Edit tour

Windows Analysis Report
msedge.exe

Overview

General Information

Sample name:	msedge.exe
Analysis ID:	1545493
MD5:	a612491f651737fbc1f3d82946fe1b87
SHA1:	1addddfb5d7a9f894aa6855a645f80d79d9bfbb2
SHA256:	ebdac9115889135eb8ce602c9ae0eeecaf6ac9e6dcd144b496da4339fa9d90aa

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PE file contains more sections than normal

PE file contains sections with non-standard names

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

msedge.exe (PID: 6852 cmdline: "C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe" MD5: A612491F651737FBC1F3D82946FE1B87)

msedge.exe (PID: 1640 cmdline: "C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe" MD5: A612491F651737FBC1F3D82946FE1B87)

chrome.exe (PID: 6024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,8751509080517214415,9528666243454215490,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

msedge.exe (PID: 6224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.microsoft.com/edge?form=MA13FJ&pl=launch MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2328 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6980 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6508 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5280 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: msedge.exe

Static PE information: certificate valid

Source: unknown

HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49758 version: TLS 1.2

Source: msedge.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: chrome.exe

Memory has grown: Private usage: 2MB later: 31MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.169.183

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: dns-tunnel-check.googlezip.net
Source: global traffic	DNS traffic detected: DNS query: tunnel.googlezip.net
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: www.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: c.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: s.clarity.ms
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827

Source: unknown

HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49758 version: TLS 1.2

Source: msedge.exe

Static PE information: Number of sections : 13 > 10

Source: classification engine

Classification label: clean1.winEXE@93/177@31/230

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\cfb2d481-642f-4357-9457-10378ace7601.tmp

Source: unknown	Process created: C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe "C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe"
Source: unknown	Process created: C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe "C:\Users\user\Downloads\DxgwgzTGkN\msedge.exe"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,8751509080517214415,9528666243454215490,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,8751509080517214415,9528666243454215490,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.microsoft.com/edge?form=MA13FJ&pl=launch
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.microsoft.com/edge?form=MA13FJ&pl=launch
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6508 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6532 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6508 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5280 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5280 --field-trial-handle=1960,i,988751400898663785,18138853272737918833,262144 /prefetch:8

Source: msedge.exe

Static PE information: certificate valid

Source: msedge.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: msedge.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: msedge.exe

Static file information: File size 3856456 > 1048576

Source: msedge.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x26c600

Source: msedge.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: msedge.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: msedge.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: msedge.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: msedge.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: msedge.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: msedge.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: msedge.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: msedge.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: msedge.exe	Static PE information: section name: .gxfg
Source: msedge.exe	Static PE information: section name: .retplne
Source: msedge.exe	Static PE information: section name: CPADinfo
Source: msedge.exe	Static PE information: section name: LZMADEC
Source: msedge.exe	Static PE information: section name: _RDATA
Source: msedge.exe	Static PE information: section name: malloc_h

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
msedge.exe	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
plus.l.google.com	142.250.74.206	true	false	unknown
play.google.com	142.250.186.142	true	false	unknown
dns-tunnel-check.googlezip.net	216.239.34.159	true	false	unknown
tunnel.googlezip.net	216.239.34.157	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	unknown
ax-0001.ax-msedge.net	150.171.27.10	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.97	true	false	unknown
js.monitor.azure.com	unknown	unknown	false	unknown
www.clarity.ms	unknown	unknown	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
s.clarity.ms	unknown	unknown	false	unknown
bzib.nelreports.net	unknown	unknown	false	unknown
c.s-microsoft.com	unknown	unknown	false	unknown
c.clarity.ms	unknown	unknown	false	unknown
apis.google.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.6.158	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.74.206	plus.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.22.242.11	unknown	European Union	20940	AKAMAI-ASN1EU	false
13.107.253.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
204.79.197.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
204.79.197.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
104.254.150.241	unknown	United States	29990	ASN-APPNEXUS	false
23.32.185.131	unknown	United States	16625	AKAMAI-ASUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.70	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.173.84	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.142	play.google.com	United States	15169	GOOGLEUS	false
216.58.212.162	unknown	United States	15169	GOOGLEUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
13.107.246.67	s-part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.129.108	unknown	United States	54113	FASTLYUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
13.74.129.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.74.195	unknown	United States	15169	GOOGLEUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false
216.58.212.170	unknown	United States	15169	GOOGLEUS	false
172.217.16.202	unknown	United States	15169	GOOGLEUS	false
23.96.124.68	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.198.7.175	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.27.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
173.223.110.175	unknown	United States	16625	AKAMAI-ASUS	false
2.23.209.135	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
96.7.169.183	unknown	United States	262589	INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR	false
142.250.185.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
216.239.34.157	tunnel.googlezip.net	United States	15169	GOOGLEUS	false
20.44.10.122	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1545493
Start date and time:	2024-10-30 16:08:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	msedge.exe
Detection:	CLEAN
Classification:	clean1.winEXE@93/177@31/230
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.5.88, 2.23.209.153, 2.23.209.132, 2.23.209.142, 2.23.209.140, 2.23.209.143, 2.23.209.150, 2.23.209.133, 2.23.209.135, 2.23.209.149
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: msedge.exe

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4108d847-4124-4719-8199-7af90c61578f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	64307
Entropy (8bit):	6.104184663835042
Encrypted:	false
SSDEEP:
MD5:	269671DC4A16FCB934B8B936B3017717
SHA1:	5610775BE562344F6ABA37B894C26D7437EE5924
SHA-256:	35798141BAE37ED709858F182F902899A4F99C3206713BD23BE34A6FB2020BEA
SHA-512:	7B9078345220A418A8960899306ADA766CC381F0EECFB30D78BCA15F34C79052CA423692E9E36F0A73CA71D549364EC0FFD24783C657634152C361D3AA3E492F
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"9E0A5915E51EE1E95D843B1CDAB336B8361C98398784A73FC6A8A28F910D2E75\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\9f4a73b0-02d3-4f58-a8f6-06943b1004cd.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.64015579084369
Encrypted:	false
SSDEEP:
MD5:	038E7B1B5D619E7E269F8958983AABEF
SHA1:	0FE7A0B47FA291DB6E046802984722C83C0508C1
SHA-256:	05DF0B9A5B45CA0DF8623F50EDD9740F79AD1BD5B359037D5E379093282388DE
SHA-512:	CED1EC90A03EE97FA8BA6E4D0ADD65101492AF8E392F552B4B7818BB58577C898E68CE36366A172A90C0088D055C29415E71103A89C68DF09A746128519657BF
Malicious:	false
Reputation:	unknown
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	038E7B1B5D619E7E269F8958983AABEF
SHA1:	0FE7A0B47FA291DB6E046802984722C83C0508C1
SHA-256:	05DF0B9A5B45CA0DF8623F50EDD9740F79AD1BD5B359037D5E379093282388DE
SHA-512:	CED1EC90A03EE97FA8BA6E4D0ADD65101492AF8E392F552B4B7818BB58577C898E68CE36366A172A90C0088D055C29415E71103A89C68DF09A746128519657BF
Malicious:	false
Reputation:	unknown
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67224C7D-1850.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.47216825955356556
Encrypted:	false
SSDEEP:
MD5:	5C0EC7F1D5C17F68640729023F18E708
SHA1:	5D9F482DB4ACE375D0A6D1EAF2E2B8986744A422
SHA-256:	821639FB2AB4E7450AA04606CF2865FBCD8219FE1F8684874B48DFE6E1F0A737
SHA-512:	356180571DE2C5E5BBB55DAA47566E1695E162F5CCA9B3D5098A150741D100F69A735B786BF53FFEBC47656A7208756B4A506E2D5EE7B7FCEA4B63F9DA832A9A
Malicious:	false
Reputation:	unknown
Preview:	...@..@...@.....C.].....@................G...G..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?.......".bvifde20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....s..^o..J...W..^o..J.....1.^o..J..,jp..^o..J.......^o..J../T...^o..J...X.p.^o..J.....p.^o..J..~\|[..^o..J...c...^o..J...t...^o..J.......^o..J...Y...^o..J.......^o..J..w....^o..J...G.Y.^o..J..h....^o..J..A....^o..J..1H...^o..J..&.t..^o..J...c=..^o..J....J..^o..J...h8..^o..J..3.(..^o..J..!n...^o..J...S@".^o..J.......^o..J.......^o..J...j.8.^o..J.....-.^o..J.....z.^o..J...b.J.^o..J..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.15595900038611
Encrypted:	false
SSDEEP:
MD5:	F5644846573AB9A403B3ABF3DB0D6CBC
SHA1:	C0B62A0FC07AA59C6C55175458C839CE82AEF86B
SHA-256:	F6AA3134A979A27B1E9B3D6BF0B04C5D7B61545A4BCF0DCF0F8CAA433485770A
SHA-512:	2DAC5FC67FA34C6C732FAECAAB2CDE6BBB334A65FC859E61C67D898055C4D165D0E27B813E078645D234E4F59DE3B7EAC15C62A28DD32B383FA764FAADDFED90
Malicious:	false
Reputation:	unknown
Preview:	sdPC....................x.....RG..zl.!{'"JtyQ1A2NEIlw0A1806yiQy/yZBiHUYGocRJ4ref8zwc="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................2e0302ca-60d4-43ae-a7a2-15a4516f8209............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\337fe747-bd3e-4c1a-a3bd-fe989aa06a44.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14374
Entropy (8bit):	5.251986437324349
Encrypted:	false
SSDEEP:
MD5:	38099CEB25C838AE240775C759C196D4
SHA1:	E55F0F8AFF2929DA62B1A19800A07DFD70E23717
SHA-256:	7F9768CF2A680A43D60D077BFEDA0B57082A08AA09263F5A223EA8DE91114B92
SHA-512:	1D1CB13949C3E389B3B47E1B37E66C0D712B03EB66570FE27A81B5C2798473FB6C4BF0687C8DCFF20687F76451F78F77C25F70F59FA77C6C32BDE7F82B62FAD2
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\614dae87-3f8d-4db6-bce2-f4571cfd33a4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Reputation:	unknown
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\81748485-c38e-49c0-a931-aa61634ee627.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	30243
Entropy (8bit):	5.566983090453332
Encrypted:	false
SSDEEP:
MD5:	68BF35BD0D5CF0D7FD9FA3D91AF4C4C6
SHA1:	43F8229F4C4FCC9194F32EC8802D7075FA425E63
SHA-256:	4604FB47C89E56B03524978D9486BD5D069945863F4C3D5E0B4AD1431A6F3F15
SHA-512:	197E3BE56EB009818B547E978A0967D6A16246AB195ECD594F76B87AA862C50659F4916180EEA25FAA8419421C1CBFA0BCF82944EC77B25EB9269FB37C0AF860
Malicious:	false
Reputation:	unknown
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13374774655956756","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13374774655956756","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\82941a74-c9f7-4ade-a82a-516d8ebc0439.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14024
Entropy (8bit):	5.2492669845395294
Encrypted:	false
SSDEEP:
MD5:	A69C6E808DF248A1244B15AA4FA60637
SHA1:	904EC4B02F86D8075A4191D071E767F4CF153865
SHA-256:	7F4490D2C4E2D06EB7549200DB4A6B3B60FE063A3462149CDE873A74029C0F18
SHA-512:	A3D41461E999DC2241FB4EDACFEED454D3012C4132DFAA86409E54D098E206AA40F603203A4F02B90B725FD625AB6F2E59A1F2058ACADB22EF1CC69193DD457D
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.198787316197068
Encrypted:	false
SSDEEP:
MD5:	13B49AA4DD2BEF47B0C5A77F89E18CD0
SHA1:	D6C22935B1FA751884C1C7BE1F71DEAF2454076D
SHA-256:	A403797E4158A28CF166A257B38DF0C4DD9F200A0D7568FE8C9486857FC098B1
SHA-512:	52153B488EB307E23782D6C8742C5AEB2363811F7F7B82141E243F7E07941CE23E2CEB6EDBF512A6DBF48978FCB0D553C8ADE41FEA0016061F14007B053D5436
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:11:03.345 1954 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/10/30-11:11:03.434 1954 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	1764710
Entropy (8bit):	5.138100861973374
Encrypted:	false
SSDEEP:
MD5:	97D43201F25452D4CBBFB5568F54B90B
SHA1:	1181000BBB2473F7175A007DE73C6D3F7796F4E5
SHA-256:	DCFBB5386BED3A29769DFE7ECA46664F4A50E7AE529590074793F8E9DE70F142
SHA-512:	D7FEC20A3CCEEE776EAD60699F623A87A4037FF1CDCB718C8446E1AA50CB193B6B34FBF18CDE29AA547277B3DA7334A0F5D0DB0396E0D169E7CCAD24EA5D7A82
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1o.F..................QUERY_TIMESTAMP:arbitration_priority_list4...13341059034905508.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.027151143715963
Encrypted:	false
SSDEEP:
MD5:	B8CA74E3DC3410116FE6A37DE5202606
SHA1:	4F43D581BA27393B13B278816AC5097AEB593267
SHA-256:	EC0424910C73AB6A4B726BF23F271FE5B28B1DFF02CE9A5F5E4FAE10625DF97F
SHA-512:	0AE89AB9D8645B6B36F7DE0657685ECD35DBF93DF0B8B5E3AC7ED69E2A5FF2895196AF2934D7421DC37F0A56A49513577EC042DE1D9034DF40009A68FE3B3B01
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:11:03.353 1c08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/10/30-11:11:03.358 1c08 Recovering log #3.2024/10/30-11:11:03.420 1c08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4589728972350118
Encrypted:	false
SSDEEP:
MD5:	1217F8D8FD188CA5EFDE565BA4DF8D44
SHA1:	2219A0D2216E0644F07F8A24A90EE7D3D6E9FF1C
SHA-256:	4F4581E4CA65976AF49AEA6088F73DE6F2E0F145D881B15B5C1508F361F8E35D
SHA-512:	6D8DDEB8CE19978AFE7012E45525BE8A9B47065978B3A9FBA6C19CCF46C878076AFAA05717360440631C07D668821B34A7D9E61B5A8C687C85311671EF5E2F23
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	638606
Entropy (8bit):	5.996763751440564
Encrypted:	false
SSDEEP:
MD5:	950DFB43E8B9EBB5BED031D6D7DFAFC0
SHA1:	EEE8C6B2169EEC83935A257004CB88BF4DC6FFCC
SHA-256:	63C9D0DA7BA2C8FC3ABECC2D497C347A5EB97FEDBD93832AE9D22EF8CD5370DA
SHA-512:	8B0D0B9F710E87ADA01E743451F06BBC23F33A91A7F35910852B1592275398E8288E65CF4CE34CAB77914DEA8C3BE620F5776BEE28BA699B2BC8F87B10255B60
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1..&..................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":9,"bloomFilterArraySize":3780241,"primeBases":[5381,5381,5381,5381],"supportedDomains":"nvtbJp/9RhJ3t1XbyizjtRqVC4bjDAcDy2k4mUQL5KxCs1Ot6MIVmuYiBD5st3Z8iOhdEQROgj8RhGoxha9D0h69SVGQo4x41L2z165VPHt6MhCwezHAKBYins3GNNlstfcZVOaKjQ/8+KHJvOLQcZbvdpNw6xla0SMUVosYIxr0zkugtr4t/duYfvZrB0dP7l6lqnCz95qezS7lLLQ7p9wQQYEJDhgsipILqzqb8n/n4q/774BtQxswa6ow5w1Idik6mFGiRdLGPBjILOPKqQvpkIpepPeYdEVLAEhQqJ9DCRM1hYaOQPlt//9v8sjRgiM9TqQGTYE1VV5dM1/7r11Dkh0+hJRwgw+NMUAAVhM3gP5TNq5Ny8cTWXCaJe9PlSpU0p5FxYFbnX0ouf34wXJ69qiZECBpkLnbCZv7D4v834n2I8n0VBELRDdMlCOw0BgUmGKjkj6GK0ZeDxRo6DTAv0QEUCELgYa8oZ7hTTbd4WURrrv+S64h2rRFmfFE0X4THiVwKMVj2eoH5o/fmRGB2AiVYOEY0AJMhAA2sNLVmqzUFwo46+ADBGzAzIIEueilJN3giNnV/LjIOu53XWm3Tv9SAhWQc4ArqLEkH0ccj8Ti3BIDS2/iEjABGeZDWWHfJ6GXUez9yzi5b2DMvc89laBRMsmiP3k2S4G6QUC5TIBK2F9/00dtqFJtNefExQKLXFy4+m/ARiSH3LA1YTAW326f/2wSRopnKQEry3j4M+NQSsTD7SHKX4M5S1YU87KYbQHJxgQ5HzLdeFkXoZRjRDauBLIA6Md

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	224
Entropy (8bit):	5.504382592848611
Encrypted:	false
SSDEEP:
MD5:	EE8560A9D1B608114AF89899AFDBD15B
SHA1:	0341DDD91F43397B7B56ACFD9D55704AEAA306E3
SHA-256:	37657841DFFC139838BB7505872CC7ED34E1631EEBCDBDC54A65B20EB83F3D1A
SHA-512:	5867E5CFF0FF38553E0B764A8B3598F3BF8C108C092074CA09FE13498FD49C7C4C04E7D0923873B3C54304F55AFE2E1F0368C81C23E170A8673E2934DB3DEA30
Malicious:	false
Reputation:	unknown
Preview:	.rf.9................BLOOM_FILTER_EXPIRY_TIME:.1730387478.367850....G................BLOOM_FILTER_LAST_MODIFIED:.Wed, 30 Oct 2024 13:01:20 GMT.U.K................FLYOUT_STORAGE:-{"personalization_data_consent_enabled":true}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	638581
Entropy (8bit):	5.996047053873008
Encrypted:	false
SSDEEP:
MD5:	F649FF9F95962C0A8B3449432CA977FB
SHA1:	61C2C8E8C1E22D9E6EF991E756FA2DA8276D511F
SHA-256:	0D979D61C503F174E444CFACCAA0F36CA07548D5F0AB7DD37ABB8ADC0C65412A
SHA-512:	163C440FE27405ED94B2E31FD919C5E71958BA954820A8375A5646DEF6B92D03DDB7E22DA8E6F0190B33A5D0016026429A16216EB08C1CA65339CC393DA8539D
Malicious:	false
Reputation:	unknown
Preview:	....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":9,"bloomFilterArraySize":3780241,"primeBases":[5381,5381,5381,5381],"supportedDomains":"nvtbJp/9RhJ3t1XbyizjtRqVC4bjDAcDy2k4mUQL5KxCs1Ot6MIVmuYiBD5st3Z8iOhdEQROgj8RhGoxha9D0h69SVGQo4x41L2z165VPHt6MhCwezHAKBYins3GNNlstfcZVOaKjQ/8+KHJvOLQcZbvdpNw6xla0SMUVosYIxr0zkugtr4t/duYfvZrB0dP7l6lqnCz95qezS7lLLQ7p9wQQYEJDhgsipILqzqb8n/n4q/774BtQxswa6ow5w1Idik6mFGiRdLGPBjILOPKqQvpkIpepPeYdEVLAEhQqJ9DCRM1hYaOQPlt//9v8sjRgiM9TqQGTYE1VV5dM1/7r11Dkh0+hJRwgw+NMUAAVhM3gP5TNq5Ny8cTWXCaJe9PlSpU0p5FxYFbnX0ouf34wXJ69qiZECBpkLnbCZv7D4v834n2I8n0VBELRDdMlCOw0BgUmGKjkj6GK0ZeDxRo6DTAv0QEUCELgYa8oZ7hTTbd4WURrrv+S64h2rRFmfFE0X4THiVwKMVj2eoH5o/fmRGB2AiVYOEY0AJMhAA2sNLVmqzUFwo46+ADBGzAzIIEueilJN3giNnV/LjIOu53XWm3Tv9SAhWQc4ArqLEkH0ccj8Ti3BIDS2/iEjABGeZDWWHfJ6GXUez9yzi5b2DMvc89laBRMsmiP3k2S4G6QUC5TIBK2F9/00dtqFJtNefExQKLXFy4+m/ARiSH3LA1YTAW326f/2wSRopnKQEry3j4M+NQSsTD7SHKX4M5S1YU87KYbQHJxgQ5HzLdeFkXoZRjRDauBLIA6Md8De8f//+Hv80XHcgAU0zmGNeBlrxwU6r/f3YZYLG4Tq4

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	509
Entropy (8bit):	5.191367304773072
Encrypted:	false
SSDEEP:
MD5:	6458FDBDF9FE480CFC68CE7285F5F172
SHA1:	C6F0EF75930DA978EDF5B97631374AF84ADB68D1
SHA-256:	9877A99BB40F3874384A809B7DE5A99CA55E59A79E55E02C8D22076ACF01AB7D
SHA-512:	BECAA5208F765BAF4B45DA5038A80F068601F314A4ABAADE722DC547C0E5231E3354E5E2B294CB9AF9AA556D0348DCFC2472AAEDB93F9495F09713AAF5B049F6
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.079 d80 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/10/30-11:10:56.080 d80 Recovering log #3.2024/10/30-11:10:56.080 d80 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/10/30-11:11:18.391 17bc Level-0 table #5: started.2024/10/30-11:11:18.413 17bc Level-0 table #5: 638581 bytes OK.2024/10/30-11:11:18.414 17bc Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	103
Entropy (8bit):	5.267898014713841
Encrypted:	false
SSDEEP:
MD5:	FBE0870CC1C26D218BC257BAA053EED2
SHA1:	4337B33B02CCE2B1E9BCF5E3A8DA04487A573999
SHA-256:	B68A07924C707C4AB06CBD0D3BF044C1EDFC309E06492D1206D8BD05755B3539
SHA-512:	B829214F940B31EC2AB5CA14E015F81A5F366E853DE4C3565409C2DB52306A567496F78ED62138154FDD4C36DA3DD5482B9046708C205801AD2D8D8FC850720E
Malicious:	false
Reputation:	unknown
Preview:	.\|.."....leveldb.BytewiseComparator......."..7...............&.BLOOM_FILTER:.........DB_VERSION........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.613964807303985
Encrypted:	false
SSDEEP:
MD5:	3D3814C7CF98B6EA16A225CF8332A145
SHA1:	DA7CA5E380B344C3D308FA5E590A3593CE754A17
SHA-256:	9A028C71938B8FDDAE50FC3F15F5859F0198DF3F9BD3A891BA8CEF641864B0B6
SHA-512:	4FB974C24654FFFB5980DFB8CBD984C6341E183438613BA7EEB8CF887FEEDB35E6BFA02BD25551423A3648E584EA81222C5FA9CF18236E905214D2A030B89C35
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354088963582238
Encrypted:	false
SSDEEP:
MD5:	F6CFF8301FD221D1A0C1CEC564F13124
SHA1:	DF5EB30529660005B09C5A41768449B20C40B0CF
SHA-256:	A5F74096A43CBB815A9DC374B85DF550B9798DDFBA650436D140CF4A04C51527
SHA-512:	5686838CC2E0E384B8DF3587D3A74555E361BF4331F2586825D0756EA5B735BABB071F912BC8BF38AF91956A1BF5E911AF5EA4603B65637438EA99F0FB6D54C5
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1.c/.q...............&QUERY_TIMESTAMP:domains_config_gz2...13374774664631397..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.087975560993375
Encrypted:	false
SSDEEP:
MD5:	174ECA783C4F018743BAF42FD95847E6
SHA1:	DAC33050F7E4D19FB691298BB22B590ADD911D85
SHA-256:	4461872026B535CF0E12F50758C4592D4CB707190909F7981872AA399E2E1A2A
SHA-512:	C7E277736E51E4C6D215A934AEC4E3AC46C701970A065F4001E58AB32C4E3BCE12C1A293EB518ADEE7502EEA6F403CABBA349B849CEFA57212FACA48DD44EA3A
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:11:03.381 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/10/30-11:11:03.442 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324606594783359
Encrypted:	false
SSDEEP:
MD5:	475B91426106053C4C920B3F901423A2
SHA1:	25BF088C65BBDCB16AEEE491FA4A53BE45295407
SHA-256:	2565D2A71FC82B04130E14B166AAA1EA21A148DAEF2BE7BC53B679CEF302807A
SHA-512:	06ECBB409BDD7CBA9E0D09BDFA4E1666AB57DC6A46B7642450D953F69814A5D1F737E46D387525F35E72767798E1E8224C4E59C5339A043DA65D38C5F9A7AEB3
Malicious:	false
Reputation:	unknown
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.112001918342469
Encrypted:	false
SSDEEP:
MD5:	26770AB5341274C29D1ABE57DA41B756
SHA1:	2EBE3B49B904A670DACCF169187D0A919F0AC905
SHA-256:	A9F535826A10B03D8E7EF181774241309833C7368CE95C59187631411D367C2B
SHA-512:	EC3E89F50C414938053373048F991FF06014FB79978063E56FD02706AE227E8EF3EB4B617A9F636FD724CB140801DB403A970E5E70DA76ACB5B4470946C0551B
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.129 1088 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/10/30-11:10:56.130 1088 Recovering log #3.2024/10/30-11:10:56.130 1088 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Reputation:	unknown
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.13670501322628
Encrypted:	false
SSDEEP:
MD5:	DADB155397A8D80931D7F4504CF37181
SHA1:	1FA0524B8C485EF8B50532930EB5F4CEE6C78CBA
SHA-256:	A266F427B7AA99D6BAB181890AF59E5E7C329CD50E9588303C5D9BC0415E28F5
SHA-512:	3672E0D7FC7863B70A7C241B2CF1F430606F4367E2F2992C9393E2B9EAB7DC7DA9E20F441C79E747C6F096D782936692524D6F06D779F093B61E9564EA00AC5B
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.273 1088 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/10/30-11:10:56.304 1088 Recovering log #3.2024/10/30-11:10:56.304 1088 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Reputation:	unknown
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.1268637828837464
Encrypted:	false
SSDEEP:
MD5:	4E5C0C7DF3170B57741AB7647CC68D00
SHA1:	02095F7A100347F94A07ADE2DD15932B28301002
SHA-256:	551E45EB9D8AC60D1D74F8BD3F8B9365697F3EF04F5E32B4931B7B0AA375389F
SHA-512:	D8579CE3A7743D814BBED34D4A0ABF803D58CDD33647316B87D8C684F1A5DE1BEB43ADD75DF823AA3CD6537705C785F81D66CADE89F81F01119EF446639318DB
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.662 c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/10/30-11:10:59.663 c04 Recovering log #3.2024/10/30-11:10:59.663 c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Reputation:	unknown
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 16, cookie 0x8, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	4.970938119268818
Encrypted:	false
SSDEEP:
MD5:	5AD6A58C851D6A7D9C09FEAEE18E5516
SHA1:	58F88088FE24513D346232B7515688D8A5C49059
SHA-256:	F99806C16558100188CBA2EF6671904BD8793C112D145EC9DFFF5841DCA29940
SHA-512:	C62A9F1EEDDF6EF5D5FF6F33CAA02F523A9B67E0C66DFBE6ED6AAFE2CE13D7AEA1FA858F69BBF058F7CD4875BFA3A5F1FF2324858ABD224041829B73A21A3AEE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.7175822538757294
Encrypted:	false
SSDEEP:
MD5:	B62289B2321F8A16F53B0ED2D8BD0AB4
SHA1:	026D889B8A80995A76154ED150727595358D8924
SHA-256:	D0AC039776C39CFDE3424B38D17E4423CAD2C42DA5D63246A9BC9A348D217879
SHA-512:	6D62A4C4A298194F6E117D49DAA6D486CD25D725609E85811DEBB21BA171A2A00925D9AF58EB21210D54333645E3C3A4C8438F4F32D728C3711BC06F2EE6977C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Reputation:	unknown
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.647775548001796
Encrypted:	false
SSDEEP:
MD5:	0D13882CEE76A330FCFE1B489392D1CB
SHA1:	2A7D9D13246AA73F6512E09100D4AE58BBDE2B8F
SHA-256:	E59A5A32D73F45F7E6F3391551F148D90CC12BF131DD9095C8F99CDF11C3A48A
SHA-512:	7F6665714C652B6456CDF968FA0C83777D23106400E370F2D1C8A0BF568EB2E4668FAEA21DD22EC93EA9DEF192CAC8902A1F8791E728C4F8C75A371D01D47F9A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.264880295775338
Encrypted:	false
SSDEEP:
MD5:	F0739556C21E6324555B3E515BFE5E3D
SHA1:	ACC8B81BD30DEA05A29C168561DC21DD7F7A3EE5
SHA-256:	EF07C0930AC6ACDE9F286AF1A8F8E8E63673DC924EE6680A06BF6A3CF50DAC2B
SHA-512:	C5FE4AAD449A1916BBCFCBE4919370E18ED651C8CD1D8AEDCCA5C94AD923E336928CE078B643B30AC9F610027E125F0446A3FD40FD721C35B8563C5B9109ABED
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.976 c04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/10/30-11:10:59.977 c04 Recovering log #3.2024/10/30-11:10:59.977 c04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.136198720330377
Encrypted:	false
SSDEEP:
MD5:	F088836A91422C74495170D1D86716A2
SHA1:	7D84E04D0B23691CD4A56993DD682594F2B068C6
SHA-256:	87CD75BCF14775F1496048379B63E420B7BD60DE734EEC618A378AF077D5E604
SHA-512:	9D7C4C36E8F38281F84788D89647D2888C084C15A7873D3F6AAB744533C537EFF31EF79703390146386B4B718936194E960BA0F2B454295A08800DE3563AE4AF
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.380 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/10/30-11:10:56.411 1894 Recovering log #3.2024/10/30-11:10:56.414 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\12c48195-e3de-4962-9aa2-3f5170a1a912.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7d6f6221-c5d4-4522-bde9-d36ea1b37e38.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Reputation:	unknown
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.112659077562593
Encrypted:	false
SSDEEP:
MD5:	08434AB1A38767C79CEAAEAF1B0A66F5
SHA1:	85CBAB88E6AD885893F35084EEAAA9241500BFFE
SHA-256:	954ADD312DE9EA35372FDAD312898470FA3DCEBA6DDF554A4C8DAD68D00ADB2C
SHA-512:	E4D50436567F89F2BE6C5F160EF3285C6A14C366B540E90947B0A95E9DA28EE3CFFF48D8692C1D96CAC2D5D30FBB186001F3D72F6F73D7BF2807E47E8DCF5709
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Reputation:	unknown
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7391107375212417
Encrypted:	false
SSDEEP:
MD5:	A74BFDCBFB880F469AD54BEF7B1B0C88
SHA1:	0012DD82FEB43839A30557EAF9E8DB2EB7259142
SHA-256:	63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
SHA-512:	203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	02E0291EFD35F06BF411B12AC01BCD95
SHA1:	695242FA85BE2E43B769AFCD7450B48FA9E18BC0
SHA-256:	2A85DD19213DC9C76208D3B7014B353FF5A9C63DCCCF456A0EAE569DAC0B8348
SHA-512:	2A0D0DFCA6505B67BE7F79D504FB3BE62F1DED20D1C1427350A03330550B00E104598FA10631FF6952FD2389734075031E18501D24B513ADD7FD46A0BBA1D808
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34f1b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	02E0291EFD35F06BF411B12AC01BCD95
SHA1:	695242FA85BE2E43B769AFCD7450B48FA9E18BC0
SHA-256:	2A85DD19213DC9C76208D3B7014B353FF5A9C63DCCCF456A0EAE569DAC0B8348
SHA-512:	2A0D0DFCA6505B67BE7F79D504FB3BE62F1DED20D1C1427350A03330550B00E104598FA10631FF6952FD2389734075031E18501D24B513ADD7FD46A0BBA1D808
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37aee.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	02E0291EFD35F06BF411B12AC01BCD95
SHA1:	695242FA85BE2E43B769AFCD7450B48FA9E18BC0
SHA-256:	2A85DD19213DC9C76208D3B7014B353FF5A9C63DCCCF456A0EAE569DAC0B8348
SHA-512:	2A0D0DFCA6505B67BE7F79D504FB3BE62F1DED20D1C1427350A03330550B00E104598FA10631FF6952FD2389734075031E18501D24B513ADD7FD46A0BBA1D808
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	83572
Entropy (8bit):	5.6640599678015615
Encrypted:	false
SSDEEP:
MD5:	2B2A8D6C963C36582FEABB3D21A8449D
SHA1:	4AB34BFABE0BA7F8E79EAE64CBF2B9090090618E
SHA-256:	CE76C5710B1C12CE5659B32EAD991C7D4333A2AF9D3737EE55136378781BCEF6
SHA-512:	2C3299E17451818BB8EF434E75871B895D240FBA36A339AB8A87E66BC15D658E3E1496F19BF0917E4BC128B03123707C7BE8EF1091C572379D1DC7F8CFD962C4
Malicious:	false
Reputation:	unknown
Preview:	...m.................DB_VERSION.1o.@.j...............(QUERY_TIMESTAMP:product_category_en1...13374774687746494..QUERY:product_category_en1....[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.1242759382993
Encrypted:	false
SSDEEP:
MD5:	37B98ABD5DF049B2DC8BCDF597988FCD
SHA1:	F0CD5AA3CFA475CC175FE8022C31B2AE61297E15
SHA-256:	E9428D07AB8D57EDBAF823D13910C6FFF439EEB3E673B2DB168046CE9BE6D7BE
SHA-512:	8727730483B5013C72BF0132834DB3854C47C9367AD694F9A970A44C315038F50F1C0D55FC7F46508D92A476BB6726A3DFD1D81038C887C3A9DB2E29998E8888
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:11:26.861 440 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/10/30-11:11:26.876 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	68BF35BD0D5CF0D7FD9FA3D91AF4C4C6
SHA1:	43F8229F4C4FCC9194F32EC8802D7075FA425E63
SHA-256:	4604FB47C89E56B03524978D9486BD5D069945863F4C3D5E0B4AD1431A6F3F15
SHA-512:	197E3BE56EB009818B547E978A0967D6A16246AB195ECD594F76B87AA862C50659F4916180EEA25FAA8419421C1CBFA0BCF82944EC77B25EB9269FB37C0AF860
Malicious:	false
Reputation:	unknown
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13374774655956756","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13374774655956756","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF34f2b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	68BF35BD0D5CF0D7FD9FA3D91AF4C4C6
SHA1:	43F8229F4C4FCC9194F32EC8802D7075FA425E63
SHA-256:	4604FB47C89E56B03524978D9486BD5D069945863F4C3D5E0B4AD1431A6F3F15
SHA-512:	197E3BE56EB009818B547E978A0967D6A16246AB195ECD594F76B87AA862C50659F4916180EEA25FAA8419421C1CBFA0BCF82944EC77B25EB9269FB37C0AF860
Malicious:	false
Reputation:	unknown
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13374774655956756","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13374774655956756","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	454
Entropy (8bit):	4.520074748608178
Encrypted:	false
SSDEEP:
MD5:	511908C838A3ECAE12EE52BFCCEAE008
SHA1:	B8064E7E284FD536548DB67CF5F84B0CF205EFCA
SHA-256:	7F5309FC344B8E0E37E07C1FEE7721C0967A7D20B30137DB544310907C5E2031
SHA-512:	E9C8C6874198002E483CB3DA442CE4452A74E7C2A99B2AB569C70CD13AA21A5335CAB9FED7E962C680A61CFC9619F4313E0D8BC75AA853E74C09211015575B81
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............g..uh................next-map-id.1.Inamespace-4f2e748f_f153_467b_ab90_67bc8cc5183c-https://www.microsoft.com/.0V.e................V.e................V.e................V.e................V.e................6.Lh................next-map-id.2.Inamespace-1e8e70f5_df8b_4aa6_8754_1bfb30d696a6-https://www.microsoft.com/.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.13515625283164
Encrypted:	false
SSDEEP:
MD5:	1A51AD704C78AD176FD0365D55E9F904
SHA1:	C544DBB97BCCC2B3F30955DD71D917BCC4CF3666
SHA-256:	1FD2A2EDE371284E6AFF6F1ACE2639E97A0C45D19CFC10901B34043E8D0E3478
SHA-512:	356FFB1A41F6F4D3054396DCCF45FAEC2B8B2893FFA94F72E7DF4E3A522CE1ACBDE3349C9E5DD6BCD8094AA32CEF6C888746BD6FFAFC0D5FE634D81B7608ED78
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.368 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/10/30-11:10:59.370 1894 Recovering log #3.2024/10/30-11:10:59.373 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374774659410947

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	13750
Entropy (8bit):	3.868632204642521
Encrypted:	false
SSDEEP:
MD5:	2212D1DF2BB1D16BCBBC01A5FEFE2F9F
SHA1:	75DC618901FF54994F65434D575EAE606B9402E1
SHA-256:	E9EAE485A451374403E3C615452251FB23328BEF53DC377B7A9D467E32A1BD30
SHA-512:	BCEC1ADFBF5AB9FCECF4A947FAD44EC33914AC7A1975458153C391A3A6411E373AC829866E7AE2071FCBD2DBC0624BE3BB1802C01040F0B2C0D1B93A237BB371
Malicious:	false
Reputation:	unknown
Preview:	SNSS.......'.H...........'.H......"'.H...........'.H.......'.H.......(.H.......(.H....!..(.H...............................'.H(.H1..,...(.H$...4f2e748f_f153_467b_ab90_67bc8cc5183c...'.H.......(.H....s..........'.H...'.H.......................'.H.......................'.H....................5..0...'.H&...{EF4DAEC1-3482-49FB-8354-00340DC19E1A}.....'.H..........'.H...........................(.H...............(.H....Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47...........................Microsoft Edge......117.....Not;A=Brand.....8.......Chromium....117.........Microsoft Edge......117.0.2045.47.......Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......117.0.2045.47.......Windows.....10.0.0......x86.............64.................(.H...............(.H....Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.20

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	349
Entropy (8bit):	5.074466487814193
Encrypted:	false
SSDEEP:
MD5:	BE3CE5485F9FE122EC509266F2DB6314
SHA1:	9056BC4A6A2BCAFACDA1722D59AABAF5E42A5B38
SHA-256:	FFA2DD780ECAE4658848277BFE045E0082F4D901A9D0DF5C9BDEC263953A8738
SHA-512:	5877E8F778841DDB1E32A9B584A3DF8723DBF62844E809773B6FE0D0AC59F39D552BC9502649C6ACE1990C2A772455D2EA172D3DBDFE5963407CBE435C7B940C
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.049 9c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/10/30-11:10:56.049 9c0 Recovering log #3.2024/10/30-11:10:56.050 9c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.256899090936687
Encrypted:	false
SSDEEP:
MD5:	CBB08F7DDA99F19E12208909FA33F57B
SHA1:	8177755E982B907C220D4F2EB51563D10E08751A
SHA-256:	161BCCA5EEF5C79E97693E92C6937167B65E377967AD667E38C536CFB22C786A
SHA-512:	38A35F70134AD136F99358858544507CC20DD51902C1174FA3797D5726341004BE18EE36B2D469EF73C7FFC3A3782053E0637616164D4FE1FB348EF315BED420
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.664 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/10/30-11:10:59.665 1894 Recovering log #3.2024/10/30-11:10:59.674 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.202625376146753
Encrypted:	false
SSDEEP:
MD5:	31794D01B2F621B6B715B4BE6EF898A9
SHA1:	A6425B3D160E74D0416AAC4A6C4AA710AB3BA2CC
SHA-256:	8E87B8B43E2335FB34832492422CFFB0153CBDC1F99C877E037395B4C326667C
SHA-512:	C04EE2A0902554F148FCD41599B0EE5AA6F971CA98CC71F91C9D243139316CA5F459F06A38956FF28BB7E91985B756326DEF125FF7CE4D43A3E7CF307BC73F3E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:11:14.883 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/10/30-11:11:14.884 1894 Recovering log #3.2024/10/30-11:11:14.887 1894 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.135002260691348
Encrypted:	false
SSDEEP:
MD5:	C77A28A8C2565CC197C5F4AA6AF4163F
SHA1:	5094692DBD8D500A61CBFCBDE921361DA32794DD
SHA-256:	040CA1DB99676DEC648AB6A3F2270B964DA586A9CDB507FE83C5DFA08D65D928
SHA-512:	14EAB775D596CD1129390B0CFF771BF804EDAC1954DA5C0F9796E0C4ECE055AA7D6EDBE06D42FEDE9A9B37FFE07BCE24BDAE8376C46C4D574DC76BD8A1E31139
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:56.130 b20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/10/30-11:10:56.131 b20 Recovering log #3.2024/10/30-11:10:56.132 b20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.008944015021034398
Encrypted:	false
SSDEEP:
MD5:	CF592B942FC7CAFEFCC28F21757B82C2
SHA1:	E656E112E7896B7C8B21C0335DA177C450CBF650
SHA-256:	251AD930DFD66EFA1DE758BADD3A575001FDFD6D19D0A6E2BF32DDD59ECAC777
SHA-512:	3FC40A90F825209C459A6A25B518A656851D0D9BA4569CFDB62AD65BA6B54284EBC128DBEC530A6ABE00B7878CC6B7BAA6AB97151D0D461316FC2656CF577420
Malicious:	false
Reputation:	unknown
Preview:	VLnk.....?......}......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650580082149907
Encrypted:	false
SSDEEP:
MD5:	7E8581B42BEE3E261A3ED3586245BCCD
SHA1:	FA3C5AF2B5CBC55A11DE9FCD43B5B0FB4B197C5C
SHA-256:	60C9F53BA08A11805D157215AB2982C98E73E42FDF2FD4DDD84EB773EC575584
SHA-512:	021C0B72225FD3EDA9B16EBEC3AF481252EA8DE10ACBD7F5B5C50D2874FC3091CC1715A3C4AE696C8B9483D9D3E11E53D75DF2EEAA7C090F6F5DC60C8D20679C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	1.005946681407614
Encrypted:	false
SSDEEP:
MD5:	794770CC634633CF4BC66971667E2505
SHA1:	F9F6CACC1802C3963E8EA97B3F18CA30D405178D
SHA-256:	0605DE2702BED77FA6B185EC46B27FF62DBAC0B5AF87A78B3805A6C203CD7363
SHA-512:	A225C0FEFA5DF43A9AC6BD1E1684A16C61F81D1C29DE96CCFF420F0FAFDBB0A7D342D4B6E988418881B1E8EE3F592B0BECF1CECE0F0BB9A3782B709A34A2B890
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.39689531567966974
Encrypted:	false
SSDEEP:
MD5:	28DD4D415CD776104AADAC48A93053E8
SHA1:	1860BBC6ECBF6853485A66E6EED0790924CE7692
SHA-256:	802FE410377F4A75678FC654A75CC3DA28E7BB682A7215BF55505EF4E3FFB910
SHA-512:	52E583C2EB0C25021B406DC200932BA28479E68AD5E8C8E418E9A5747714DF13280B1D5E178A726CD23F4A22C412EF8BEF3AD433B2B52946C838243FD2C29592
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.21894699840838347
Encrypted:	false
SSDEEP:
MD5:	6224A32ED3D30A8DF8ED6D698DCF621E
SHA1:	FC4544CAD46309A41CB2A228D41FD5D05904578C
SHA-256:	FAD61FD037A7FB47D50500406CDDCE350036C8A5594BF70F8295E83F68ED5528
SHA-512:	59E2891DF1A6148D2BEED125A47779191F17F0F34812F9254E13DCB435BF21A041D11581B1C5F36E355179B4296530F4EC27246C5E8ED0A68B774CE6B59416A1
Malicious:	false
Reputation:	unknown
Preview:	............ zx.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aafc88c7-18c3-4def-a99c-d71de6fdb132.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561914389837898
Encrypted:	false
SSDEEP:
MD5:	31BAD3DD544BEA887891EE7DF68BA214
SHA1:	AF1F3C1B36D2D1283155BBCE0B459884F066F916
SHA-256:	4E036B7A8C0B4D11A35DEE48D8E881E5B4B7B890B081A8EEA0957491C048E754
SHA-512:	284F5BC9888EDB285281EA88A1BCFF30820BA406803CF94D3909B3A505AD1AA7443A10F0C564FF46BF8C6283CD309F1910398FF3C989F4431365C0C82AD0EDD0
Malicious:	false
Reputation:	unknown
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13374774655956756","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13374774655956756","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Reputation:	unknown
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\da96d03b-87a2-4c3a-b2a9-f38cea91d4bc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	10555
Entropy (8bit):	5.190874255900321
Encrypted:	false
SSDEEP:
MD5:	02E0291EFD35F06BF411B12AC01BCD95
SHA1:	695242FA85BE2E43B769AFCD7450B48FA9E18BC0
SHA-256:	2A85DD19213DC9C76208D3B7014B353FF5A9C63DCCCF456A0EAE569DAC0B8348
SHA-512:	2A0D0DFCA6505B67BE7F79D504FB3BE62F1DED20D1C1427350A03330550B00E104598FA10631FF6952FD2389734075031E18501D24B513ADD7FD46A0BBA1D808
Malicious:	false
Reputation:	unknown
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13374774659362979","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13341060137080976","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 15, database pages 21, cookie 0x7, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	3.6206573570866962
Encrypted:	false
SSDEEP:
MD5:	D28DA01551CAD6E936305476188E77E5
SHA1:	8722CE566B27419732BE2F78674DD90F30D109BE
SHA-256:	B0C1D5DC394F74C7D010E1F8E5BD823CA310E3F1EC5403DF505FBCAAB9E68B0C
SHA-512:	64656AA697894C78144ED1392C383A4C56BF49CD901B555FEAFE1DF865F1E8D517C3FE22700C95F8A1C2320DF9B4BAB83DA437BCAE42E1DF6F33D11E594DB6D7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.2270307684055263
Encrypted:	false
SSDEEP:
MD5:	0F6AF7CEA3F3477CA50B2F8CFA962591
SHA1:	5B458BD86BFE86F2E87009DC50022DCAB79D00AA
SHA-256:	2AFA80D0F5E018C6F26195BB4B6CDB3FDF36E4577699D91E683F3E0ABB9055F7
SHA-512:	02A2282CEAE9F59AB1F4BF93F8ADF3B74938C37E3EAF05084D7000530C28138D944EA2D7EADCD28D350D286810352681E763306096B815C7435723D8D063881A
Malicious:	false
Reputation:	unknown
Preview:	..-......................~..g.o.......o........-......................~..g.o.......o..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	4132392
Entropy (8bit):	5.042873435496947
Encrypted:	false
SSDEEP:
MD5:	BEE3E920D986D1A874279E540A2C6994
SHA1:	B7B8F9A6EF877247E917E0E24251469EC84E49FD
SHA-256:	EA1495C4C32757CBD8A54E6D9DB16F4543AA2F39F579D8FF4DCE151DA35B7AA0
SHA-512:	CCCEFC2A80CB5184E7A17BB5FBD6C4E80A982E67DFDA7CADDBB1A8BC5598DFEDE39A47F3F042B0BD45BFE34710247C22801616CA1D61516493E3728C0808FBD2
Malicious:	false
Reputation:	unknown
Preview:	7....-...........o........r. ...........o......pN..[.........@..........r.e.X.K.>.1.$.............a...w.j.P.C.6.)...........................Y.?.2.%.............\|.o.b.U.H...!...............................~...y.p.S.E.7.).............b.........T.F.8...............................t.f.........s.e...W.I.;.-...............*.r.X.J.<... .......................x.j.\.N.@............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	525
Entropy (8bit):	3.5259765934679375
Encrypted:	false
SSDEEP:
MD5:	24A83CF0AA04A5269743B3B3E0E751CD
SHA1:	3B411045E4D58548298FB4B3F527C4EC0D6A677E
SHA-256:	0788F97A0711979F86B81FF5F083D74FB71972A88842A63DC40395643E094352
SHA-512:	A8A1CB6F136007F0757B57DAF13D8A74AECAC7B4FDE49599E9E9759B3FBDAC0C0F51BD7AD9C30275C6FCADF27C6ED344D656C272B746F1D0468CDCC3F12016BA
Malicious:	false
Reputation:	unknown
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f.................s.0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............Ja.;...............#38_h.......6.Z..W.F.....2......2...........V.e................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.156982614332134
Encrypted:	false
SSDEEP:
MD5:	D59C095D5316ECA3F78C19FE078DF4EC
SHA1:	3D83B616FC6696B2E7AC518E8E2A8D687EF2DF40
SHA-256:	CD7DEF4FBDF60437EEC657725AD518C5F52B51D47ADB6EBC137A7BFBD0676C7D
SHA-512:	912F7C1997FD9AAFD4E70DE7999ABEEAD1251D4CBEBC3336B415868ACE65E0417477984916D1C2053BC8AB8368CDD35B33EF9735FE25A5592765339165EFCB2D
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.410 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/10/30-11:10:59.411 1388 Recovering log #3.2024/10/30-11:10:59.411 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	821
Entropy (8bit):	4.0448338863188615
Encrypted:	false
SSDEEP:
MD5:	779E5DACEF226AC699FE40BF126500A3
SHA1:	8B2A479A2C00008C424C9F58D9F0ACF81DB3025F
SHA-256:	7AE3C20095E88D1D03F6348C32E8640E63393A39FA3E6465B5022922C8953D83
SHA-512:	B601168785A98E67F69B958F5C5DC4C74F057E84E7407DA75F5BF8683FA1667033CF73E88E687C1E94C50FDA89B40BB93282FDD512C506A9FC4AFCFB149ED331
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_......Q...................20_.......w<.................20_.......ln.................19_......Y...................18_.....%.{..................9_.....f..U.................9_..........................37_.....9 '<.................38_........J.................39_.....I.Ha.................37_......m.}.................38_..........................39_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.190478363224358
Encrypted:	false
SSDEEP:
MD5:	22BCD7EB291746FD9D73A4F5BE867580
SHA1:	C48EF98AE657AC0B13E4025CD42B94EF5C370D3C
SHA-256:	DEF8EE5A1666FDF5E4CD57EEA215D085CBC2DF3B907970974EA47FFA1D5644DE
SHA-512:	4826B73A6AF832C2F8AB32CA6888968E9D25D0C5A8C4F0E12BB22C2EE1C992E71CD620303A1307E75D37BF858064B808A16E000493FC216F049FED63AE46D838
Malicious:	false
Reputation:	unknown
Preview:	2024/10/30-11:10:59.397 1388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/10/30-11:10:59.397 1388 Recovering log #3.2024/10/30-11:10:59.407 1388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Reputation:	unknown
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Reputation:	unknown
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	269671DC4A16FCB934B8B936B3017717
SHA1:	5610775BE562344F6ABA37B894C26D7437EE5924
SHA-256:	35798141BAE37ED709858F182F902899A4F99C3206713BD23BE34A6FB2020BEA
SHA-512:	7B9078345220A418A8960899306ADA766CC381F0EECFB30D78BCA15F34C79052CA423692E9E36F0A73CA71D549364EC0FFD24783C657634152C361D3AA3E492F
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"9E0A5915E51EE1E95D843B1CDAB336B8361C98398784A73FC6A8A28F910D2E75\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32319.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	269671DC4A16FCB934B8B936B3017717
SHA1:	5610775BE562344F6ABA37B894C26D7437EE5924
SHA-256:	35798141BAE37ED709858F182F902899A4F99C3206713BD23BE34A6FB2020BEA
SHA-512:	7B9078345220A418A8960899306ADA766CC381F0EECFB30D78BCA15F34C79052CA423692E9E36F0A73CA71D549364EC0FFD24783C657634152C361D3AA3E492F
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"9E0A5915E51EE1E95D843B1CDAB336B8361C98398784A73FC6A8A28F910D2E75\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF372b0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	269671DC4A16FCB934B8B936B3017717
SHA1:	5610775BE562344F6ABA37B894C26D7437EE5924
SHA-256:	35798141BAE37ED709858F182F902899A4F99C3206713BD23BE34A6FB2020BEA
SHA-512:	7B9078345220A418A8960899306ADA766CC381F0EECFB30D78BCA15F34C79052CA423692E9E36F0A73CA71D549364EC0FFD24783C657634152C361D3AA3E492F
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"9E0A5915E51EE1E95D843B1CDAB336B8361C98398784A73FC6A8A28F910D2E75\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6111597644407213
Encrypted:	false
SSDEEP:
MD5:	1B30AF3C48C2AABF031B1C94AED4240C
SHA1:	7A045239947E06996A05E91640A22C3CABFB3EFB
SHA-256:	3ED5CEE21B6C34189F3A5316718FD5407A8B626BD6FD8CD5CA4288B733B209E9
SHA-512:	C125F94C34724006009BD84E0B6D79666913F0372469D8C0AA741575C8A2133350171CB24F63D489BFA799DBF1B76A1CFC3DDC6498EEDBFE2AC48C01C740ECA6
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Reputation:	unknown
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Reputation:	unknown
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Reputation:	unknown
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Reputation:	unknown
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Reputation:	unknown
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ab7b3ab3-0461-404d-9261-5633b1f9cfc7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	65693
Entropy (8bit):	6.1025418923466095
Encrypted:	false
SSDEEP:
MD5:	301B63952554F006F95427CC2B402B6E
SHA1:	043EFC0EE039F7BF2EBA0848CB8DDBD34EA1FEB6
SHA-256:	7EB6282F3F699013FF8C5741454A46F49A44F47A8D7B0133C3D567DAD6F174C4
SHA-512:	3BCFDF0FCF3D130B5F8E8EE432D517D4009595FED0FB3AFAA6CC32ACCDBE3F371430800F5B34AC7ADFA50D75D4DD973978AB8848C68E670586DB1C3621725DE3
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1730301063"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d0375e67-a635-484c-af41-a90fe28579cc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	74220
Entropy (8bit):	6.085532074002817
Encrypted:	false
SSDEEP:
MD5:	544EAEABA5DB64E77CE7BC8A52A51FED
SHA1:	297320F4D5270DA64174F45C5F6A8DF33DCB4AB7
SHA-256:	387DDE2CA5B46FDECAF5954AF3E2C8170882A2B0765EB829ACC6769A679607AE
SHA-512:	6FE3F84FAC0E1C2CEA68012BAA294B8C008E6ECF67ABF40654BF5B771917220495B73725267DC3F0C10080EFAEF335D4D345EFE58D29FE9385C53C6BC2C34341
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"scoobe_registry_state":1},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"0"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8485790907686837
Encrypted:	false
SSDEEP:
MD5:	D3CB8E9B64E011C6D83805C381E61530
SHA1:	CFA3C64A784F826D82E8B8DE580315055F0D335A
SHA-256:	35C72305470956365192F7923956EB775472E3D0FCF343E1BEC88B91DC2EBC6A
SHA-512:	06579074715F8D1F3FC031E9582151E842FD18AE242B3171560B36B0203A4E213162937167D295FE73AFB9F7B3208CBA0210C72D7B02AAEAFECBC290C69BAEA2
Malicious:	false
Reputation:	unknown
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.I.J.e.T.+.Y.q.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.X.B.d.M.A.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	4622
Entropy (8bit):	4.002343298504783
Encrypted:	false
SSDEEP:
MD5:	7CF4673D7DAD2F4FF2B31E80BFD66EEA
SHA1:	B516A98619E809E30A8119BB50C94DAA90F167EB
SHA-256:	1E2EFB6BA6670A0D5A50D1B0E0658EC5EC39325B849042E282ABA572366CCC3B
SHA-512:	7268B4CD833D9911F7EA27D0939E59B98EE9A3184DC17CF9EBCA8DEA129F759C45993CA5707369623D81FB4780E77FEBD1E83A0B8ABF5A70461A6504E627F88E
Malicious:	false
Reputation:	unknown
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".w.j.1.u.N.d.4.q.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.X.B.d.M.A.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.902012825109554
Encrypted:	false
SSDEEP:
MD5:	0445963FEF492C129F6C589B5B4DE877
SHA1:	2986F155D8C0D72E9EC2C4FAB624AB432F741BAE
SHA-256:	3D58D01E508BAA99B2973FAF3D00234C3AB66BAF3D91C79702B1BC48923E0643
SHA-512:	2A6A703A92C989CC699AD2AA0E7A182FF71732E67CF867DD635E204640A9F961B072B035407C8E4366FBE03217AF1335A282124F98BBE353D5F0412B09283078
Malicious:	false
Reputation:	unknown
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".3.V.p.B.Z.q.9.J.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.X.B.d.M.A.

C:\Users\user\AppData\Local\Temp\2d5dc56a-23c7-488c-b9e8-5848354e2edb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	103469
Entropy (8bit):	7.5851113512003785
Encrypted:	false
SSDEEP:
MD5:	37CF67E6E5D3AE47CF40406A1E8BE94F
SHA1:	2A6F868ADC761DB9C03869E238BEA0D67D1FE6CE
SHA-256:	B4B4DBE335296D0CCF9C659D671A54C2FA06F8B4E41228CF03E1D21F7C8F9D03
SHA-512:	51F2C8B56592237378BE92C3EFCD814FC3E144120D109B15A7341AB03F9674251EE8B21BB172E6E021100F4EF792A5114D5B94F86EE0B157FD3386975BEC94CD
Malicious:	false
Reputation:	unknown
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\619162a8-2d33-437f-a7bd-481dfea9510d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 3412x1357, components 3
Category:	dropped
Size (bytes):	839587
Entropy (8bit):	7.9822128563508095
Encrypted:	false
SSDEEP:
MD5:	D647F2E5C11DB8A18DB87FD634526A7E
SHA1:	29AEBD5026BFB141234725E3B8971BCD1A203D15
SHA-256:	5BB969028F60C3F0555FA24ED23EEBEE5A6EC55B864978FDA1EE6EDEF44716E1
SHA-512:	B8C02ACBA1CB8B7DFDA2A7EA18AFF6981FE111ECAADAD0E2D1878EE60D3BF199037975F9BC6AC00E0444F9BC05CF7EFF3DBB25655C440FE3CDC26A3381C3A75C
Malicious:	false
Reputation:	unknown
Preview:	......JFIF..........................................."......".$...$.6&&6>424>LDDL_Z_\|\|.............................."......".$...$.6&&6>424>LDDL_Z_\|\|.......M.T.."................................................ ..T(P.......(.AB....(Qb.()K(QB..i......UV...U-[-.-...n..j..o..U..l.T.R...m.h.J)M.-.E(.QK..-.._W.9...s....z...J...((.(....E....()B...(.B..(.)N_;....T.Uij.j.imZ[V.Z..V.5kUw.U..V..UUJ.U[j..T....V.E..Ya..QER.o..oo\|p.V.......E.AE......(.@.AEP((.....e.....(..G?..3..Uj..ZZUUU[M-.km[un...n.n.....T.U.Uj..j.R...-4.....X...W.=..O.=zM...x.%@.@(QB....(..()AJQB...((R............g5UUV.USEU-U..m[..V..[uV.7P..]-.U.E..MV...h.ij..B.a`...Qu..f.=}.s.F....0. .%.QB.@...X.E.PQE...((QB..P(QE)J//..g30..J..R..i.[j..M[uuZ]5..".it....QT...U...K-.V..Qa`..U+S.._G..>]v.N?. ...@...P...(P.J....((QB..)@P.E(U...7.......M.l.UV....+V.t..u.M[...[m...QKKZU..m-QB.....@.!P.W^.k~._~\..o.......J...P..Q.,.P.E.......@...PP.........q...U...UUKKUij..j......-.[.YJ..T..j..V.im.4M.Yu..J,R-.T.

C:\Users\user\AppData\Local\Temp\693636b3-3722-441d-a104-0ab0346dfbef.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	5.372171725679809
Encrypted:	false
SSDEEP:
MD5:	5E9E350E115B87A70594D7B59F16043E
SHA1:	5A8E9C40E7B8BFC2BAE503B2EFCCBD4DF4940649
SHA-256:	CA0FAC76A83947CEDA30A86FF865009954BDA7C6C7D0B85AECD9A4E5F181CD97
SHA-512:	8E3508E9756CABC54077A34835FF1A92B03BD3792F213098EADCCF7E3BE11BFBA479863CA6E474890CE229303C4F5A2BECF558AEF4320496BE9B09FA4F4DFFF8
Malicious:	false
Reputation:	unknown
Preview:	{"logTime": "1006/094402", "correlationVector":"8WI8p7zmTYZPBE2VuaIHdV","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/094402", "correlationVector":"BE656E2071D443B2A044B6460819F865","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/094402", "correlationVector":"ofm+cIrSMXiKDSEfAz53+L","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/100217", "correlationVector":"BAAKQ8ziDwmR+5pa4ka4fJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/100217", "correlationVector":"26B927C0336B4CA88B073123F1EBD565","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/100344", "correlationVector":"0X4rigFMuRDtJh2eBJUoom","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/100344", "correlationVector":"7D72384D1A7E431FAD88F4EA6E3461C6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1006/100656", "correlationVector":"lbOwU396NAlX9/dcZ65n2d","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1006/100657", "correlationVector":"D051616C

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Reputation:	unknown
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Reputation:	unknown
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Reputation:	unknown
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Reputation:	unknown
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Reputation:	unknown
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Reputation:	unknown
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Reputation:	unknown
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir6224_1856030968\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Reputation:	unknown
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir6224_363165424\73029d76-8193-46fa-bf87-9d6c752b4c4b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir6224_363165424\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Reputation:	unknown
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir6224_363165424\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Reputation:	unknown
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6224_363165424\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Reputation:	unknown
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir6224_363165424\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Reputation:	unknown
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:10:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.990286976495663
Encrypted:	false
SSDEEP:
MD5:	03F46E42EEE434B20E5D96BB40EDB136
SHA1:	111847E8DDCD48FE60604B694C425190A029A9A4
SHA-256:	820E575B8BB1E7C83680E76C721124DFB308D5250BF75D65C5EFB78DAA639898
SHA-512:	9B171D301DA1415FCE288F0693456E028A8502FB83082E3350F4FFCED5307206AF1D13A14AB73CB9804E358763B50585CB36CA428F4F6A8CE18FB75C402F4DB9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....H.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^YDy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:10:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.00396835973508
Encrypted:	false
SSDEEP:
MD5:	2DEB4038E0670BAC21EB6F25AD0147BC
SHA1:	931DD6A35E55C34BEEA9E6DF0B93C5E7191D9E47
SHA-256:	55A27D2ABBC6E27008A6624AE2E908A3A721CDED03818D1BE6981EC8B69507B4
SHA-512:	37308300CAB3BA13FF4AC0924DC5F818B7842ADB379A4333EDAC5C055CBD7A566E4B4D2D758EF5B24DACCDC0DB15B1B1B4A93C0EAE5DA7CF226FD91F1D40094D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....H-.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^YDy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0145916420994086
Encrypted:	false
SSDEEP:
MD5:	39BFBA675ACFF027813CD9A3B1EEB508
SHA1:	334A93B624BC448A915864398AEB321D224C0CED
SHA-256:	7DF01E0E3486F280BD57F49D1C178CC4253267AD08962D5CCBB3C76D6A9DB4A6
SHA-512:	A2D15CFA5DC67619FFDF48A821921A42E008A71E3BFB53149534433F60D74017E109901F7F32907C188EA6E1F702FA3F8CE2CE514BC02C4248AF5C49DD1017F7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:10:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0051281982968066
Encrypted:	false
SSDEEP:
MD5:	CFFF05A64EF9C445CB2999F462C75977
SHA1:	13A9F6AF4970EAD70A342BEE315EFD1A89ADBC01
SHA-256:	8B5B9B5BACF2223278AB0A86867C6967985CA04B17B8C26C6996D768F7EDBF09
SHA-512:	5BEF1BA7F1A86935B459A70DD738F208EBF28A54F446269B0C12E7D18B43C487730D77F2A53F1387E1214067F0D6A385EDF4A01B8BD28BE128F7E1F2E1B0252A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^YDy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:10:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99218582549502
Encrypted:	false
SSDEEP:
MD5:	AB6D4B5CAB85C8DD8A53E52E6A3B668C
SHA1:	72E32FDF1E98A3A986BBC2F9841D32417DD93146
SHA-256:	2F04DF8D7C0C6F9C4BA1E0EEDFFFA21F22F075F1FA744ADC30DE7F4649AA0D47
SHA-512:	7FD6BF2D89D1F0DB6174CE8AF4B0F0948C48332EA5AA126B2BD9B003E1542A3D71D7CF0D3C8AF3E780C9C9E84A654597A0F3A1B1B8D9815B62610C52C2F161CF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....B..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^YDy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 30 14:10:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.004487695010272
Encrypted:	false
SSDEEP:
MD5:	7E02E16A6C81C62FBF7732777911C4EB
SHA1:	ABDA716F000380EB6C4D995AE4F29E77C27004D5
SHA-256:	38CBD5AD440D47C7A1C8D961F0CCC02FFEB3F5E87C72E59BCE79B909193DB99E
SHA-512:	9B723EBE44D19A70560726772B7D90BB9F1D9A36B35C42CB8CC89E4BEA75E3123441C28B85A04102AFB2C406DCE19116563D7177EA5DF413E107F7B1290463D0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I^Y&y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V^YBy....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V^YBy....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V^YBy...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V^YDy...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........RF.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.457713458730881
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	msedge.exe
File size:	3'856'456 bytes
MD5:	a612491f651737fbc1f3d82946fe1b87
SHA1:	1addddfb5d7a9f894aa6855a645f80d79d9bfbb2
SHA256:	ebdac9115889135eb8ce602c9ae0eeecaf6ac9e6dcd144b496da4339fa9d90aa
SHA512:	8777c9a59565cef60ff40c9331d1e6cc4982131c82433d212ddfbfe30777429e7a8edd42c8fb94004ed7cf1c8fd8fb774523b7e9647f86eed8967bc3e9855034
SSDEEP:	49152:OATbVIV0PkZrO283RWFEuyZKTCTs5EmTgFWxEATeuQOu2H2y/Ba:hFYRf5EyNP5A
TLSH:	39064903B29944D8D159C074CE1A8232EB617C8D47F162EF3690B7EA2A77AD47B3DB11
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....g.g..........".......&.........@..........@..............................;......!;...`........................................

Static PE Info

General

Entrypoint:	0x14012f440
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x671967F8 [Wed Oct 23 21:17:44 2024 UTC]
TLS Callbacks:	0x400ceba0, 0x1, 0x4012e4c0, 0x1, 0x400d8c80, 0x1, 0x4012dbb0, 0x1, 0x4009f310, 0x1, 0x400da470, 0x1
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	33a61b2a9e924e0969684bc29f104182

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	22/08/2024 21:26:44 20/08/2025 21:26:44
Subject Chain	CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	FB871CDFBD500B74EE2AFA5A776E78E2
Thumbprint SHA-1:	04A696B6B949498D3DE9343B11BBFBA471539735
Thumbprint SHA-256:	0F619AD69C4C3DF0CBD718DB3AC011E0A774E8E7FCD3A549DCF735ABE6E6D71B
Serial:	33000003FE6BCEDAD6C80303A30000000003FE

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F2538C71DB0h
dec eax
add esp, 28h
jmp 00007F2538C71C1Fh
int3
int3
dec eax
mov dword ptr [esp+18h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 30h
dec eax
mov eax, dword ptr [001A8BD8h]
dec eax
mov ebx, 2DDFA232h
cdq
sub eax, dword ptr [eax]
add byte ptr [eax+3Bh], cl
ret
jne 00007F2538C71E16h
dec eax
and dword ptr [ebp+10h], 00000000h
dec eax
lea ecx, dword ptr [ebp+10h]
call dword ptr [0019C4EAh]
dec eax
mov eax, dword ptr [ebp+10h]
dec eax
mov dword ptr [ebp-10h], eax
call dword ptr [0019C394h]
mov eax, eax
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [0019C370h]
mov eax, eax
dec eax
lea ecx, dword ptr [ebp+18h]
dec eax
xor dword ptr [ebp-10h], eax
call dword ptr [0019C680h]
mov eax, dword ptr [ebp+18h]
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
shl eax, 20h
dec eax
xor eax, dword ptr [ebp+18h]
dec eax
xor eax, dword ptr [ebp-10h]
dec eax
xor eax, ecx
dec eax
mov ecx, FFFFFFFFh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2cad49	0x87	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2cadd0	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x311000	0xaa9c8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x2f3000	0x12648	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x3ab000	0x2848	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x3bc000	0x2bdc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2c7268	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2c6fa0	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x26e0d0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2cb608	0x7e8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x2c97f0	0x220	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x26c5cd	0x26c600	40da860763622e8ee85ae6e6ef027d24	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x26e000	0x69df4	0x69e00	5a5038bf58a158abe167b1ba65ec0d8f	False	0.28692259445100354	data	5.461943369134241	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2d8000	0x1ab38	0xfa00	ad735fcc5e3f53fad39cbec2eb9f39fd	False	0.03571875	data	1.4765327828130008	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x2f3000	0x12648	0x12800	abe3981401e41fec0cd7c7bae2983500	False	0.4977169552364865	data	6.150233583398378	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gxfg	0x306000	0x30d0	0x3200	2b30569a968099f60808c8c5719bd688	False	0.409921875	data	5.158488069338799	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.retplne	0x30a000	0xc4	0x200	bbbf11c1ed47d4045bd53176b7706b50	False	0.140625	data	1.5657738066634928
.tls	0x30b000	0x249	0x400	abfe6b529026b8ecdf82ba14a764233a	False	0.0439453125	data	0.21447604792517	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
CPADinfo	0x30c000	0x38	0x200	60d3ea61d541c9be2e845d2787fb9574	False	0.04296875	data	0.12227588125913882	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
LZMADEC	0x30d000	0x11f1	0x1200	05e9eab8428a551a281ab278073669fa	False	0.3461371527777778	data	6.061983420666291	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
_RDATA	0x30f000	0x1f4	0x200	058e796159da2479b366f1b0c2d4d684	False	0.53515625	data	4.146269481955936	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
malloc_h	0x310000	0xdb	0x200	bcd70a2806ebbe1df94817f41af831f5	False	0.4140625	data	3.4813158937581736	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x311000	0xaa9c8	0xaaa00	94b105abf9d57ef647e77a634d0a8989	False	0.4092591002747253	data	5.418077591216621	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x3bc000	0x2bdc	0x2c00	11cd5deea543fc7151a53743c4991745	False	0.3425958806818182	data	5.451983039296359	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
EDPENLIGHTENEDAPPINFOID	0x3ab7d0	0x2	data	English	United States	5.0
EDPPERMISSIVEAPPINFOID	0x3ab7d8	0x2	data	English	United States	5.0
GOOGLEUPDATEAPPLICATIONCOMMANDS	0x3ab7c8	0x4	data	English	United States	3.0
LIMITEDACCESSFEATURE	0x3ab7e0	0x36	data	English	United States	1.0555555555555556
RT_CURSOR	0x3abc58	0x134	data			0.4837662337662338
RT_CURSOR	0x3abda8	0x134	data			0.22402597402597402
RT_CURSOR	0x3abef8	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"			0.2077922077922078
RT_CURSOR	0x3ac048	0x134	data			0.461038961038961
RT_CURSOR	0x3ac198	0x134	data			0.39935064935064934
RT_CURSOR	0x3ac2d0	0xcac	data			0.08446362515413071
RT_CURSOR	0x3acfa8	0x134	data			0.32142857142857145
RT_CURSOR	0x3ad0e0	0xcac	data			0.06103575832305795
RT_CURSOR	0x3addb8	0x134	Targa image data 64 x 65536 x 1 +32 "\001"			0.2597402597402597
RT_CURSOR	0x3adef0	0x434	data			0.09479553903345725
RT_CURSOR	0x3ae350	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03280224929709466
RT_CURSOR	0x3af418	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07966260543580131
RT_CURSOR	0x3b04e0	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07872539831302718
RT_CURSOR	0x3b15a8	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.07591377694470477
RT_CURSOR	0x3b2670	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03420805998125586
RT_CURSOR	0x3b3738	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03655107778819119
RT_CURSOR	0x3b4800	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03795688847235239
RT_CURSOR	0x3b58c8	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03303655107778819
RT_CURSOR	0x3b6990	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.036785379568884724
RT_CURSOR	0x3b7a58	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.03608247422680412
RT_CURSOR	0x3b8b20	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.042877225866916585
RT_CURSOR	0x3b9be8	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"			0.23376623376623376
RT_CURSOR	0x3b9d38	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"			0.1590909090909091
RT_CURSOR	0x3b9e88	0x134	data			0.3181818181818182
RT_CURSOR	0x3b9fd8	0x134	data			0.30194805194805197
RT_CURSOR	0x3ba128	0x10ac	Targa image data 64 x 65536 x 1 +32 " "			0.06443298969072164
RT_CURSOR	0x3bb1f0	0x134	Targa image data 64 x 65536 x 1 +32 "\001"			0.2922077922077922
RT_CURSOR	0x3bb340	0x134	Targa image data 64 x 65536 x 1 +32 "\001"			0.2077922077922078
RT_ICON	0x313680	0x6fd1	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9973449781659388
RT_ICON	0x31a658	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.36620217288615964
RT_ICON	0x31e880	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.4182572614107884
RT_ICON	0x320e28	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.4485207100591716
RT_ICON	0x322890	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.5117260787992496
RT_ICON	0x323938	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5745901639344262
RT_ICON	0x3242c0	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.6540697674418605
RT_ICON	0x324978	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7145390070921985
RT_ICON	0x324e58	0x30	Device independent bitmap graphic, 1 x 2 x 24, image size 0, resolution 96 x 96 px/m	English	United States	0.6041666666666666
RT_ICON	0x324ea0	0x30	Device independent bitmap graphic, 1 x 2 x 24, image size 0, resolution 96 x 96 px/m	English	United States	0.6041666666666666
RT_ICON	0x324ee8	0x30	Device independent bitmap graphic, 1 x 2 x 24, image size 0, resolution 96 x 96 px/m	English	United States	0.6041666666666666
RT_ICON	0x324f30	0x6ac1	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9978045299864613
RT_ICON	0x32b9f8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.3499645725082664
RT_ICON	0x32fc20	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.40767634854771784
RT_ICON	0x3321c8	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.4372781065088757
RT_ICON	0x333c30	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4950750469043152
RT_ICON	0x334cd8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5561475409836065
RT_ICON	0x335660	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.6302325581395349
RT_ICON	0x335d18	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6826241134751773
RT_ICON	0x3361f8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.2273454157782516
RT_ICON	0x3370a0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.34657039711191334
RT_ICON	0x337948	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.5043352601156069
RT_ICON	0x337eb0	0x7c8	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.8699799196787149
RT_ICON	0x338678	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.06182572614107884
RT_ICON	0x33ac20	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.09849906191369606
RT_ICON	0x33bcc8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.23138297872340424
RT_ICON	0x33c198	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	United States	0.2273454157782516
RT_ICON	0x33d040	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	United States	0.34657039711191334
RT_ICON	0x33d8e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	United States	0.5043352601156069
RT_ICON	0x33de50	0x7c8	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.8699799196787149
RT_ICON	0x33e618	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.06182572614107884
RT_ICON	0x340bc0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.09849906191369606
RT_ICON	0x341c68	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.23138297872340424
RT_ICON	0x342138	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.29521276595744683
RT_ICON	0x3425a0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m	English	United States	0.24180327868852458
RT_ICON	0x342f28	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.17096622889305815
RT_ICON	0x343fd0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.12064315352697096
RT_ICON	0x346578	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m	English	United States	0.09098960793575815
RT_ICON	0x34a7a0	0xc6f	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.9710964498900408
RT_ICON	0x34b410	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 2835 x 2835 px/m	English	United States	0.28604651162790695
RT_ICON	0x34bb30	0x68f0	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9981015485407981
RT_ICON	0x352420	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.34506376948512046
RT_ICON	0x356648	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.40103734439834027
RT_ICON	0x358bf0	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.4292899408284024
RT_ICON	0x35a658	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4906191369606004
RT_ICON	0x35b700	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5491803278688525
RT_ICON	0x35c088	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.6191860465116279
RT_ICON	0x35c740	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6781914893617021
RT_ICON	0x35cc20	0x68e7	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.998398808415565
RT_ICON	0x363508	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.346126594237128
RT_ICON	0x367730	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.4029045643153527
RT_ICON	0x369cd8	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.4325443786982249
RT_ICON	0x36b740	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4981238273921201
RT_ICON	0x36c7e8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5549180327868852
RT_ICON	0x36d170	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.6168604651162791
RT_ICON	0x36d828	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6560283687943262
RT_ICON	0x36dd08	0x6fd1	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9973449781659388
RT_ICON	0x374ce0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.36620217288615964
RT_ICON	0x378f08	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.4182572614107884
RT_ICON	0x37b4b0	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.4485207100591716
RT_ICON	0x37cf18	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.5117260787992496
RT_ICON	0x37dfc0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5745901639344262
RT_ICON	0x37e948	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.6540697674418605
RT_ICON	0x37f000	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.7145390070921985
RT_ICON	0x37f4e0	0x18de	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9696826892868363
RT_ICON	0x380dc0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.08974964572508266
RT_ICON	0x384fe8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.12935684647302906
RT_ICON	0x387590	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.16553254437869822
RT_ICON	0x388ff8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.21106941838649157
RT_ICON	0x38a0a0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.29508196721311475
RT_ICON	0x38aa28	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.33313953488372094
RT_ICON	0x38b0e0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.4592198581560284
RT_ICON	0x38b5c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.2898936170212766
RT_ICON	0x38ba28	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2835 x 2835 px/m	English	United States	0.2372950819672131
RT_ICON	0x38c3b0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.16557223264540338
RT_ICON	0x38d458	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.11587136929460581
RT_ICON	0x38fa00	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m	English	United States	0.08638403401039206
RT_ICON	0x393c28	0xb41	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.96667823672336
RT_ICON	0x394770	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 2835 x 2835 px/m	English	United States	0.28081395348837207
RT_ICON	0x394e90	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.20212765957446807
RT_ICON	0x3952f8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.09779549718574108
RT_ICON	0x3963a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.06203319502074689
RT_ICON	0x398948	0x823	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.8502160345655305
RT_ICON	0x3991b0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.17375886524822695
RT_ICON	0x399618	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.0799718574108818
RT_ICON	0x39a6c0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.05653526970954357
RT_ICON	0x39cc68	0x727	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.8383397050791916
RT_ICON	0x39d3d0	0x85a	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.7974742750233863
RT_ICON	0x39dc30	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.03184647302904564
RT_ICON	0x3a01d8	0x330	Device independent bitmap graphic, 48 x 96 x 1, image size 0	English	United States	0.10661764705882353
RT_ICON	0x3a0508	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.04854596622889306
RT_ICON	0x3a15b0	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0	English	United States	0.24013157894736842
RT_ICON	0x3a16e0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.10638297872340426
RT_ICON	0x3a1b48	0xb0	Device independent bitmap graphic, 16 x 32 x 1, image size 0	English	United States	0.3181818181818182
RT_ICON	0x3a1c60	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.324468085106383
RT_ICON	0x3a20c8	0x136a	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.9925553319919517
RT_ICON	0x3a3438	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.18316135084427768
RT_ICON	0x3a44e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.13858921161825727
RT_ICON	0x3a6ac8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.2570921985815603
RT_ICON	0x3a6f30	0x1202	PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced	English	United States	0.9960954446854664
RT_ICON	0x3a8138	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.1477485928705441
RT_ICON	0x3a91e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.10975103734439834
RT_GROUP_CURSOR	0x3abd90	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x3abee0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x3ac030	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3ac180	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3acf80	0x22	Lotus unknown worksheet or configuration, revision 0x2			1.0
RT_GROUP_CURSOR	0x3add90	0x22	Lotus unknown worksheet or configuration, revision 0x2			1.0
RT_GROUP_CURSOR	0x3ae328	0x22	Lotus unknown worksheet or configuration, revision 0x2			0.9705882352941176
RT_GROUP_CURSOR	0x3af400	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b04c8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b1590	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b2658	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b3720	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b47e8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b58b0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b6978	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b7a40	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b8b08	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b9bd0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3b9d20	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3b9e70	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3b9fc0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3ba110	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3bb1d8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.2
RT_GROUP_CURSOR	0x3bb328	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3bb478	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_ICON	0x324de0	0x76	data	English	United States	0.7542372881355932
RT_GROUP_ICON	0x324e88	0x14	data	English	United States	1.2
RT_GROUP_ICON	0x324ed0	0x14	data	English	United States	1.2
RT_GROUP_ICON	0x324f18	0x14	data	English	United States	1.2
RT_GROUP_ICON	0x336180	0x76	data	English	United States	0.7457627118644068
RT_GROUP_ICON	0x33c130	0x68	data	English	United States	0.7019230769230769
RT_GROUP_ICON	0x3420d0	0x68	data	English	United States	0.6923076923076923
RT_GROUP_ICON	0x34bac8	0x68	data	English	United States	0.7980769230769231
RT_GROUP_ICON	0x35cba8	0x76	data	English	United States	0.7372881355932204
RT_GROUP_ICON	0x36dc90	0x76	data	English	United States	0.7457627118644068
RT_GROUP_ICON	0x37f468	0x76	data	English	United States	0.7542372881355932
RT_GROUP_ICON	0x38b548	0x76	data	English	United States	0.7457627118644068
RT_GROUP_ICON	0x394e28	0x68	data	English	United States	0.7980769230769231
RT_GROUP_ICON	0x399170	0x3e	data	English	United States	0.8548387096774194
RT_GROUP_ICON	0x39d390	0x3e	data	English	United States	0.8548387096774194
RT_GROUP_ICON	0x3a1bf8	0x68	data	English	United States	0.7115384615384616
RT_GROUP_ICON	0x3a6a88	0x3e	data	English	United States	0.8548387096774194
RT_GROUP_ICON	0x3ab788	0x3e	data	English	United States	0.8548387096774194
RT_VERSION	0x3ab818	0x43c	data	English	United States	0.4317343173431734
RT_MANIFEST	0x3bb490	0x531	XML 1.0 document, ASCII text, with very long lines (1215)	English	United States	0.4657637321294206

Imports

DLL	Import
msedge_elf.dll	GetElfCommandLine, GetInstallDetailsPayload, IsBrowserProcess, IsExtensionPointDisableSet, SignalChromeElf, SignalInitializeCrashReporting
KERNEL32.dll	AcquireSRWLockExclusive, AddVectoredExceptionHandler, AssignProcessToJobObject, CloseHandle, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreW, CreateThread, CreateToolhelp32Snapshot, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameExW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetThreadPriorityBoost, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserDefaultUILanguage, GetUserGeoID, GetVersionExW, GetWindowsDirectoryW, GlobalMemoryStatusEx, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, K32GetPerformanceInfo, K32GetProcessMemoryInfo, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenProcess, OpenThread, OutputDebugStringA, PeekNamedPipe, PostQueuedCompletionStatus, PrefetchVirtualMemory, Process32FirstW, Process32NextW, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, RemoveVectoredExceptionHandler, ReplaceFileW, ResetEvent, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetDefaultDllDirectories, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetProcessMitigationPolicy, SetProcessShutdownParameters, SetStdHandle, SetThreadAffinityMask, SetThreadInformation, SetThreadPriority, SetThreadPriorityBoost, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWait, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory
ntdll.dll	RtlInitUnicodeString

Exports

Name	Ordinal	Address
GetHandleVerifier	1	0x14008fef0
GetPakFileHashes	2	0x14018c9c0
IsSandboxedProcess	3	0x14008fea0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report msedge.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4108d847-4124-4719-8199-7af90c61578f.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\9f4a73b0-02d3-4f58-a8f6-06943b1004cd.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67224C7D-1850.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\337fe747-bd3e-4c1a-a3bd-fe989aa06a44.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\614dae87-3f8d-4db6-bce2-f4571cfd33a4.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\81748485-c38e-49c0-a931-aa61634ee627.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\82941a74-c9f7-4ade-a82a-516d8ebc0439.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\12c48195-e3de-4962-9aa2-3f5170a1a912.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7d6f6221-c5d4-4522-bde9-d36ea1b37e38.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Windows Analysis Report
msedge.exe