44E4A2C6857561070F2B721A3B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\71233bd7-47cb-432e-a0f8-d91c45d98eaa.tmp	JSON data	7551879FB14F39933DF495B8D2D268F4	23167FF4792A9DFD10D29CBE59DC2DD7487E2362	C060411F32E3635E0C15BE41EB7C22E2AD71C3869DC3D8937F19933378A18064
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\790f7aad-91e7-4e41-899b-efabfb18abd4.tmp	JSON data	21B702CF1AEAA17D4611EA8C77AED16C	F33FA585D0FB056D5D5BF68956A40F91213E4D98	C250E7ED165BA46BE5E80614E9BA9527A26375B991DEDAC8A54A6FB96D9661B6
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\85a9c916-8626-4f7b-a0e6-af6273649bbd.tmp	JSON data	ACB473AA08A2B3975F1B2DED9001CC61	D21FEBB1D3F6F48ACBBD8ADC9AF9E054369ECEA2	60201E8444B3F67079DBF08193BDDD50172C6D7636F75C78CDD83F22D5DAAD95
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9a10793f-082d-465a-945b-56d9ace90c1c.tmp	JSON data	B59DA62DE0AD5404E67AB84F3855DC95	8DED5365565C7AACF854515F73426E83635285AA	56D02F776495623EDDDA7CFE2D3C4CF3EDE273EC9D516AA3A1B18DFF39BD14B1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\087ea2d9-b7bc-4c00-b8d8-8fc5e6eabf4e.tmp	JSON data	19DB9AF7D3FDB56FDD8CB17DB154752C	FC38FEED3175DB5F9C8C17DA55B594B7875D0F92	9033818BAA03976518D89725A48837BDB1B8876927163DAE2ED48A2226AA6ABE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)	JSON data	19DB9AF7D3FDB56FDD8CB17DB154752C	FC38FEED3175DB5F9C8C17DA55B594B7875D0F92	9033818BAA03976518D89725A48837BDB1B8876927163DAE2ED48A2226AA6ABE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp	data	B5CFA9D6C8FEBD618F91AC2843D50A1C	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A2083-1E94.pma	data	DBF6AA7E66D93650D91197EC95C65D96	4EF20B6F72956D713ABDCBC2B5BC6F2F06CBE1C9	55B77BE39EA2CBB94B8855C083F4B375F42CF951BCD5E6F09CAD359B9B3F785D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat	data	845CFA59D6B52BD2E8C24AC83A335C66	6882BB1CE71EB14CEF73413EFC591ACF84C63C75	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\16a328b1-73d5-42d9-a26c-a0ab0bed68d6.tmp	JSON data	C869CF2008A0DF4903243151C9F43D9F	53EDC2EF56E0D3D4C561743E2950B6EFF73127E7	E7D6A4D572F73EB9CC040D45068C964F325165F7D1EA75FCF933C119C830AC26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1bfa29c4-782e-48b6-b7e1-608c2fdb9610.tmp	JSON data	2FC5AA804A5A66856FCB58E61E2F19F0	63B852F0E84BC61B050FE67C3DBADE49D76ED29C	BF2C1491C7D0D1B17F9A21E6A3744B892DA04CFE094F6C5AEE7998854DF36A5E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\376e365d-86ab-40dc-9270-0a406bb40ba9.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\50d3b331-0ac4-4811-a39e-cd3e0170345f.tmp	JSON data	5EFC605148AEF020DC6D65DD6B303A23	15D3D452E0E4746854761340000030E92DA92161	4B0638CEA31A465CA79C0BBA000425E6019E97E9008D678955709DB39FFF7680
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\807e27bf-640c-4ff0-8b8e-e53c34ac083d.tmp	JSON data	D3378A029CFBAD5481B8DCA367CAC5DA	C8588CEF6923B1B1F3EB29EDE22E3AB2ADE20487	CD8F8A059DDD8E933D5ACA21F4987871F275E87CF84567871A04434339FCC89E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\89907110-f0e6-4c85-a5fd-3e7bb8cca7b7.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9b36828c-7942-4c46-8c7c-92e2fcfbbc56.tmp	JSON data	CEE9FCD745FBB833100A1E4343C8C547	EB5C4BFA82DCA14C465ED0A816F2504338D96A9B	F299EA2B2107889DD5E74F0E4D9B12ED24CF448E0467D409E3623664D7128002
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log	data	F7E71DE71BFE4796B5037F9E9A67A482	068C7FA2D673111064943436610F14DBF4459F3B	EA56065E3CA2A13AF0AA0781B057099A0D339240E18B8E41AF166A8B6DE7C430
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG	ASCII text	1433909B4B2DD132FBCC6C2AE12C301E	50532644E179C69C80828B20F6B33EB22CEEBA16	894AE9D8ABA36E4335F8C6BEE9B3B9E80A06BD05C6835EA29E62154B85A23231
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)	ASCII text	1433909B4B2DD132FBCC6C2AE12C301E	50532644E179C69C80828B20F6B33EB22CEEBA16	894AE9D8ABA36E4335F8C6BEE9B3B9E80A06BD05C6835EA29E62154B85A23231
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG	ASCII text	70BA242423E3424C2AC98425D0D58D65	7FFCA0C9D0C594DF277A6B7E2C1ABC46C128CD8E	EDDE598D10AF410CD3F86078355F33F1D394688B8AE6D7D84767C18EBE6BBF16
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)	ASCII text	70BA242423E3424C2AC98425D0D58D65	7FFCA0C9D0C594DF277A6B7E2C1ABC46C128CD8E	EDDE598D10AF410CD3F86078355F33F1D394688B8AE6D7D84767C18EBE6BBF16
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log	data	BF097D724FDF1FCA9CF3532E86B54696	4039A5DD607F9FB14018185F707944FE7BA25EF7	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG	ASCII text	38A66D37BC0C9D47DA620AB8C5FDD40B	8C008EE1A20AA07EE8009C137155DE42CA25DDE1	D6F371E77028FEC6468DB9ED56B862BEDA8AD93FA6264771FE6F755139BCAF25
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)	ASCII text	38A66D37BC0C9D47DA620AB8C5FDD40B	8C008EE1A20AA07EE8009C137155DE42CA25DDE1	D6F371E77028FEC6468DB9ED56B862BEDA8AD93FA6264771FE6F755139BCAF25
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log	data	BF097D724FDF1FCA9CF3532E86B54696	4039A5DD607F9FB14018185F707944FE7BA25EF7	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG	ASCII text	F67EFFCE49A15AC4D0E6AD9604000C1F	98CA4EE5264891CECE368E7503B12E2053975615	6393A6F48B714B79DB62096196307156F0CFD4BBE51EBEE1EED632A2388952EF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)	ASCII text	F67EFFCE49A15AC4D0E6AD9604000C1F	98CA4EE5264891CECE368E7503B12E2053975615	6393A6F48B714B79DB62096196307156F0CFD4BBE51EBEE1EED632A2388952EF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log	data	826B4C0003ABB7604485322423C5212A	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG	ASCII text	E1278EFC91FAD8F694982699433A0BF3	050EFCB0EBD4000E03682BE7778F36851A788530	280D87F3297987FDEC4A9D7598785D6E33721A85425C258A54B5B2B3639B0E82
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)	ASCII text	E1278EFC91FAD8F694982699433A0BF3	050EFCB0EBD4000E03682BE7778F36851A788530	280D87F3297987FDEC4A9D7598785D6E33721A85425C258A54B5B2B3639B0E82
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json	JSON data	5D1D9020CCEFD76CA661902E0C229087	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	data	9D4FA0F2675929ED44E4C8762C5D9231	0FB3A07827694B2B8C088D531C1E46992E08C795	99D9FA8B6F617CE12106B1378A3C8781364B2F6A3726945AB1C56F97FCE0EB48
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG	ASCII text	37DEA52F50A0E581A9D1B52FAAF0B063	22BF7BEE353899FF6983D40B789E8599835C2CC8	65CD4899F6B398771F2131BBDAC31C41E08B12EFA0D1FB4915EE2046C4AC3ADA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)	ASCII text	37DEA52F50A0E581A9D1B52FAAF0B063	22BF7BEE353899FF6983D40B789E8599835C2CC8	65CD4899F6B398771F2131BBDAC31C41E08B12EFA0D1FB4915EE2046C4AC3ADA
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG	ASCII text	A726D6E7DB09651FD14AFA1B5FAC8379	8BECCDA2E81FFAA7C84795EA74E63F17E053F228	C83F2D356D6A3C596C8AF3C41B482A1103D6E0E48097B198DCBCD50C7B005EB4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	A726D6E7DB09651FD14AFA1B5FAC8379	8BECCDA2E81FFAA7C84795EA74E63F17E053F228	C83F2D356D6A3C596C8AF3C41B482A1103D6E0E48097B198DCBCD50C7B005EB4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0a0a45db-a533-4f7b-99f5-62a9119585dc.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\493babe9-6de0-4f82-932b-fae61b278d46.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\739a4fad-38e8-4a4f-bcdf-f4d549382e2c.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\80f0fec4-a256-4ee8-9764-af54e789a112.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)	JSON data	7D870539B6C4EE40FA5CFD87A3D4BFEC	F45BE07A3A05615856688219AFE6713EBABBAC2C	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF44ff1.TMP (copy)	JSON data	7D870539B6C4EE40FA5CFD87A3D4BFEC	F45BE07A3A05615856688219AFE6713EBABBAC2C	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF33edf.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34845.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp	JSON data	9007D398C739CAAB3CF9B2DABECE4DE5	EB99DD6A75C538A75C53B8F705139C2A771B7692	8FE7E167DF04BD48C49EBFE022F8AFA00C4466E5E8CF5E3D2FEBD9199EB0C869
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c1a9dd93-23a1-4e5b-ad6c-e84ac4f2a7d5.tmp	JSON data	7D870539B6C4EE40FA5CFD87A3D4BFEC	F45BE07A3A05615856688219AFE6713EBABBAC2C	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)	JSON data	C869CF2008A0DF4903243151C9F43D9F	53EDC2EF56E0D3D4C561743E2950B6EFF73127E7	E7D6A4D572F73EB9CC040D45068C964F325165F7D1EA75FCF933C119C830AC26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b632.TMP (copy)	JSON data	C869CF2008A0DF4903243151C9F43D9F	53EDC2EF56E0D3D4C561743E2950B6EFF73127E7	E7D6A4D572F73EB9CC040D45068C964F325165F7D1EA75FCF933C119C830AC26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ddaf.TMP (copy)	JSON data	C869CF2008A0DF4903243151C9F43D9F	53EDC2EF56E0D3D4C561743E2950B6EFF73127E7	E7D6A4D572F73EB9CC040D45068C964F325165F7D1EA75FCF933C119C830AC26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43ef9.TMP (copy)	JSON data	C869CF2008A0DF4903243151C9F43D9F	53EDC2EF56E0D3D4C561743E2950B6EFF73127E7	E7D6A4D572F73EB9CC040D45068C964F325165F7D1EA75FCF933C119C830AC26
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)	JSON data	D3378A029CFBAD5481B8DCA367CAC5DA	C8588CEF6923B1B1F3EB29EDE22E3AB2ADE20487	CD8F8A059DDD8E933D5ACA21F4987871F275E87CF84567871A04434339FCC89E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF39740.TMP (copy)	JSON data	D3378A029CFBAD5481B8DCA367CAC5DA	C8588CEF6923B1B1F3EB29EDE22E3AB2ADE20487	CD8F8A059DDD8E933D5ACA21F4987871F275E87CF84567871A04434339FCC89E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log	data	D7D9437445AA960DCEA52FFE772822DC	C2BBF4AC0732D905D998C4F645FD60F95A675D02	4FF49903BEC1197017A35995D5C5FC703CAF9D496467345D783F754B723D21C1
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG	ASCII text	5E5FBE4F9C45293FCCBA624BB7AAB34E	D6166BB3B847FF791FC5F37A516FC22A1D8354E9	60A7BD298B10A68D67E7256D02EFAD4AA2A03E1F7B2325429D51A09096B9FFFE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	5E5FBE4F9C45293FCCBA624BB7AAB34E	D6166BB3B847FF791FC5F37A516FC22A1D8354E9	60A7BD298B10A68D67E7256D02EFAD4AA2A03E1F7B2325429D51A09096B9FFFE
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG	ASCII text	01D96A0AF5EE4ABB22870E0B9553E837	36AD9C0923233FC39BDEAC0BE210ED6CF90E463A	64249A1F11F9B23EA81CAB94BF187527D14C4D8F058E539A7C42A4C8324F4D08
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)	ASCII text	01D96A0AF5EE4ABB22870E0B9553E837	36AD9C0923233FC39BDEAC0BE210ED6CF90E463A	64249A1F11F9B23EA81CAB94BF187527D14C4D8F058E539A7C42A4C8324F4D08
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG	ASCII text	895724EB51A19F4B2B9FAF4DF41D1416	0546FFA8BF3697DBC7877E899D074681D2C0D401	DD7F1E4C0E25C639AC79C656B0CE5A9876C0A69C3B5182EE1954A74A8FE0F6E3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	895724EB51A19F4B2B9FAF4DF41D1416	0546FFA8BF3697DBC7877E899D074681D2C0D401	DD7F1E4C0E25C639AC79C656B0CE5A9876C0A69C3B5182EE1954A74A8FE0F6E3
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)	JSON data	ABE81C38891A875B52127ACE9C314105	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF34845.TMP (copy)	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4	DEA619BA33775B1BAEEC7B32110CB3BD	949B8246021D004B2E772742D34B2FC8863E1AAA	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c4be81e0-8b50-4388-8ad3-fc8dd33eb9e4.tmp	JSON data	ABE81C38891A875B52127ACE9C314105	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cb7e2ba7-de6c-4ee1-9f5d-6d4a49f9cb20.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f2606958-bc46-4dcd-b5a3-8c9e36c62348.tmp	JSON data	20D4B8FA017A12A108C87F540836E250	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ff47707f-b9f2-4f9d-9dfe-588e19a17257.tmp	JSON data	D751713988987E9331980363E24189CE	97D170E1550EEE4AFC0AF065B78CDA302A97674C	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG	ASCII text	5D0B14766D55745D18D76172360ADE4F	A08E7561FF1EBDF8D0DD1ACC5155B88FDD0691E7	7DF35CC05AE4C4107221CD565C5F0AAA00E81927B143A1CC9B9F26D1783B5A1B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)	ASCII text	5D0B14766D55745D18D76172360ADE4F	A08E7561FF1EBDF8D0DD1ACC5155B88FDD0691E7	7DF35CC05AE4C4107221CD565C5F0AAA00E81927B143A1CC9B9F26D1783B5A1B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	5BD2AECE0A7F945C15C94C8227B50960	8FB2C06B8D67B3D8BC19FA363756D528F70587C8	DA9C48563A009E02AB8648B314644BC07631512D438F28C68BE55B7941329466
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	5BD2AECE0A7F945C15C94C8227B50960	8FB2C06B8D67B3D8BC19FA363756D528F70587C8	DA9C48563A009E02AB8648B314644BC07631512D438F28C68BE55B7941329466
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9	28F5DAB9AD9881750A83771B3B8564B9	C6EE9E25F84A49CE428A4C5A86C2B192EDC3260D	CC90EE1C051CBCE548DCED9B21D640913C5ACF6034ECAA8D961E3DFE4FD80362
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a5c3d402-2058-4b1e-a33d-d6d4fc5e3083.tmp	JSON data	FC0315D7B528F00877019BD775FCAADE	5D586BBB1797D845B2BB8F77C7BA665EE11946B9	258AC53469611AABE9373B32992117C6B05D0F13D194705AC9E7AFDD4FC53360
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json	ASCII text, with very long lines (3951), with CRLF line terminators	07301A857C41B5854E6F84CA00B81EA0	7441FC1018508FF4F3DBAA139A21634C08ED979C	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm	data	5D0C04F0027C10D96C0F276FD4A780EE	A62A3492B8C288E37F84959DBA4F0DCC4558DE90	0A027CAECA735B56DE709403BD4EFDAAFFC1DB195F2E32E885FC373C19DC0772
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log	data	273249BC8A4A3D3B77287F660C1FC034	81606101AF2FB2B5F326FF56AA29E3678CCC1DCD	03649CAE14D2A3E11314ABFC298B3A9C7384A8B4D833B8B7681EBC8CE5D371FF
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG	ASCII text	BFFD7FA128E23D7ECE2E178CDAFCA301	F9FA757D8BBA56D1395F5A3A3A4AB6C568AF5445	8ADAAB6EA77562876F14CAA7A4F96162DC1F693C0F29AC379C2D218731B575BB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)	ASCII text	BFFD7FA128E23D7ECE2E178CDAFCA301	F9FA757D8BBA56D1395F5A3A3A4AB6C568AF5445	8ADAAB6EA77562876F14CAA7A4F96162DC1F693C0F29AC379C2D218731B575BB
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log	data	A4FF1AD5DDD86E2FFEC54C60EA640FF0	89C5183277541E50B3760CB1CF96E51D8763C619	6566C59DB938C176645FC47EE7A229FE0A679DA8185265FDAFC176DC69F6CD64
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	46301AA3A063CB1D092499FE15ED04AF	C511D83AA2D9566EC9B2CEEC3CE87448849CD9EC	013FCFB41D575A64A2ED03CD69051D012A48BB11066FDA9B69995B2541EC38F2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)	ASCII text	46301AA3A063CB1D092499FE15ED04AF	C511D83AA2D9566EC9B2CEEC3CE87448849CD9EC	013FCFB41D575A64A2ED03CD69051D012A48BB11066FDA9B69995B2541EC38F2
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser	data	A397E5983D4A1619E36143B4D804B870	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version	ASCII text, with no line terminators	BF16C04B916ACE92DB941EBB1AF3CB18	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32b57.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32b76.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32de7.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35499.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF417ca.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43eea.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49b71.TMP (copy)	JSON data	A8BE530200ABAFEF555CFADCF8822737	B96D7F700B53AB6AE2EC75ACA373A4BC4A1FDF9D	4AAF54B5CD5A68445E2FAA267B26D3408D7EE6A9C815562A48C5D334A074903B
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations	JSON data	16B7586B9EBA5296EA04B791FC3D675E	8890767DD7EB4D1BEAB829324BA8B9599051F0B0	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ecc031cf-6840-4e45-a489-dd19e124c691.tmp	JSON data	A526CFF84210781E8CB81560E80137A2	27C1401A8D43ECA9EB0F31E55B079C1F969C7348	1E652721E9D53F592FA3F14B2633A9D779F1CCA1FC26D5D041D49EE472550B9E
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f192f6bc-fbcd-4eb5-a5d0-3d944ca5056e.tmp	JSON data	A526CFF84210781E8CB81560E80137A2	27C1401A8D43ECA9EB0F31E55B079C1F969C7348	1E652721E9D53F592FA3F14B2633A9D779F1CCA1FC26D5D041D49EE472550B9E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3BC62B24-91F2-11EF-8C2C-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	88DE878C97974D4E97BBBDEAFC14BEFD	42FC1097494D17E86D51AC2ADC938BB6FAFA9BDB	68615E430FA70E232243292EE4A0C2F4A195DAF1B6092FB90C11A3FE7169F1E3
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BC62B26-91F2-11EF-8C2C-ECF4BB570DC9}.dat	Composite Document File V2 Document, Cannot read section info	FACF5F73BFAC04326706D309EC57668E	548066F4DDE3875317D5EBD0B16E300E979A13F8	221ED8FE273A543B41B17A6DB7A3BD1D0D7E9534008EDF76D2DCD4475E2B9ADD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators	EDF3CBF7D8B5111EC64ACCA6CFD2F14B	ADB5C69EE09FBFCDCFDAD52E765FE0AB2D0A0BCF	F7617D64908F4B95370B57CD3989B5EF8911779D177BAED99FF1F20ED947C0B0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators	5F7B2F1A40B12E98CD16216D2BF133C1	E9F0B933A5C68C7A842ACC1920E8E8B01439C269	C6ADF1DD74966B8B4B025C14F7EC9E9BCD9143F9C6D9C741C5B532CEE7F662B1
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (318), with CRLF line terminators	7FDE882B44FE421565F82E85830A79B3	E0C4C99ED7EA9C50049342BEF215A9AE6B5DA1D0	26F793718C458B9AB36016FD426678FABC98D407F9FEE82FF85F6BDCE3A88D1F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators	E133A96AE6F8E99983733812321A2FE9	1A3473FCBE5DB22C460AEE24B4140BF0CE06506D	BFEE656AB4E567C3AC38C9B37A589367578AE2FEDCB41B4085EBF0DA0768CB77
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (308), with CRLF line terminators	315127CFAE310ECE800446435BBBFA9A	898AC7FCC8409D79A0E3995F40627C9C1D02CD82	75F4CC62D1B31E482B671188F39C6804786FA0D09E0B5765480E0B7C08D1EB2F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators	DA0C08BAC9635060FF52A64FF56ED2EC	D85BB7F58B1A1E6CBFC33F61E437DFF002A90E5D	5DE41F4372723800FD6451846F6F67FAD89538E818BDDFA8C773E41D7FE99F59
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators	95FB1AFD964F3D22D331D3093E9AE3BE	A89376B3A479627D7BB2CBACC44FDD22AB4DF905	D313000A342E79FE66CA68CE1EBC42F3B64E57EDBA0F898DAA13ACC0799D1DDA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (314), with CRLF line terminators	631D34818F165F5A444CCF60E695A167	04C5EA95BADED86F1ACE2114D0A726A3E3A7D1B8	2BBCA321FD24FFD57DF90EC8C305E4AC4D8C89AA5D20B25ECF87FA9DB355581B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (316), with CRLF line terminators	02584DB0C81568A8CF2B92AC05151489	FB565304559D6A23E343FEBDEAC8BB7B67E110B5	DC711C635D2551E4E9E7B5DCC8DB3DA3225E90C6F250ADA2FE24B919F6317513
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines (312), with CRLF line terminators	E270102634C6133CA3587C4B35CC784D	C9F7535B8D8A00A65AE27BF81D15A4FACE519013	F9E980DA188343EB64AF492100D699B3118C02F5A4FDE96C419E5DC185038132
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres	data	1823C1D60878475CEE6731E22962F90A	CD93EE0C42B75936746FAD1D9647BE703870154F	CED409BDF10A1F6993DE2F232563062A026D22087ED5E9CEAE3AFCC0A16CC3E5
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres	data	D44F27AE31D95F3EC4F2764B19BD5B00	373D1B7FB6E3F23D65B536589B53B86278C23080	045409C69D651F3166D310144700B732C67720A8B8BBA4799E15AA2728619EE1
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres	data	DC49119DE2AB51371B0752C052C34D5B	0AEC0168E34C450475DF675C2675DF5241F71E6B	F1F2B8F565DFF4787099D2006ED8841599F4E65DF7D484E16DDECD0514022185
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	DA597791BE3B6E732F0BC8B20E38EE62	1125C45D285C360542027D7554A5C442288974DE	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xmltreeview[1]	ASCII text, with CRLF line terminators	03710426AB25AD1280E197F61249F9DE	F5E7A6FD42503AE4758BC36C8DD78D98EFB35047	21E63F7C77896ED2B5F115957F2448E0A9E2DD738D7D487E471217421F6A93E1
C:\Users\user\AppData\Local\Temp\5685491c-4ea9-4743-a433-ae066c236b9e.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\597751ac-6958-4d1d-91f0-472716ca1451.tmp	Google Chrome extension, version 3	DA75BB05D10ACC967EECAAC040D3D733	95C08E067DF713AF8992DB113F7E9AEC84F17181	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
C:\Users\user\AppData\Local\Temp\66806389-07a6-4ba5-96e5-1852856c4296.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634	B73A9C52EF76DD9F575BDCF919B05902	A7ED2E7B5F85D6E502B538FDEBD91343D811E55A	EF05EE3FA07D46FDDD88DA7760509F7BA658D3A9A5696004404F5A128349B323
C:\Users\user\AppData\Local\Temp\b7577419-0b04-4d0a-b7a3-10bed6d62375.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\cv_debug.log	JSON data	C95C36E0326548A25BF958A9EB32581A	3CF336BEB915D2F0313B18F2BB967BB6B5E7BECE	650F6D45A0DB0E312593E46C66B454FF55B60433212A9E6D507068541DFE9CC9
C:\Users\user\AppData\Local\Temp\d491cdca-1b4c-43e9-a001-d139391629d3.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\597751ac-6958-4d1d-91f0-472716ca1451.tmp	Google Chrome extension, version 3	DA75BB05D10ACC967EECAAC040D3D733	95C08E067DF713AF8992DB113F7E9AEC84F17181	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	913064ADAAA4C4FA2A9D011B66B33183	99EA751AC2597A080706C690612AEEEE43161FC1	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\af\messages.json	JSON data	12403EBCCE3AE8287A9E823C0256D205	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\am\messages.json	JSON data	9721EBCE89EC51EB2BAEB4159E2E4D8C	58979859B28513608626B563138097DC19236F1F	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ar\messages.json	JSON data	3EC93EA8F8422FDA079F8E5B3F386A73	24640131CCFB21D9BC3373C0661DA02D50350C15	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\az\messages.json	JSON data	9A798FD298008074E59ECC253E2F2933	1E93DA985E880F3D3350FC94F5CCC498EFC8C813	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\be\messages.json	JSON data	68884DFDA320B85F9FC5244C2DD00568	FD9C01E03320560CBBB91DC3D1917C96D792A549	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\bg\messages.json	JSON data	2E6423F38E148AC5A5A041B1D5989CC0	88966FFE39510C06CD9F710DFAC8545672FFDCEB	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\bn\messages.json	JSON data	651375C6AF22E2BCD228347A45E3C2C9	109AC3A912326171D77869854D7300385F6E628C	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ca\messages.json	JSON data	D177261FFE5F8AB4B3796D26835F8331	4BE708E2FFE0F018AC183003B74353AD646C1657	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\cs\messages.json	JSON data	CCB00C63E4814F7C46B06E4A142F2DE9	860936B2A500CE09498B07A457E0CCA6B69C5C23	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\cy\messages.json	JSON data	A86407C6F20818972B80B9384ACFBBED	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\da\messages.json	JSON data	B922F7FD0E8CCAC31B411FC26542C5BA	2D25E153983E311E44A3A348B7D97AF9AAD21A30	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\de\messages.json	JSON data	D116453277CC860D196887CEC6432FFE	0AE00288FDE696795CC62FD36EABC507AB6F4EA4	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\el\messages.json	JSON data	9ABA4337C670C6349BA38FDDC27C2106	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\en\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\en_CA\messages.json	JSON data	07FFBE5F24CA348723FF8C6C488ABFB8	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\en_GB\messages.json	JSON data	3734D498FB377CF5E4E2508B8131C0FA	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\en_US\messages.json	JSON data	578215FBB8C12CB7E6CD73FBD16EC994	9471D71FA6D82CE1863B74E24237AD4FD9477187	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\es\messages.json	JSON data	F61916A206AC0E971CDCB63B29E580E3	994B8C985DC1E161655D6E553146FB84D0030619	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\es_419\messages.json	JSON data	535331F8FB98894877811B14994FEA9D	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\et\messages.json	JSON data	64204786E7A7C1ED9C241F1C59B81007	586528E87CD670249A44FB9C54B1796E40CDB794	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\eu\messages.json	JSON data	29A1DA4ACB4C9D04F080BB101E204E93	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\fa\messages.json	JSON data	097F3BA8DE41A0AAF436C783DCFE7EF3	986B8CABD794E08C7AD41F0F35C93E4824AC84DF	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\fi\messages.json	JSON data	B38CBD6C2C5BFAA6EE252D573A0B12A1	2E490D5A4942D2455C3E751F96BD9960F93C4B60	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\fil\messages.json	JSON data	FCEA43D62605860FFF41BE26BAD80169	F25C2CE893D65666CC46EA267E3D1AA080A25F5B	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\fr\messages.json	JSON data	A58C0EEBD5DC6BB5D91DAF923BD3A2AA	F169870EEED333363950D0BCD5A46D712231E2AE	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\fr_CA\messages.json	JSON data	6CAC04BDCC09034981B4AB567B00C296	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\gl\messages.json	JSON data	6BAAFEE2F718BEFBC7CD58A04CCC6C92	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\gu\messages.json	JSON data	BC7E1D09028B085B74CB4E04D8A90814	E28B2919F000B41B41209E56B7BF3A4448456CFE	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\hi\messages.json	JSON data	98A7FC3E2E05AFFFC1CFE4A029F47476	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\hr\messages.json	JSON data	25CDFF9D60C5FC4740A48EF9804BF5C7	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\hu\messages.json	JSON data	8930A51E3ACE3DD897C9E61A2AEA1D02	4108506500C68C054BA03310C49FA5B8EE246EA4	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\hy\messages.json	JSON data	55DE859AD778E0AA9D950EF505B29DA9	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\id\messages.json	JSON data	34D6EE258AF9429465AE6A078C2FB1F5	612CAE151984449A4346A66C0A0DF4235D64D932	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\is\messages.json	JSON data	CAEB37F451B5B5E9F5EB2E7E7F46E2D7	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\it\messages.json	JSON data	0D82B734EF045D5FE7AA680B6A12E711	BD04F181E4EE09F02CD53161DCABCEF902423092	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\iw\messages.json	JSON data	26B1533C0852EE4661EC1A27BD87D6BF	18234E3ABAF702DF9330552780C2F33B83A1188A	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ja\messages.json	JSON data	15EC1963FC113D4AD6E7E59AE5DE7C0A	4017FC6D8B302335469091B91D063B07C9E12109	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ka\messages.json	JSON data	83F81D30913DC4344573D7A58BD20D85	5AD0E91EA18045232A8F9DF1627007FE506A70E0	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\kk\messages.json	JSON data	2D94A58795F7B1E6E43C9656A147AD3C	E377DB505C6924B6BFC9D73DC7C02610062F674E	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\km\messages.json	JSON data	B3699C20A94776A5C2F90AEF6EB0DAD9	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\kn\messages.json	JSON data	38BE0974108FC1CC30F13D8230EE5C40	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ko\messages.json	JSON data	F3E59EEEB007144EA26306C20E04C292	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\lo\messages.json	JSON data	E20D6C27840B406555E2F5091B118FC5	0DCECC1A58CEB4936E255A64A2830956BFA6EC14	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\lt\messages.json	JSON data	970544AB4622701FFDF66DC556847652	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\lv\messages.json	JSON data	A568A58817375590007D1B8ABCAEBF82	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ml\messages.json	JSON data	4717EFE4651F94EFF6ACB6653E868D1A	B8A7703152767FBE1819808876D09D9CC1C44450	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\mn\messages.json	JSON data	83E7A14B7FC60D4C66BF313C8A2BEF0B	1CCF1D79CDED5D65439266DB58480089CC110B18	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\mr\messages.json	JSON data	3B98C4ED8874A160C3789FEAD5553CFA	5550D0EC548335293D962AAA96B6443DD8ABB9F6	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ms\messages.json	JSON data	7D273824B1E22426C033FF5D8D7162B7	EADBE9DBE5519BD60458B3551BDFC36A10049DD1	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\my\messages.json	JSON data	342335A22F1886B8BC92008597326B24	2CB04F892E430DCD7705C02BF0A8619354515513	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ne\messages.json	JSON data	B1083DA5EC718D1F2F093BD3D1FB4F37	74B6F050D918448396642765DEF1AD5390AB5282	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\nl\messages.json	JSON data	32DF72F14BE59A9BC9777113A8B21DE6	2A8D9B9A998453144307DD0B700A76E783062AD0	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\no\messages.json	JSON data	A1744B0F53CCF889955B95108367F9C8	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\pa\messages.json	JSON data	97F769F51B83D35C260D1F8CFD7990AF	0D59A76564B0AEE31D0A074305905472F740CECA	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\pl\messages.json	JSON data	B8D55E4E3B9619784AECA61BA15C9C0F	B4A9C9885FBEB78635957296FDDD12579FEFA033	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\pt_BR\messages.json	JSON data	608551F7026E6BA8C0CF85D9AC11F8E3	87B017B2D4DA17E322AF6384F82B57B807628617	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\pt_PT\messages.json	JSON data	0963F2F3641A62A78B02825F6FA3941C	7E6972BEAB3D18E49857079A24FB9336BC4D2D48	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ro\messages.json	JSON data	BED8332AB788098D276B448EC2B33351	6084124A2B32F386967DA980CBE79DD86742859E	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ru\messages.json	JSON data	51D34FE303D0C90EE409A2397FCA437D	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\si\messages.json	JSON data	B8A4FD612534A171A9A03C1984BB4BDD	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\sk\messages.json	JSON data	8E55817BF7A87052F11FE554A61C52D5	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\sl\messages.json	JSON data	BFAEFEFF32813DF91C56B71B79EC2AF4	F8EDA2B632610972B581724D6B2F9782AC37377B	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\sr\messages.json	JSON data	7F5F8933D2D078618496C67526A2B066	B7050E3EFA4D39548577CF47CB119FA0E246B7A4	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\sv\messages.json	JSON data	90D8FB448CE9C0B9BA3D07FB8DE6D7EE	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\sw\messages.json	JSON data	D0579209686889E079D87C23817EDDD5	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ta\messages.json	JSON data	DCC0D1725AEAEAAF1690EF8053529601	BB9D31859469760AC93E84B70B57909DCC02EA65	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\te\messages.json	JSON data	385E65EF723F1C4018EEE6E4E56BC03F	0CEA195638A403FD99BAEF88A360BD746C21DF42	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\th\messages.json	JSON data	64077E3D186E585A8BEA86FF415AA19D	73A861AC810DABB4CE63AD052E6E1834F8CA0E65	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\tr\messages.json	JSON data	76B59AAACC7B469792694CF3855D3F4C	7C04A2C1C808FA57057A4CCEEE66855251A3C231	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\uk\messages.json	JSON data	970963C25C2CEF16BB6F60952E103105	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\ur\messages.json	JSON data	8B4DF6A9281333341C939C244DDB7648	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\vi\messages.json	JSON data	773A3B9E708D052D6CBAA6D55C8A5438	5617235844595D5C73961A2C0A4AC66D8EA5F90F	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\zh_CN\messages.json	JSON data	3E76788E17E62FB49FB5ED5F4E7A3DCE	6904FFA0D13D45496F126E58C886C35366EFCC11	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\zh_HK\messages.json	JSON data	524E1B2A370D0E71342D05DDE3D3E774	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\zh_TW\messages.json	JSON data	0E60627ACFD18F44D4DF469D8DCE6D30	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_locales\zu\messages.json	JSON data	71F916A64F98B6D1B5D1F62D297FDEC1	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\_metadata\verified_contents.json	JSON data	F897300492E3AB467E56883D23D02D77	DECD6DC9E70ECCF9B45983147680614C019B99EA	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\dasherSettingSchema.json	JSON data	4EC1DF2DA46182103D2FFC3B92D20CA5	FB9D1BA3710CF31A87165317C6EDC110E98994CE	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\manifest.json	JSON data	35068E2550395A8A3E74558F2F4658DA	BD6620054059BFB7A27A4FFF86B9966727F2C2B9	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\offscreendocument.html	HTML document, ASCII text	B747B5922A0BC74BBF0A9BC59DF7685F	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\offscreendocument_main.js	ASCII text, with very long lines (3700)	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7	88D7F0A88C5807BFE00F13B612CC0522EEBE514A	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\page_embed_script.js	ASCII text	3AB0CD0F493B1B185B42AD38AE2DD572	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
C:\Users\user\AppData\Local\Temp\scoped_dir7828_1881420141\CRX_INSTALL\service_worker_bin_prod.js	ASCII text, with very long lines (3705)	4E0C47897BF98DEAC56F800942E150C4	7903D30E0ACEE273724BDAA67446D9FD4E8460A5	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
C:\Users\user\AppData\Local\Temp\scoped_dir7828_2011385404\CRX_INSTALL\_metadata\verified_contents.json	JSON data	738E757B92939B24CDBBD0EFC2601315	77058CBAFA625AAFBEA867052136C11AD3332143	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
C:\Users\user\AppData\Local\Temp\scoped_dir7828_2011385404\CRX_INSTALL\content.js	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators	3D20584F7F6C8EAC79E17CCA4207FB79	3C16DCC27AE52431C8CDD92FBAAB0341524D3092	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
C:\Users\user\AppData\Local\Temp\scoped_dir7828_2011385404\CRX_INSTALL\content_new.js	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators	3DE1E7D989C232FC1B58F4E32DE15D64	42B152EA7E7F31A964914F344543B8BF14B5F558	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
C:\Users\user\AppData\Local\Temp\scoped_dir7828_2011385404\CRX_INSTALL\manifest.json	JSON data	E805E9E69FD6ECDCA65136957B1FB3BE	2356F60884130C86A45D4B232A26062C7830E622	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
C:\Users\user\AppData\Local\Temp\scoped_dir7828_2011385404\d491cdca-1b4c-43e9-a001-d139391629d3.tmp	Google Chrome extension, version 3	78E47DDA17341BED7BE45DCCFD89AC87	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
C:\Users\user\AppData\Local\Temp\~DF046BB3C0F9D0D683.TMP	data	F78FB994E8C549FCB73BAC1982C556A6	5D5EF6A9E3575BC012E13EE681E8A2BCF7D04573	ECE049128EE4795CBBBAC0E13C4C9344C5CB037435336B3A579F74256DFD338A
C:\Users\user\AppData\Local\Temp\~DFA8146A3F7DD53FBF.TMP	data	06ED35A5EDD6FB96AC0F5869390B08B8	5E598678E1468D81E6E4F8D28F94B0DA031FBE8D	1C42B54AFF58C22C302FF66E73152F0C1C4AEF4E5415C13E3F6CF2528C4933F6

ID:	1541101
Product:	CloudBasic
Start time:	12:24:12
Start date:	24.10.2024
Sample:	{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2d3c508321b32b43ee4192d54bc0ed15
SHA1:	e60a6dc0e6374c5adffce59e1b34635769e39767
SHA256:	96003b2bc14e105d7649310c9f5f0cb1b71c809a17b07a6456be4e4841cba187

Windows Analysis Report
{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report {89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml