Automated Malware Analysis Report For

ID: 453517 Cookbook: browseurl.jbs Time: 00:54:49 Date: 24/07/2021 Version: 33.0.0 White Diamond Table of Contents

Table of Contents 2 Windows Analysis Report https://odlinks.govdelivery.com/track? type=click&enid=bWFpbGluZ2lkPTM1MTQ1NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0NTY2OTAmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFscGhhY2FyZC5jb20mdXNlcmlkPTQxMDg1MjQxNiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&http://f- or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20= 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Jbx Signature Overview 3 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 6 URLs 6 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 7 Public 7 Private 7 General Information 7 Simulations 7 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Created / dropped Files 8 Static File Info 38 No static file info 38 Network Behavior 38 Network Port Distribution 38 TCP Packets 38 UDP Packets 38 DNS Queries 38 DNS Answers 39 HTTP Request Dependency Graph 39 HTTP Packets 39 HTTPS Packets 41 Code Manipulations 41 Statistics 41 Behavior 41 System Behavior 41 Analysis Process: chrome.exe PID: 2408 Parent PID: 2160 41 General 41 File Activities 42 Registry Activities 42 Analysis Process: chrome.exe PID: 3880 Parent PID: 2408 42 General 42 File Activities 42 Disassembly 42

Copyright Joe Security LLC 2021 Page 2 of 42 Windows Analysis Report https://odlinks.govdelivery.co…m/track?type=click&enid=bWFpbGluZ2lkPTM1MTQ1NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0NTY2OTAmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFscGhhY2FyZC5jb20mdXNlcmlkPTQxMDg1MjQxNiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&http://f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=

Overview

General Information Detection Signatures Classification

Sample URL: https://odlinks.govdelivery. com/track?type=click&enid YYaarrraa ddeettteeccttteedd CCaapptttcchhaa PPhhiiisshh =bWFpbGluZ2lkPTM1MT Yara detected Captcha Phish Q1N...Ym&&&100&&&f-or. online/?sp=YnJ1Y2UuYnJl Y2hlaXNlbkBzZWFib2FyZ Ransomware G1hcmluZS5jb20= Miner Spreading Analysis ID: 453517

mmaallliiiccciiioouusss

malicious

Infos: Evader Phishing sssuusssppiiiccciiioouusss

suspicious

cccllleeaann Most interesting Screenshot: clean

Exploiter Banker

Captcha Phish Spyware Trojan / Bot

Adware

Score: 48 Range: 0 - 100 Whitelisted: false Confidence: 100%

Process Tree

System is w10x64 chrome.exe (PID: 2408 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://odlinks.govdelivery.com/track?type=cl ick&enid=bWFpbGluZ2lkPTM1MTQ1NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0NTY2OTAmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFsc GhhY2FyZC5jb20mdXNlcmlkPTQxMDg1MjQxNiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&http://f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZ G1hcmluZS5jb20=' MD5: C139654B5C1438A95B321BB01AD63EF6) chrome.exe (PID: 3880 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle= 1540,16795447826492151838,15520115229080165850,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle= 1740 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Yara detected Captcha Phish

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 3 OS System Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Service Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 2 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 3 Location Cloud Data Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS System Distributed Input Scheduled Ingress SIM Card Carrier Accounts (Mac) Script Network Component Capture Transfer Tool Swap Billing (Mac) Configuration Object Model Transfer 1 Fraud Discovery

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 453517 Process URL: https://odlinks.govdelivery... Startdate: 24/07/2021 Signature Architecture: WINDOWS Created File Score: 48 DNS/IP Info Is Dropped

clientconfig.passport.net Is Windows Process

Number of created Registry Values started Number of created Files Yara detected Captcha Phish Visual Basic Delphi

Java chrome.exe .Net C# or VB.NET

C, C++ or other language 14 397 Is malicious

Internet

192.168.2.1 239.255.255.250 unknown unknown started unknown Reserved

chrome.exe

odlinks-dc3.govdelivery.com clients.l.google.com

66.117.61.23, 443, 49709 142.250.203.110, 443, 49707, 54367 10 other IPs or domains QTS-ASHUS GOOGLEUS United States United States

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://odlinks.govdelivery.com/track? 0% Avira URL Cloud safe type=click&enid=bWFpbGluZ2lkPTM1MTQ1NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0NTY2OTA mZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFscGhhY2FyZC5jb20mdXNl cmlkPTQxMDg1MjQxNiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&f-or.online/? sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=

Dropped Files

No Antivirus matches

Unpacked PE Files

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link f-or.online 0% Virustotal Browse f-or.online 0% Avira URL Cloud safe f-or.online/ 0% Virustotal Browse f-or.online/ 0% Avira URL Cloud safe f-or.online/main/Redirecting... 0% Avira URL Cloud safe https://www.google.comh 0% Avira URL Cloud safe https://dns.google 0% URL Reputation safe f-or.onlineh 0% Avira URL Cloud safe https://www.google.com; 0% Avira URL Cloud safe f- 0% Avira URL Cloud safe or.online/main/main.php#aw6B8r8pgYWfWYs1qZDtoAYyQw1Z7EyiaFTi61Im0FBXD3Y33Cwscv121229 GArRfla f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=Redirecting.../&p 0% Avira URL Cloud safe f-or.online/main/Redirecting.../&p 0% Avira URL Cloud safe f-or.online/main/2 0% Avira URL Cloud safe f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=Redirecting... 0% Avira URL Cloud safe f-or.online/favicon.ico 0% Avira URL Cloud safe https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external 0% URL Reputation safe f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=2 0% Avira URL Cloud safe f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20= 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation stackpath.bootstrapcdn.com 104.18.10.207 true false high gstaticadssl.l.google.com 172.217.168.3 true false high accounts.google.com 172.217.168.45 true false high f-or.online 107.172.168.195 true false unknown www.google.com 172.217.168.68 true false high clients.l.google.com 142.250.203.110 true false high googlehosted.l.googleusercontent.com 142.250.203.97 true false high odlinks-dc3.govdelivery.com 66.117.61.23 true false high clients2.googleusercontent.com unknown unknown false high clients2.google.com unknown unknown false high clientconfig.passport.net unknown unknown false unknown odlinks.govdelivery.com unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://www.google.com/recaptcha/api2/bframe? false high hl=en&v=Iwg4ANhK7Iu8SHToSsE0E20K&k=6Ld4RlQbAAAAAAdw24hj626TcscKtdSJg4rk9ok z&cb=m0lp9gkdynq6 f-or.online/main/ false unknown https://www.google.com/recaptcha/api2/anchor? false high ar=1&k=6Ld4RlQbAAAAAAdw24hj626TcscKtdSJg4rk9okz&co=aHR0cDovL2Ytb3Iub25saW5l Ojgw&hl=en&v=Iwg4ANhK7Iu8SHToSsE0E20K&size=normal&cb=we7u2ncbryz6 f-or.online/main/ true unknown f-or.online/favicon.ico false Avira URL Cloud: safe unknown f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20= false Avira URL Cloud: safe unknown

URLs from Memory and Binaries

Public

IP Domain Country Flag ASN ASN Name Malicious 104.18.10.207 stackpath.bootstrapcdn.co United States 13335 CLOUDFLARENETUS false m 142.250.203.110 clients.l.google.com United States 15169 GOOGLEUS false 66.117.61.23 odlinks- United States 29748 QTS-ASHUS false dc3.govdelivery.com 107.172.168.195 f-or.online United States 36352 AS-COLOCROSSINGUS false 172.217.168.68 www.google.com United States 15169 GOOGLEUS false 172.217.168.45 accounts.google.com United States 15169 GOOGLEUS false 142.250.203.97 googlehosted.l.googleuser United States 15169 GOOGLEUS false content.com 239.255.255.250 unknown Reserved unknown unknown false 172.217.168.3 gstaticadssl.l.google.com United States 15169 GOOGLEUS false

Private

IP 192.168.2.1 127.0.0.1

General Information

Joe Sandbox Version: 33.0.0 White Diamond Analysis ID: 453517 Start date: 24.07.2021 Start time: 00:54:49 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 47s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://odlinks.govdelivery.com/track?type=click&enid=bWFpbGluZ2lkPTM1MTQ1NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0 NTY2OTAmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFscGhhY2FyZC5jb20mdXNlcmlkPTQxMDg1MjQx NiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5 jb20= Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes 17 analysed: Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: MAL Classification: mal48.phis.win@30/171@8/11 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All

Simulations

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 451603 Entropy (8bit): 5.009711072558331 Encrypted: false SSDEEP: 12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ MD5: A78AD14E77147E7DE3647E61964C0335 SHA1: CECC3DD41F4CEA0192B24300C71E1911BD4FCE45 SHA-256: 0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA SHA-512: DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA83211 01 Malicious: false Reputation: low Preview: BDic...... 6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR. AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GM DS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\9605733a-55c6-4b84-ab7f-72e694fe71cb.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 174697 Entropy (8bit): 6.079154106331787 Encrypted: false SSDEEP: 3072:sScPcIds3aLx+70pk1ZmC+ScFnslhWMSIyWsSFTkSCFcbXafIB0u1GOJmA3iuRY:ZcEIdUwxZk1IEchUh/GQgaqfIlUOoSid Copyright Joe Security LLC 2021 Page 8 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\9605733a-55c6-4b84-ab7f-72e694fe71cb.tmp MD5: 6FB241D2A8CE75E7C8CB9EB8E52226DC SHA1: 982B9C4F2124C00D7D39CC822EFED45FF4AF6D03 SHA-256: A1B3BFBCB256CBF62B87CBA82A12701BFA0A5A1B5EB00BA8E9D41D019DB2D154 SHA-512: CCE8524BBAEC024BE3ACFD64FB30AFACE3A49D283256E2C945CE55C46C76A06B084F8B6E73078EB356CA0EDA1989B2F0FC02BCD5EC150DB9EBCF2CD2551A B66F Malicious: false Reputation: low Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"use r":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627113344386948e+12,"network":1.627080946e+12,"ticks":3846907073.0,"uncertainty":3595723.0}},"os_crypt":{"encrypted_key":"R FBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkpp Nr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAn S1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_ma nager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 120 Entropy (8bit): 3.254162526001658 Encrypted: false SSDEEP: 3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n MD5: E9224A19341F2979669144B01332DF59 SHA1: F7F760C7104457DF463306A7F7BAE0142EFCEB5B SHA-256: 47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE SHA-512: 4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC Malicious: false Reputation: low Preview: sdPC...... s}.....M..2.!..%sdPC...... s}.....M..2.!..%sdPC...... s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\10822f25-a9ec-4daf-a559-79e7381bd6d6.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 22594 Entropy (8bit): 5.536082666747615 Encrypted: false SSDEEP: 384:zEttrLl5WXB1kXqKf/pUZNCgVLH2HfD5rU2HGfnT/NCpy4O:cLl2B1kXqKf/pUZNCgVLH2HflrUWGfn7 MD5: 507D43EA56D3A595C7FDDEA8347815F2 SHA1: 772E1C8D28174ECDE9EF76658C52C977AD570DFC SHA-256: FDA48A58C690537A50BFDBDD80FF044CFD3503E09FAB6AA856A317A613CF8DA6 SHA-512: F919907DE37799EF057E0B1C5DC7C2FB5F81ABBD26B444E1F2A7F23FE663C580EFF0DA70A3B66B7429AA8C6178961F3E1549090E194E9F475DCDB02389F1A236 Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271586941930555","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ec40f73-feb9-405e-b82b-da81257cc035.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21

Copyright Joe Security LLC 2021 Page 9 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4ec40f73-feb9-405e-b82b-da81257cc035.tmp Malicious: false Reputation: low Preview: .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\581d719d-b6f0-486d-9793-e12575c9de53.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 22596 Entropy (8bit): 5.536166330946231 Encrypted: false SSDEEP: 384:zEttmLl5WXB1kXqKf/pUZNCgVLH2HfD5rU2HGknTENRpy44:/Ll2B1kXqKf/pUZNCgVLH2HflrUWGknL MD5: 4BB7208A94A8D78CC1F959D3301507E7 SHA1: 18012732CA9EBCEB1B834670801BE8FE4CB3C0D0 SHA-256: 9E13D8E28AA88C0853588FF80D29BCAF06006A2856372211D354DC69A8BF12C3 SHA-512: 3BE9CAF90E3C4A70498B144DF32188A49A22164FDB7504F2528F38B7F26C7419205B409FBB20F7E5C473AE205921E366C7108DFFC86E73118933AA93CB9CD1B4 Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271586941930555","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\63a523b0-123d-4bd3-865c-dea3726d125e.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 5930 Entropy (8bit): 5.194948157544161 Encrypted: false SSDEEP: 96:nKCg/mMdBncKIqtok0JCERWL8BkT18bOTQVuwn:nKCtMncYM4EYMkTE MD5: 13906433124ACED447E2FA813EB48361 SHA1: 9DFB23E84FC765A354EB20F226A3176532B358F4 SHA-256: F0DBC5CB0276216F596B8773F4F977E110FD065F22C8E350E7BC0EF5E915E157 SHA-512: B99245E40C0212CF3A71E45BE6F93967D0527A1E0BD82190A5FFAEF14F7150BCBEA05A80852F034469535C2BC26AF87B1584234412E2C55119DAD2E7B2791E45 Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271586942219136","alternate_error_pages":{"backup":true},"announcement_notification_ser vice_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser _infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_pl acement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"co untryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0" ,"0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\97b431b2-bafa-4f57-8fc6-6fda025f51f2.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 1206 Entropy (8bit): 5.568171246213066 Encrypted: false SSDEEP: 24:YtIRqqeUJM6H0UhVsTG1KUerkq/HeUeXby2qUeXvvs7wUeXV2RUenHQ:Y+cRUJM6UUhVseKUewqPeUer2Uefv6wF MD5: 65CEA5249D9D3213E179603C38D199BA SHA1: 9B4F117BA36F16E7763EAE58F44FCBC0DA8D561A SHA-256: B773095FC2EA73EC7B63C6FCB07380B6A948D64A16A49166089A3C0A942A3BB4 SHA-512: A3362D2BD566A6F7847C1E78117A92ED1B1657604F7F2BF58D948A5AA36945BEE9FD493779B6F9C12EF9EFB9F34BA168A72A62F814BFCBCFC1BA0F71ECD28FB 0 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 10 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\97b431b2-bafa-4f57-8fc6-6fda025f51f2.tmp Preview: {"expect_ct":[],"sts":[{"expiry":1658649346.531618,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains" :true,"sts_observed":1627113346.531624},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_in clude_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"forc e-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kD M=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8 WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1633014091.875486,"host":"8/RrMmQ lCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 334 Entropy (8bit): 5.254305935079729 Encrypted: false SSDEEP: 6:mhUhIq2PWXp+N23iKKdK9RXXTZIFUtpGsZZmwPGszkwOWXp+N23iKKdK9RXX5LJ:WUhIva5Kk7XT2FUtpGsZ/PGsz5f5Kk73 MD5: 0D8E4BFFFCF7429A5C084D1577F4AD40 SHA1: EE89E0FF99A07C0162866F87722BE6F24018B156 SHA-256: 5F99E01609BDB6BEE4E5196DAEC0F39C9D1F98B93F025962534CC07CA0211764 SHA-512: DC83E15D6183744A594AC066AA414F4B349277467515C87DDD1B02594D18B8344C0902885C45EEED194532F4971512943F1D5C11C031F0366B8D2A5368CC64F5 Malicious: false Reputation: low Preview: 2021/07/24-00:55:49.360 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/ 07/24-00:55:49.362 1a94 Recovering log #3.2021/07/24-00:55:49.362 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrik eDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 318 Entropy (8bit): 5.224383954237105 Encrypted: false SSDEEP: 6:mhPbFIq2PWXp+N23iKKdKyDZIFUtpGkLZmwPGfzkwOWXp+N23iKKdKyJLJ:WPCva5Kk02FUtpGu/PGL5f5KkWJ MD5: E9F49E930E3549CF7001142B5D539BFF SHA1: B1F5376652210243C5285B4CC3DBD98527ACE034 SHA-256: FF4E8FE1F345A561C95ABAD425D6057B6BF6D058A35C8C409A0F9A759713A6DD SHA-512: C02742391777ECE811B5F841DBD2DD57DD2B19EC880422BC56691B3EF1BA3C122692C13E22C7E1AA2F9802513E339308C3E980E3A54B9563200B526A3B2E2971 Malicious: false Reputation: low Preview: 2021/07/24-00:55:49.305 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/24-00 :55:49.306 1a94 Recovering log #3.2021/07/24-00:55:49.307 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatab ase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3429192b9f07e608_0 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 241 Entropy (8bit): 5.608628913479603 Encrypted: false SSDEEP: 6:mZ+sPYGLKdXNQKHh40Q1XbvYwl5FgDwkw8b4iK6t:uGhNQKHhjQ1LwylkZL MD5: C2FAC7423E9D0647F9F4819B48CB9DEB SHA1: 74C6A959224E2C07C28DFED4C57EC6054F5D8910 SHA-256: 7655C1121B0AF16A8A8FA0A4C34E69B4AAB32E21302F49AA44EFEE97BB2F7519 SHA-512: BA00528080FBEEBA4A41D9324F5D9D0A92ECBAFD911F39FEE3F7CC0E75AD38770C112483A7214A9307BED2C6A5712BD9FE82B158F4708E15DB226F705DD3E48 A Malicious: false Reputation: low Preview: 0\r..m...... m.....2)...._keyhttps://www.gstatic.com/recaptcha/releases/Iwg4ANhK7Iu8SHToSsE0E20K/recaptcha__en.js .http://f-or.online/...!p&/...... >MN.'..4. ..kb._.R>.{X.?cQ...;u=.A..Eo...... f.n...... A..Eo......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63ca0799ef4bc191_0 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data

Copyright Joe Security LLC 2021 Page 11 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63ca0799ef4bc191_0 Category: dropped Size (bytes): 373 Entropy (8bit): 5.924030843646699 Encrypted: false SSDEEP: 6:mbieYGLKdXNQKHh40Q1XbRuSFg0XjUB8H45kK6tUeNYa0twGNUB8H46t:dhNQKHhjQ1L8SLjdE2uBrwqdT MD5: 6DFD6848416422FEF4C4A12D7A9E07A1 SHA1: D116AA6062C2C37CCB01CFBA822DE86E564684CC SHA-256: 47D6563020D6984B47B42B7BCA07F4CB5D2BACF25F972C4FFE99FE22D54051D0 SHA-512: 6EE25621495BE6216510303FC784F8AB648B3A4416D996C2C282AE18CBFC8DB6FAC07D4E77E3A3D06E92E80A88769657397C5B7A8884915CC6B221CEF7011CC4 Malicious: false Reputation: low Preview: 0\r..m...... m...Aa...... _keyhttps://www.gstatic.com/recaptcha/releases/Iwg4ANhK7Iu8SHToSsE0E20K/recaptcha__en.js .https://google.com/...!p&/...... e...... uLj.8.*Z. ...=.cPJ..I2P{+.F....A..Eo...... #$...... A..Eo...... !p&/.....D5B11CFDE5C239130BF0B697E1845F3B116083643EBA2D0D15919568479D7FF3uLj.8.*Z....=.cP J..I2P{+.F....A..Eo...... y..L......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2308b99c109344c_0 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 439352 Entropy (8bit): 6.092278908167387 Encrypted: false SSDEEP: 6144:kw3cAy/TqdLa3rau/zE39L7pAtbAqYSkw89Bxl8B6n:ZPsTqd+3raxhp8Aq4xa4n MD5: AC9D56399793F1E3C9177A5B99189863 SHA1: 8858467B7405ED789D90975C3CA89F96306F6C9B SHA-256: 5A01C7634D69CA189DE2D616042CD7E22C1E1F37FF31B932AFB51D030F694F86 SHA-512: 353943FC423C826664A2F7B0D069FE0A3F881964E24CB16682C865B3626184489D390757BC93E9D7563E9D5DD12C5D5C054794230AACA47864DAE6CD2DAC8BC0 Malicious: false Reputation: low Preview: 0\r..m...... @.....!.....D5B11CFDE5C239130BF0B697E1845F3B116083643EBA2D0D15919568479D7FF3...... '..T....Ox...... $...... x...x...... x...... |...\...... <...... D...... @...... @...d...... X...... T...... 4...... l...... `...... X...... 0...... X...... 8...... P...... 4...0...... (S.<..`2.....L`.....(S...!..`.M...... L`...... %.Rc...... ~...... Qb...... r.....R....Qb.e.2....z.....Qb>.T.....D.....Qb.cR....Y.....Qb.+].....Z.....Qb.'...... xm....Qb...... WZ....Qb.+...... X3....Qb...... dR....Qbv..%....Un....Qb...(....wp....Qb~.4. ....QI....QbF...... uz....Qbz=...... x2....Qb.58....Kx....Qb*.(.....nx....Qb...... oI....Qb..E,....yu....QbnVX.....YI....Qb..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 312 Entropy (8bit): 4.8634996564679875 Encrypted: false SSDEEP: 6:GtZfSiolGK8MNsx7pbzQ3zbn3pHkQ+IRwHI+sn:kZa7JYzyz7V4hIFn MD5: 7E60CB362B4EEF5FAF27E2AAD4AD4271 SHA1: 8137E4F94826DFE0571A5FBFFD079AF8AD5B4E20 SHA-256: 5C30AFD8C967A68FDB89A7AFD3492041DA91158941686BECC4982A0D3FAF18B7 SHA-512: 325C2C94654B9291EB3BFA9460300C200484E8CE6D746A7C32B394EDF3B558E7F5C285A1D920005EA8070BA995DF50D1442A475D1DE3D0BC25ADCE3ADDECEE 8E Malicious: false Reputation: low Preview: 0.../..oy retne...... L4....0...!p&/...... K...c..!p&/...... +.)4...!p&/...... ^}.Np..@ikt../...... -..0..x@ikt../...... /...3.KPu../...... KPu../...... &<..\.O$.KPu../...... p..(....KPu../...... q....._.KPu../...... +

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: SQLite 3.x database, last written using SQLite version 3032001 Category: dropped Size (bytes): 12288 Entropy (8bit): 0.8246430133435042 Encrypted: false SSDEEP: 12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwaSEAdNbsGFB9mEp:TLyqJLbXaFpEO5bNmISHn06UwfEkNvp MD5: 250FAED5A8BEBBE6BAA400128AF0C250 SHA1: 5846B0FC8B06E62F489228C0817A3740411E6C77 SHA-256: E3EC7BB7AE0B7E6E0E504419840A45A5EEC2B186A564D3EE0ECF93B25D18F252

Copyright Joe Security LLC 2021 Page 12 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies SHA-512: 1F0E5498B5A4F663659477D3A90857DF3EBF3AAB51265FDF90EF88414EACAD5E51C182FE5521A524FB05B8E0857AE23700A22EC7EDD1C86E67EA308858FA9FE 2 Malicious: false Reputation: low Preview: SQLite format 3...... @ ...... C...... g... .8......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 12836 Entropy (8bit): 0.9689062978006805 Encrypted: false SSDEEP: 24:nCcLgAZOZD/hlqLbJLbXaFpEO5bNmISHn06UwM8:nC8NOZbq5LLOpEO5J/Kn7Un8 MD5: DCCB0EDB823510D4DD0E21DE4A536BE2 SHA1: B9883147E56633ABF87F50FEE147867FF4A6E3B1 SHA-256: 7EF624D816E1115F67DA3EDCFE0CC7B931CBA936E58943810BCB19E5E0D493FB SHA-512: 7AC72F166490C8A1FE39F79443F023E31A67CDC4AD68252C802C6E08D11045D14C75E3624A5D90035FD721D63E23F6AB6C7EA3B5C1272086624722B17764421A Malicious: false Reputation: low Preview: ...... '......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 10620 Entropy (8bit): 3.776501709038221 Encrypted: false SSDEEP: 192:3I1c2R+vhh2k2YrWUpDGhtYfQyxKj4UHnn9nEsnF5juYhJmo:b2EXzhSU4mQyxKj4knn9EsnWY7 MD5: 459602F03477B5BC97E30745905A1659 SHA1: 34BBA5E513BF8A33000C30973882C2A3AAD58FD3 SHA-256: 2D4827671D36B22A1FEE1556527A0679C5FA6E0D43D4B08E39262B5FE51BC790 SHA-512: 6EB628936B233031F5498266C03952FC1BDFD5F9C9AE75ABEC32E76602ABD8820BEA23ADA0D986C63CF9D8AACA6BF7FAD78A4F171176EF4008FE9527AA46E96 1 Malicious: false Reputation: low Preview: SNSS...... !...... 1..,...... $...5a2a7594_dc9f_4127_8261_fe0e007ae3e4...... (...... 5..0...... &...{524A03AB-861D-4591-9B4E-BDD69F9D425A}...... '..'...... http://f-or.online/main/....R.e.d.i.r.e.c.t.i.n.g...... T'..P'...... H'...... h...... `...... 0...... "...... #...... p...... &...... 8...... h.t.t.p.:././.f.-.o.r...o.n.l.i.n.e./.m.a.i.n./...... 8...... 0...... 0...... P...... h...0...... ?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0...... =.&...... 8...... h.t.t.p.:././.f.-.o.r...o.n.l.i.n.e./.m.a.i.n./.m.a .i.n...p.h.p.#.a.w.6.B.8.r.8.p.g.Y.W.f.W.Y.s.1.q.Z.D.t.o.A.Y.y.Q.w.1.Z.7.E.y.i.a.F.T.i.6.1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 8 Entropy (8bit): 1.8112781244591325 Encrypted: false SSDEEP: 3:3Dtn:3h MD5: 0686D6159557E1162D04C44240103333 SHA1: 053E9DB58E20A67D1E158E407094359BF61D0639 SHA-256: 3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB SHA-512: 884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C Malicious: false Reputation: low Preview: SNSS....

Copyright Joe Security LLC 2021 Page 13 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 164 Entropy (8bit): 4.391736045892206 Encrypted: false SSDEEP: 3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB MD5: 0A906A9A542CDF08FF50DAAF1D1E596E SHA1: B97D6274196F40874A368C265799F5FA78C52893 SHA-256: EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D SHA-512: 8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491 A Malicious: false Reputation: low Preview: .f.5...... i.Wd...... Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F...... F......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 320 Entropy (8bit): 5.201311487600558 Encrypted: false SSDEEP: 6:mhNXGk+q2PWXp+N23iKKdK8aPrqIFUtpGNXJWZmwPGNXEYNVkwOWXp+N23iKKdKc:WT+va5KkL3FUtpGjW/PGKYNV5f5KkQJ MD5: 8C9F2605FE835EEA14027A958B394BD7 SHA1: 40559A061255EC910BEDB11F60B901C1CC6939C1 SHA-256: 152B526269EEF1E953ECCEDB2269B22B3683FC8524D39BD4CC0AF066540F5516 SHA-512: F53D5CB17F1E88038EC8189C29017B0CFFD16DDB3087FF2207216E2CC3890DF51EFF3133B85CEBD5EF260733F8AFE9B7B340FE03628496C67A07D1594FF3758F Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.227 12cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/24-0 0:55:42.228 12cc Recovering log #3.2021/07/24-00:55:42.229 12cc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 570 Entropy (8bit): 1.8784775129881184 Encrypted: false SSDEEP: 6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW MD5: D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A SHA1: FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7 SHA-256: 99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6 SHA-512: 86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C 51 Malicious: false Reputation: low Preview: .f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f. 5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 320 Entropy (8bit): 5.264768804498317 Encrypted: false SSDEEP: 6:mh7QcM+q2PWXp+N23iKKdK8NIFUtpG74NJZmwPG7jocMVkwOWXp+N23iKKdK8+ed:W79M+va5KkpFUtpG70/PG7xMV5f5KkqJ MD5: 7849B24220623F08DA75B92AB9F7EAB0 SHA1: 813B3422DEBB36C9B980EDC71493CC0487DA4D75 SHA-256: 5595D49A66A9C345EC3FAAC4BC6A459725E4E0FB3FA98AD453811D1218378DAB

Copyright Joe Security LLC 2021 Page 14 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG SHA-512: F2035E0FE563490778271C3DAFCC1ED3FAEC27A22AD82A4343B988B9D6114C6FA652C65B43513F30983FB45308F6B3528A60DA1F2503986670DDBFA16FC56196 Malicious: false Reputation: low Preview: 2021/07/24-00:55:44.493 136c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/24-0 0:55:44.495 136c Recovering log #3.2021/07/24-00:55:44.497 136c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\comput ed_hashes.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 11217 Entropy (8bit): 6.069602775336632 Encrypted: false SSDEEP: 192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT MD5: 90F880064A42B29CCFF51FE5425BF1A3 SHA1: 6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF SHA-256: 965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268 SHA-512: D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3 Malicious: false Reputation: low Preview: {"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZ rQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMB N2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FF FY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=", "yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWE vYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5 n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAF Mms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\c omputed_hashes.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 23474 Entropy (8bit): 6.059847580419268 Encrypted: false SSDEEP: 384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb MD5: 6AE2135EA4583C2F06CDEBEA4AE70FA4 SHA1: DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2 SHA-256: 03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903 SHA-512: B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312 Malicious: false Reputation: low Preview: {"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/ 3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq 4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQ RpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl 32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc="," eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKn MKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9u qQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 19 Entropy (8bit): 1.8784775129881184 Encrypted: false SSDEEP: 3:FQxlX:qT MD5: 0407B455F23E3655661BA46A574CFCA4 SHA1: 855CB7CC8EAC30458B4207614D046CB09EE3A591 SHA-256: AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7 SHA-512: 3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939

Copyright Joe Security LLC 2021 Page 15 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Malicious: false Reputation: low Preview: .f.5......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 372 Entropy (8bit): 5.302360889182359 Encrypted: false SSDEEP: 6:mhPd/q2PWXp+N23iKKdK25+Xqx8chI+IFUtpGPdFe9ZmwPGQSkwOWXp+N23iKKdP:WPd/va5KkTXfchI3FUtpGPdo9/PG35fk MD5: 42FC1CAD9FAA710BD153E0D35B0DD517 SHA1: 5C12E3FB6494633285C0AF6608F593A301D10DC8 SHA-256: A45A7DF72BE6597D5F167A60F2A9D6D3D30246470C1A55D3D0D2735EFD6A2303 SHA-512: 87135FBE67DBE419975F5C7D31492222A88ADCFB07E71FCFCB7E0D0CEB5BE8F4A597FFF7F3BE7AA804264997235E880E1746897F1624E35C65D1CE5C96ECF10 5 Malicious: false Reputation: low Preview: 2021/07/24-00:55:48.868 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MA NIFEST-000001.2021/07/24-00:55:48.871 1a94 Recovering log #3.2021/07/24-00:55:49.026 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 358 Entropy (8bit): 5.257145058827882 Encrypted: false SSDEEP: 6:mhP3xq2PWXp+N23iKKdK25+XuoIFUtpGPVZmwPGPdUkwOWXp+N23iKKdK25+Xuxo:WPhva5KkTXYFUtpGPV/PGPdU5f5KkTXp MD5: 442BFDB8559112253D40A18E00398A23 SHA1: 16018107D37695C4EAEE733A215D902A0D87CF53 SHA-256: 7B014D36106263E8B8276F3717A5A0C120282BF6925050B07007E535CC7E5F75 SHA-512: DAB19C55445775ABCE659124A0276B6CE9D14794D6F185E10D1DAD599CC7593AB86DC0FE10656FCC63DB98005115FA2AF5155AD12B72FDA175AA6C9D98AC33B 2 Malicious: false Reputation: low Preview: 2021/07/24-00:55:48.734 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST- 000001.2021/07/24-00:55:48.759 1a94 Recovering log #3.2021/07/24-00:55:48.831 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data \Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 16 Entropy (8bit): 3.2743974703476995 Encrypted: false SSDEEP: 3:1sjgWIV//Uv:1qIFUv MD5: 46295CAC801E5D4857D09837238A6394 SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 Malicious: false Reputation: low Preview: MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 102

Copyright Joe Security LLC 2021 Page 16 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log Entropy (8bit): 4.707425199545215 Encrypted: false SSDEEP: 3:w1tsm1iILeNlA1jPqciKPnSc+VVn:w1tsmRLVP1/Sc+VV MD5: 7E6074135B54581D9C9A50EC25141C6A SHA1: 362BE82BA04A240771813665F436B0EF9D24C35F SHA-256: 8A14329F2C4F6E9CD07FDABA314C1F29FDE90C936695F0E95118778B2E0CD7A2 SHA-512: D715BD9AE5A94DC6F30D6B8A475DFD69DE15C3915987D6A2D9E6F761237055AB1409B24431F9F6497FE0CDF664449F13F3D52FB0C49E4221CE3145862D9048F8 Malicious: false Reputation: low Preview: mP...... LAST_PATH.-1.X7.>...... LAST_PATH.000..ORIGIN:https_www.google.com_0.000

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 143 Entropy (8bit): 5.269884540576461 Encrypted: false SSDEEP: 3:tUKeV7BkVQLKqFkPWXp5cViE2J5iKKKc64E/+MOMcWIDMGk4cWIV//Uv:mhuu+q2PWXp+N23iKKdK29MRgPRIFUv MD5: 202DF42CA307F75B2F95458C8781EC6A SHA1: DCEE2BACCC6611531AAB1D0E083D6D038FBC7477 SHA-256: 8D783A5233E28CAF513D55149A71AAFF40B44BEA5D721D6FE0DD3C3CAEB919E5 SHA-512: 2B889C67B61BDAE6F7090BBAF071E17E845A17C5D2C903EF583FA16B0D42D0C504DCBE3ADECCCACCA2B63AAF965DA780E638B1EA4907A031AC619079743319 06 Malicious: false Reputation: low Preview: 2021/07/24-00:55:47.790 12cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: PGP\011Secret Key - Category: dropped Size (bytes): 41 Entropy (8bit): 4.704993772857998 Encrypted: false SSDEEP: 3:scoBAIxQRDKIVjn:scoBY7jn MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1 SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C237 5B Malicious: false Reputation: low Preview: .|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 330 Entropy (8bit): 5.299089103171909 Encrypted: false SSDEEP: 6:mhPB9q2PWXp+N23iKKdKWT5g1IdqIFUtpGPl9ZmwPGPTeBkwOWXp+N23iKKdKWTk:WPPva5Kkg5gSRFUtpGPb/PGPKB5f5Kkn MD5: 32588D9401B59C40EC9DE9750C4C6020 SHA1: 876AF63D0C99BDEFCC04554123BD9174B79DE955 SHA-256: D0D565C10FFB504550C417CF27A7EA7EB28B70DF55B4FB07106B14E8CAA88A3F SHA-512: 7F00A7FC70D5FCEDDF108FC6606611F17AF66C728C69A57E268E816A95314DADB7467A62D732BA465D8206B7CF232C458A51F65B6E53C3DC5637DBCF79D0A7B 7 Malicious: false Reputation: low Preview: 2021/07/24-00:55:48.563 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/07 /24-00:55:48.573 1a94 Recovering log #3.2021/07/24-00:55:48.608 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM S tore\Encryption/000003.log .

Copyright Joe Security LLC 2021 Page 17 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: SQLite 3.x database, last written using SQLite version 3032001 Category: dropped Size (bytes): 32768 Entropy (8bit): 0.4554693472100583 Encrypted: false SSDEEP: 24:TLxj3jYjI0jWfPh9Wvhv6yUZGRXK91LYjI0jWfy:TpUjIKy59kv6yUZGRXK91MjIKyy MD5: EA3575B48436CAB9A867D0F0E35B87B1 SHA1: CE84793D0F675252A63B129A94DA2A29241C52A3 SHA-256: 9CE3ED831433E8DF39D5605FB6E900F0F728EEA8E04E78F40A4C0F69BAB84CB7 SHA-512: AAED4B971CEA10D82C0F4C2EADADAD4190AACD05152DF7D2127EECBA7CA8354F878C15F4773332ACFFF9EF81F562FD6D1631F974A5972D46ED2D2A340F6955 EE Malicious: false Reputation: low Preview: SQLite format 3...... @ ...... C......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 2006 Entropy (8bit): 6.082497175439343 Encrypted: false SSDEEP: 48:HQagxZwzm+/tTmV8EPAyzgJFbqjIKyllq97:wagXwz1/tTp0zgrbsyvqF MD5: 99D3B05F2812E5B6A3EFC6245A791247 SHA1: 07217B325A6B877FB7341AA280C888E48EBD385A SHA-256: 2D283E0DACBC36B3E66C38FEE08A6E4D6436BD42C12E9F9F23A8887020FA97A2 SHA-512: B71659AC45D1F143536D298BE171B10B455A510672FD851BCFBF902622ABA7FCD8785BD9DF86C193A8FA6DF0C9C3BD45D97BFA633BD07E63178A81CCA8D00B4 C Malicious: false Reputation: low Preview: ...... "...... f..http..online..or..redirecting..sp./ynj1y2uuynjly2hlaxnlbkbzzwfib2fyzg1hcmluzs5jb20..main..100...bwfpbgluz2lkptm1mtq1njy5mcztzxnzywdlawq9ufjelu9ets0 znte0nty2otamzgf0ywjhc2vpzd0xmdaxjnnlcmlhbd0xjmvtywlsawq9cgnyawnrqgfscghhy2fyzc5jb20mdxnlcmlkptqxmdg1mjqxnizmbd0mzxh0cme9txvsdgl2yxjpyxrlswq 9jiym..click..com..enid..govdelivery..https..odlinks..track..type*...... 100...... bwfpbgluz2lkptm1mtq1njy5mcztzxnzywdlawq9ufjelu9ets0znte0nty2otamzgf0ywjhc2v pzd0xmdaxjnnlcmlhbd0xjmvtywlsawq9cgnyawnrqgfscghhy2fyzc5jb20mdxnlcmlkptqxmdg1mjqxnizmbd0mzxh0cme9txvsdgl2yxjpyxrlswq9jiym...... click...... com...... enid...... f...... govdelivery...... http...... https...... main...... odlinks...... online...... or...... redirecting...... sp...... track...... type...3./ynj1y2uuynjly2hlaxnlbkbzzwfib2fyzg1hcmluzs5jb20..2...... 0...... 1...... 2...... 5...... 9...... a...... b...... c...... d...... e...... f...... g...... h...... i...... j...... k...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 33356 Entropy (8bit): 0.0470769349683077 Encrypted: false SSDEEP: 3:vQln3llu/fllPG/NllP1l/fllPv/NllPmXFllP1l/fllP8XFllPX0pMRgSWbNFlL:I91p/4XOZg9bNFlWCj/lj2+/l3n MD5: A75F710E0C50D35FAAFC9AB093DED31D SHA1: 06F58DDBA582D6579AC58741B041D6C40BEEF4E0 SHA-256: CFD011653C0AF59ADEC9E80DD087A4659DC8D506F195F9626897ED6D4872EE87 SHA-512: 6E21736059B3B0C7DB66ADBC33A25792C1D96DD5740057E7B5F1D760B672A529957EC5CA63FD64BE5F7B2AF35CB3F863DFEF93DAB8BD16363FB66306D6784C2 E Malicious: false Reputation: low Preview: ...... H......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 3069

Copyright Joe Security LLC 2021 Page 18 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Entropy (8bit): 5.537314458166075 Encrypted: false SSDEEP: 48:FwYG03a7mM18db4Qg7bQSefgGTNrS0U9RdiN9P:ra7mMOdb4Qg7bQ5fgGBrS0x MD5: 169B8BCE2589047CFDD4CF2F3C2D1954 SHA1: C2F185850E393C7BC807DF7FCDC7441B9D368CB9 SHA-256: 7A115AE3F51176851283AD3F49C20A0C8DD0CAA50DF39F0AEB7887C37DE8F186 SHA-512: 846A6E05206ADD82FB3ECFEBDC476B738B2A4AA235B05C55015D72BCC392984004CD52EBAFB9E708328F51DEE53A24FDECC05F2E65F139D34B1E12F3A268EF 18 Malicious: false Reputation: low Preview: A..-k..*...... META:https://www.google.com...... _https://www.google.com..rc::a..OWdtamlhMTE1dnBxaA==.4B....,...... 8META:chrome-extension://pkedcjkdefg pdelpbcmbmeomcjbeemfm...... Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":n ull},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..213263000.H_chrome-exten sion://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-07-24 00:55:50.59][INFO][mr.Init] MR instance ID: f05bfb11-e663-4d15-9c05-24769d 6bcd82\n","[2021-07-24 00:55:50.59][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-07-24 00:55:50.59][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021 -07-24 00:55:50.59][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-07-24 00:55:50.59][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-0

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 332 Entropy (8bit): 5.185903384318532 Encrypted: false SSDEEP: 6:mhNVwq2PWXp+N23iKKdK8a2jMGIFUtpGNVvaZmwPGNVhmkwOWXp+N23iKKdK8a23:WHwva5Kk8EFUtpGHS/PGHhm5f5Kk8bJ MD5: 71B43096B8FD5CC3E47EAFE607709F59 SHA1: 1AE99F5CA3F02AAFE4BA70FB841950F291DE3837 SHA-256: 50D9EA534AE588906B136053D23C45828216A140279CED597F8B07CEBAE8D4AF SHA-512: E8FA91CFC682E930C816BA4E28258040172FDD058E09ED106B71F0938A599D8E495829EEA84B0EA4FD83677F831EEA4D86F6DED227FEE329B4C49750BF0E6B6 C Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.036 14f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/0 7/24-00:55:42.037 14f0 Recovering log #3.2021/07/24-00:55:42.039 14f0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\ leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 334 Entropy (8bit): 5.196193258305701 Encrypted: false SSDEEP: 6:mhNXg+q2PWXp+N23iKKdKgXz4rRIFUtpGNXRWZmwPGNXXRFNVkwOWXp+N23iKKdA:WW+va5KkgXiuFUtpGPW/PG7V5f5KkgXS MD5: 87E59105AAC81417451D5634EA661A89 SHA1: EC2922AA17140E0B5B280D1304913D816E9B0B98 SHA-256: F1BA7FA08FD15C5E25E73A8B5B563A14F957847E5257E9689A3D0B964FEF08E9 SHA-512: 0185D9751E64F6742D9402CAD2BEE05353300ABA354E4808B2313925651AC87B97EA5BEFE5B828D7210AE64FCED16BA5BF0D021C1D29BB71DBFD11901D2BEFD 0 Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.251 12cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/ 07/24-00:55:42.255 12cc Recovering log #3.2021/07/24-00:55:42.256 12cc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Noti fications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: SQLite 3.x database, last written using SQLite version 3032001 Category: modified Size (bytes): 77824 Entropy (8bit): 0.4790503830330998 Encrypted: false SSDEEP: 96:vCIG+6bDdsDaBJvtHIm50I4sX/CIG+6bDdsDaBJvtHIm50I4ir9:a96EJTv4sXK96EJTv4ir9 MD5: A07D3B464AC94266D04555278A109666 SHA1: 77140161D66890BD0106CFF6433340694783B901

Copyright Joe Security LLC 2021 Page 19 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager SHA-256: A11357D6B521E0A099892A974EF81F5D456C0F8AB3A6BBE67E0ACFA979F378E5 SHA-512: B34A1B5A0AA7618A91EA3FF26A95673494B9E7F16BCE33ED1D5084C00EDC72C6497F665CE043BE20D36A3B6D06EFAE1EBC6B3B6CCEDEFCDD99F305FA35D51 16F Malicious: false Reputation: low Preview: SQLite format 3...... @ ...... C...... g.....*.W.L.[...... "......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 25672 Entropy (8bit): 0.6535393444531462 Encrypted: false SSDEEP: 48:HMbsqzLbCIG+6bDdsDaKgJgKtHIm50I9a+UX5:HyssCIG+6bDdsDaBJvtHIm50I4H MD5: 7A5A1CAE6D625AA04644BCF6FCDE87CC SHA1: 75E1A3840B6FA2E6B08AFC060ED5538C857CE01A SHA-256: 874703E6715FA078CB4A9937B4B16EDF0D3BC7F61E9BC2768ABB28E1128127B5 SHA-512: 599D42ECB99F958E3C42B0EF8268BEC85FDF840F172B59FEF9F3674831DA92F97DCB0B10AAA6730CC1B55B0B3BC4198AEA95D03C4E6C7C457BC99F38A400C84 5 Malicious: false Reputation: low Preview: ...... N...... c...... N..=......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: SQLite 3.x database, last written using SQLite version 3032001 Category: modified Size (bytes): 20480 Entropy (8bit): 1.010925428692653 Encrypted: false SSDEEP: 48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUOoTRs2oTRsAoU:wIElwQF8mpcSJ2Yy1 MD5: 1A62ED92018C9CF170BA551CE91EDFFB SHA1: B0D40035A64A20669BA6FD122EB5B1CA829E236F SHA-256: 9ADC4819976B11FDC9938E9A67052F07F5CC0FF8A6E56B9CF3E7AA95935C3D16 SHA-512: A5627D57DA5215A88365FFC854B6399EFEFB13B58F5102A8FD4CA50D299B10F62196120735965ECB59980527B2C5EBD51207D6CB9FA1D17A37193FE70578AF85 Malicious: false Reputation: low Preview: SQLite format 3...... @ ...... C...... g...^...... j......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 21044 Entropy (8bit): 0.8263232765058638 Encrypted: false SSDEEP: 48:Fi3qkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUR6:F8hIElwQF8mpcSI MD5: DCC7C018A69268B032F888F6B1A17682 SHA1: 3201708B74D2DD5AF6F993124849117F3D27DCFE SHA-256: 2F32DF57C111773F83E170AF1E76F186D584B733BF8AF9923DCE8A6611DDB7A7 SHA-512: 16CA29259AC1F5CF9D4239610718BB79F70A0AF128DBE8543D7357F9CB72206A435E60639523E3944B325378FA8CACF115D9EC851B2B3EF515C560BFCBB5F5E6 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 20 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Preview: ...... v/.2......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 450 Entropy (8bit): 4.370149332985787 Encrypted: false SSDEEP: 12:5lvGnBM20DIYCAbi0ldue5zWoUnGKXi4sUlJlkTSlkTSlkTSlkTSlkT:7enBMd+eXwXZvJ9999 MD5: D0C9B0EF794F8BCF6CFB37F63FBC7082 SHA1: E6BE6711A06CD6DDBCBA8F6156C3AF780B967800 SHA-256: 0253B33B0F4E8EC2950D95B0C4BB01E1D600938492C382454B3BCF08536B7D5A SHA-512: F93E0113840E282ED4E57FD6D0D695A8D58A1D00B453DA629454109F22057C67D93C1106DFFD224DE692C9A2105A31E5E058678A4D2C33282619BFBAF92A5716 Malicious: false Reputation: low Preview: ..&f...... y.e...... next-map-id.1.Fnamespace-5a2a7594_dc9f_4127_8261_fe0e007ae3e4-https://www.google.com/.09...... map-0-rc::c..B.H.K.B.S. T.l.G.t.n.V.x.Z.0.f.7.j.C.p.k.R.a.E.1.u.1.2.h.V.b.m.D.G.V.a.J.j.2.A.O.Z.Z.0.J.C.q.4.5.N.Q.e.7.x.5.i.K.3.P.A.h.8.e.t.N.0.V.D.F.z.i.m.e.m.T.e.Y.e.p.m.Q.z.Z.L.6.J.U.1.H.8.1. O.8.u.u.B.p.8.2B.l...... 2B.l...... 2B.l...... 2B.l...... 2B.l......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 317 Entropy (8bit): 5.192639941456947 Encrypted: false SSDEEP: 6:mhNXSU+q2PWXp+N23iKKdKrQMxIFUtpGNXUZZmwPGNXgWNVkwOWXp+N23iKKdKrb:W4va5KkCFUtpGiZ/PGm05f5KktJ MD5: 925F8F54642AEB9E1833DCE24D9773E5 SHA1: 4DE8CF72BCFA61F5769781AF298FC6DDD000FFE2 SHA-256: 619187E24D04DDE204E0E624A3AF2377F205956763A7D0C1A217397A61960546 SHA-512: DE65511DAE3CA5A3EDDA2821A208228D90A44AB981A1586F885E22205C2502D526FD2DBDCFCF986B5A7338A0C84C76D31470CB30031C49F628EB4791483377E2 Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.223 3b8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/07/24-00 :55:42.224 3b8 Recovering log #3.2021/07/24-00:55:42.225 3b8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Stora ge/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 345 Entropy (8bit): 5.210275440920805 Encrypted: false SSDEEP: 6:mhw34q2PWXp+N23iKKdK7Uh2ghZIFUtpGPJZmwPG4QPkwOWXp+N23iKKdK7Uh2gd:WwIva5KkIhHh2FUtpGPJ/PGFP5f5KkIT MD5: F38FE2E00BC0C447C851857C09CEADB8 SHA1: BB7A19A88EB45C4C9AF8EF6EE2B7E15AE221B41B SHA-256: AA8B6F10708B15D83F27BFF2D47CE703427C290A10ECAF5FF1F5AD5B594F980C SHA-512: 8BEDD715687CD72C3822D7434DF0FF41E1F29E0B2976F0DCEAEB5D46F43A7A4FAB573ABF7DD0D825A40F848750B20D4367D47A3FEA93D9AD19FF924CA3E914 C7 Malicious: false Reputation: low Preview: 2021/07/24-00:55:41.951 d14 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001 .2021/07/24-00:55:41.958 d14 Recovering log #3.2021/07/24-00:55:41.967 d14 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Char acteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped

Copyright Joe Security LLC 2021 Page 21 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Size (bytes): 296 Entropy (8bit): 0.19535324365485862 Encrypted: false SSDEEP: 3:8E:8 MD5: C4DF0FB10C4332150B2C336396CE1B66 SHA1: 780A76E101DE3DE2E68D23E64AB1A44D47A73207 SHA-256: 18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6 SHA-512: 51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E Malicious: false Reputation: low Preview: .'..(......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 427 Entropy (8bit): 5.266590331600005 Encrypted: false SSDEEP: 6:mhNX9U+q2PWXp+N23iKKdKusNpV/2jMGIFUtpGNXjdXZmwPGNXL43VkwOWXp+N2u:W7pva5KkFFUtpGnX/PGyF5f5KkOJ MD5: 007D8570EED8F8728721DFB272519B7E SHA1: 79A9BA9707E5AD8574A054D5E6605C278C64DB85 SHA-256: 2B5111C8AD8C7510DBA86B3EBD64F07A45926902929C6850CA946EF3FE9283D1 SHA-512: 6B819081E534148085EB39EBB58D4BB83E3BA06869D3080D5FC66377D181BF7F1D597EB7C894A68EE4684E981F1ABD50FC2CA964C682E98881264952FBD485F0 Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.213 3b8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\ def\Local Storage\leveldb/MANIFEST-000001.2021/07/24-00:55:42.214 3b8 Recovering log #3.2021/07/24-00:55:42.215 3b8 Reusing old log C:\Users\user\AppD ata\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 432 Entropy (8bit): 5.276409044264239 Encrypted: false SSDEEP: 6:mhNXbUSVq2PWXp+N23iKKdKusNpqz4rRIFUtpGNX+gZmwPGNXAIkwOWXp+N23iKV:W7va5KkmiuFUtpGx/PGR5f5Kkm2J MD5: 23E4119DB7CF8C4573CA0036E6DF69B2 SHA1: 401462A4CFFFF494A8248BBACBFA3425E5F91A7A SHA-256: 6DEDF6065713F1D41DA87F2F7F7D3FE2A966F3CC9A6CB5ED46074C5FD0FD4C4C SHA-512: 7D2D39D7D3FA5BCF1B2E71904AE0B4FF657DBEF16A274BB29EC807717FC6C5D24AF1E62F42393219ACED256C19F8DBF2E4AC03B2419D0A1DF22E3114650774C E Malicious: false Reputation: low Preview: 2021/07/24-00:55:42.249 14c4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl \def\Platform Notifications/MANIFEST-000001.2021/07/24-00:55:42.253 14c4 Recovering log #3.2021/07/24-00:55:42.255 14c4 Reusing old log C:\Users\user\ AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 19 Entropy (8bit): 1.9837406708828553 Encrypted: false SSDEEP: 3:5l:5l MD5: E556F26DF3E95C19DBAECA8F5DF0C341 SHA1: 247A89F0557FC3666B5173833DB198B188F3AA2E SHA-256: B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3 SHA-512: 055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 22 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Preview: ..&f......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 418 Entropy (8bit): 5.265032025987857 Encrypted: false SSDEEP: 6:mhqWq2PWXp+N23iKKdKusNpZQMxIFUtpGRPXZmwPGakwOWXp+N23iKKdKusNpZQq:WJva5KkMFUtpGRP/PGa5f5KkTJ MD5: 02300D88AE79968E474CE220F56EDC94 SHA1: C220BC7094F66467A17B66CE80741F39DBE33A92 SHA-256: 43DFA7F502851145F588FEAD732BE3D0777890FEF5556E61249F1BBE3F73EBB8 SHA-512: D22857ABF66F4D6CF20E3104002C4E302D98AB19B96844DC2E34A73C370C8DF3199EE45D48B9FBC2C80A4CF56CDBDAD93FDDCFA2323068C5B94725098E0D468 5 Malicious: false Reputation: low Preview: 2021/07/24-00:55:58.405 14f0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl \def\Session Storage/MANIFEST-000001.2021/07/24-00:55:58.406 14f0 Recovering log #3.2021/07/24-00:55:58.407 14f0 Reusing old log C:\Users\user\AppData \Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\efece5f9-2e31-469f-89d8-785a15f 3b42f.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 420 Entropy (8bit): 4.985305467053914 Encrypted: false SSDEEP: 6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y MD5: C401B619D9D8E0ADABC25A47EE49CFBA SHA1: C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA SHA-256: 8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F SHA-512: BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862 Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"adve rtised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5} ,"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\77438e88-4a69-4eb6-b78c- ef4328260ce6.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 420 Entropy (8bit): 4.954960881489904 Encrypted: false SSDEEP: 12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy MD5: F4FEFEEEC722772F9DC0FCE1B52D79B5 SHA1: 00EECFA3B37113D30E7D43BE4383C540F3D93D4D SHA-256: D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0 SHA-512: 41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"adve rtised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5} ,"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 296

Copyright Joe Security LLC 2021 Page 23 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Entropy (8bit): 0.19535324365485862 Encrypted: false SSDEEP: 3:8E:8 MD5: C4DF0FB10C4332150B2C336396CE1B66 SHA1: 780A76E101DE3DE2E68D23E64AB1A44D47A73207 SHA-256: 18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6 SHA-512: 51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E Malicious: false Reputation: low Preview: .'..(......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 430 Entropy (8bit): 5.219603841801614 Encrypted: false SSDEEP: 12:WPjjN+va5KkkGHArBFUtpGP1W/PGPgBV5f5KkkGHAryJ:WP36a5KkkGgPgAPpPAf5KkkGga MD5: 7BE518851142B5B9E2AAA40A2E29EAA7 SHA1: 9B7D09CE61462C84AC62E210B8F21EE8B5858876 SHA-256: 93C0A8A18CDE08BC6499F3584DA4EEED98B84AE58AC59FEB0A060680732B029E SHA-512: BBBB54F34E0A65506E36DEDE0ED28660F96189EF0EB4A506EB04969FAEDE03F556E6580630E8B3659BC4E3BD6BB22DD331DAF8C32E244FCA20430CCDDF075D 08 Malicious: false Reputation: low Preview: 2021/07/24-00:55:48.779 12cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda \def\Local Storage\leveldb/MANIFEST-000001.2021/07/24-00:55:48.783 12cc Recovering log #3.2021/07/24-00:55:48.785 12cc Reusing old log C:\Users\user\A ppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 429 Entropy (8bit): 5.249930760612133 Encrypted: false SSDEEP: 12:WPWL+va5KkkGHArqiuFUtpGPR/PGP11LV5f5KkkGHArq2J:WPLa5KkkGgCgAPcPvf5KkkGg7 MD5: C523392E357695DAD63DA08F47DE2639 SHA1: DB7FB5FDBE290108C6B17BD90660562206F21698 SHA-256: DCDEA63415A1A130337652371F62490A4E3EB72B83094CFF6F48DCC2AC1CAE6D SHA-512: 1DD413395666B6A6078B1A27341DC502A09C1EDF8E6615686D179806F9454494C1A6A182A89D99DBA042E8369D8B54D27F08B409BA06B267303F3F1C93430BE0 Malicious: false Reputation: low Preview: 2021/07/24-00:55:48.780 89c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\ def\Platform Notifications/MANIFEST-000001.2021/07/24-00:55:48.783 89c Recovering log #3.2021/07/24-00:55:48.785 89c Reusing old log C:\Users\user\AppData\Local \Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 19 Entropy (8bit): 1.9837406708828553 Encrypted: false SSDEEP: 3:5l:5l MD5: E556F26DF3E95C19DBAECA8F5DF0C341 SHA1: 247A89F0557FC3666B5173833DB198B188F3AA2E SHA-256: B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3 SHA-512: 055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 24 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Preview: ..&f......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 415 Entropy (8bit): 5.224018368536945 Encrypted: false SSDEEP: 12:nO3E1L+va5KkkGHArAFUtp3OV/P3ORLV5f5KkkGHArfJ:nzKa5KkkGgkg9M0f5KkkGgV MD5: 145CB7BAC68A9698E675F01972148D0A SHA1: 448E95020BC77250605091F41F0CF59E472E4E5F SHA-256: 8D1C76BC19008954F4F8408B749B29C7D589AD43C08507DF99C64CC43E024CB2 SHA-512: 33A86DB39774976E7B0A739874921E2B95D96EE57ACF5B285FFE21B252E37FA5D5B62049FF51507CA66D5E6142999FA0AE22A415A5CF00A65E7CE70D9E74F5C0 Malicious: false Reputation: low Preview: 2021/07/24-00:56:04.127 89c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\ def\Session Storage/MANIFEST-000001.2021/07/24-00:56:04.128 89c Recovering log #3.2021/07/24-00:56:04.128 89c Reusing old log C:\Users\user\AppData\Lo cal\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 38 Entropy (8bit): 1.9837406708828553 Encrypted: false SSDEEP: 3:sgGg:st MD5: 45A8ECA4E5C4A6B1395080C1B728B6C9 SHA1: 8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E SHA-256: DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E SHA-512: 8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF21 24 Malicious: false Reputation: low Preview: ..F...... F......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 324 Entropy (8bit): 5.297758534845434 Encrypted: false SSDEEP: 6:mhBcM+q2PWXp+N23iKKdKpIFUtpG/TEJZmwPGGNcMVkwOWXp+N23iKKdKa/WLJ:WmM+va5KkmFUtpGbm/PGGqMV5f5KkaUJ MD5: 0D017C1998AD921FB3C16FC8721C0F82 SHA1: 2C6C00FA516FA01AB8C726E7832FA5B87A984DD8 SHA-256: F05A5E1CE4C395FF9626FC4F2451BE7C7CC736113BAC29FEA730D4D104CE903D SHA-512: 76BB27DCF09DF6A794099C360773DFC1EA4F42FF4952EBC907E7CAEB315F28DABB563E0087488DCC33E646C32FAB4167932B39BE85378279C653D38177631E0A Malicious: false Reputation: low Preview: 2021/07/24-00:55:41.932 136c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/07/24- 00:55:41.948 136c Recovering log #3.2021/07/24-00:55:41.953 136c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/ 000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 399 Entropy (8bit): 5.3276007489597 Encrypted: false SSDEEP: 12:WWL+va5KkkOrsFUtpGL/PGsjLV5f5KkkOrzJ:WLa5Kk+gA6Kf5Kkn

Copyright Joe Security LLC 2021 Page 25 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG MD5: F2CDA7B9427582BADC47B4DD0AC694E0 SHA1: BB549636879F0D62C3A6C48F325F2E3AED38FD41 SHA-256: 36D4E488EF6AA231A0859E42E2DCC418939153B9270D876D23FC7364C20CD605 SHA-512: 83543ED426E873A8A88D947EF8500E0834B2A804C5D2362F3E76A6109A15B71965ED436630371D1B5BA3EA68CD2C44CBC34176D4DEBDC703ED2082E007DF9A99 Malicious: false Reputation: low Preview: 2021/07/24-00:55:50.552 89c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbm eomcjbeemfm/MANIFEST-000001.2021/07/24-00:55:50.553 89c Recovering log #3.2021/07/24-00:55:50.554 89c Reusing old log C:\Users\user\AppData\Local\Goog le\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 36 Entropy (8bit): 4.377443751081732 Encrypted: false SSDEEP: 3:5zaGLzqOlijjdK:526zGE MD5: DAC32D7A9574F27CA587C726691C6CB9 SHA1: 346F12856B2A6CA366901FF9F7AA37CA5665C164 SHA-256: 159D5E66C51F8D5B34B8F0602F317D66E02911F0430EC89B9CB46A2FB78ADCBD SHA-512: 93111D7383644D32744E5C6B3CF4E26B77EE88F1B08B2EC22C0709058C471FFC24EC16CB1A0EEB7F4299149533E104E2F094E96005074DB963CCF81364D99D5C Malicious: false Reputation: low Preview: .....7n...;.....Vc...... 8.F..Z.g

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a6497e33-07e5-4c5e-b6e7-0cde821a6098.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 5930 Entropy (8bit): 5.194948157544161 Encrypted: false SSDEEP: 96:nKCg/mMdBncKIqtok0JCERWL8BkT18bOTQVuwn:nKCtMncYM4EYMkTE MD5: 13906433124ACED447E2FA813EB48361 SHA1: 9DFB23E84FC765A354EB20F226A3176532B358F4 SHA-256: F0DBC5CB0276216F596B8773F4F977E110FD065F22C8E350E7BC0EF5E915E157 SHA-512: B99245E40C0212CF3A71E45BE6F93967D0527A1E0BD82190A5FFAEF14F7150BCBEA05A80852F034469535C2BC26AF87B1584234412E2C55119DAD2E7B2791E45 Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271586942219136","alternate_error_pages":{"backup":true},"announcement_notification_ser vice_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser _infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_pl acement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"co untryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0" ,"0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bbd7cf49-18d1-4ff9-a2b5-6532fd20dff6.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 4219 Entropy (8bit): 4.871684703914691 Encrypted: false SSDEEP: 48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH MD5: EDC4A4E22003A711AEF67FAED28DB603 SHA1: 977E551B9ED5F60D018C030B0B4AA2E33B954556 SHA-256: DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453 SHA-512: 84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 26 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bbd7cf49-18d1-4ff9-a2b5-6532fd20dff6.tmp Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advert ised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","support s_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration": "13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true}, {"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"1324854350 1454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 16 Entropy (8bit): 3.2743974703476995 Encrypted: false SSDEEP: 3:1sjgWIV//Rv:1qIFJ MD5: 6752A1D65B201C13B62EA44016EB221F SHA1: 58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B SHA-256: 0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD SHA-512: 9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E03 89 Malicious: false Reputation: low Preview: MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 136 Entropy (8bit): 4.4835668724475095 Encrypted: false SSDEEP: 3:tUKeV7PRrGyZmwv3gV7PVjySV8sgV7PVjySWGv:mhRZmwPGPVjySVvGPVjyStv MD5: A342050EE74EB07A21AE5AFF9C8E01E5 SHA1: C7F988CB13CCA38073B3906CD8DD7993813C46E3 SHA-256: 5D634534C29809B4B2F670E1A2B8E01A97739E8F091A6B34E06D3E0CF7E7884B SHA-512: 9948E1002BE7C03DAA1A095169F5A83658CEE7B293ED189067C41696C5D78CFA07ABE7A9BB729CEF9CD99040BFD83254A06F178CC0C141B0185A7F3CD9A5D8A 1 Malicious: false Reputation: low Preview: 2021/07/24-00:55:47.986 444 Recovering log #3.2021/07/24-00:55:48.033 444 Delete type=0 #3.2021/07/24-00:55:48.033 444 Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: MPEG-4 LOAS Category: dropped Size (bytes): 50 Entropy (8bit): 5.028758439731456 Encrypted: false SSDEEP: 3:Ukk/vxQRDKIVmt+8jzn:oO7t8n MD5: 031D6D1E28FE41A9BDCBD8A21DA92DF1 SHA1: 38CEE81CB035A60A23D6E045E5D72116F2A58683 SHA-256: B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA SHA-512: E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF9 04 Malicious: false Reputation: low Preview: V...... leveldb.BytewiseComparator...#......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 338 Entropy (8bit): 5.2515098174307955

Copyright Joe Security LLC 2021 Page 27 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Encrypted: false SSDEEP: 6:mhRFN+q2PWXp+N23iKKdKfrzAdIFUtpG1OCWZmwPGLVkwOWXp+N23iKKdKfrzILJ:WB+va5Kk9FUtpGbW/PGLV5f5Kk2J MD5: F02756BC3CD361B50E75804D61D2C209 SHA1: BF0F876149AA2D6BA998D0A171C9DF60D67312D2 SHA-256: BE79F76271364193C145E3C4402E9D6C7710384131D7A8C786850A65FA06114C SHA-512: 34B1F7B09BD7C360CFEBDD70BE61E3F5407F9A584E86F6D0A708BFB1FACA30773C9D3FAB479E0993D7784EE0F49B3848FFC3BC67856C959695B5CF85383584D 0 Malicious: false Reputation: low Preview: 2021/07/24-00:55:49.756 12cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.202 1/07/24-00:55:49.757 12cc Recovering log #3.2021/07/24-00:55:49.758 12cc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_prot o_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 106 Entropy (8bit): 3.138546519832722 Encrypted: false SSDEEP: 3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l MD5: DE9EF0C5BCC012A3A1131988DEE272D8 SHA1: FA9CCBDC969AC9E1474FCE773234B28D50951CD8 SHA-256: 3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590 SHA-512: CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691 724 Malicious: false Reputation: low Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13 Entropy (8bit): 2.8150724101159437 Encrypted: false SSDEEP: 3:Yx7:4 MD5: C422F72BA41F662A919ED0B70E5C3289 SHA1: AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632 SHA-256: 02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59 SHA-512: 86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46 Malicious: false Reputation: low Preview: 85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\eeea6168-9531-4cff-bb1f-0a00ad5b7877.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 174697 Entropy (8bit): 6.079154106331787 Encrypted: false SSDEEP: 3072:sScPcIds3aLx+70pk1ZmC+ScFnslhWMSIyWsSFTkSCFcbXafIB0u1GOJmA3iuRY:ZcEIdUwxZk1IEchUh/GQgaqfIlUOoSid MD5: 6FB241D2A8CE75E7C8CB9EB8E52226DC SHA1: 982B9C4F2124C00D7D39CC822EFED45FF4AF6D03 SHA-256: A1B3BFBCB256CBF62B87CBA82A12701BFA0A5A1B5EB00BA8E9D41D019DB2D154 SHA-512: CCE8524BBAEC024BE3ACFD64FB30AFACE3A49D283256E2C945CE55C46C76A06B084F8B6E73078EB356CA0EDA1989B2F0FC02BCD5EC150DB9EBCF2CD2551A B66F Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 28 of 42 C:\Users\user\AppData\Local\Google\Chrome\User Data\eeea6168-9531-4cff-bb1f-0a00ad5b7877.tmp Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"use r":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627113344386948e+12,"network":1.627080946e+12,"ticks":3846907073.0,"uncertainty":3595723.0}},"os_crypt":{"encrypted_key":"R FBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkpp Nr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAn S1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_ma nager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\f65abe44-f2fd-4715-84ce-b2f272fda350.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 92724 Entropy (8bit): 3.750887806198921 Encrypted: false SSDEEP: 384:nXJ2uwD54c7ClN+r7vSa3BaE5HUhGFMrXkiIxZU4srrTSmP030GGK1O8YGNX12fh:j2RpC0FdQe3EOwYPn2aKsq2By MD5: BB5E5FDFDB8116AFD6FEDD632EBB3531 SHA1: 86913E049A7C77FFEBE3D6E92051A5964974DBF6 SHA-256: 8107B28B8CDDDE3BA5CC8F95DBEB272CA66ABE2E10D66EE02D77345FCB27DDD2 SHA-512: EE67BFDF379034E9C5A00D16B60279305ADC811606BD77008E6DFDC3613FAEAB5FBE6AEC33940A4AE2CF0E0CC009E32ACE13137CB412A415EA3CD61714099F 89 Malicious: false Reputation: low Preview: 0j...... *...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e .1.6.\...... g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0 .0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. [email protected].:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o .m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\[email protected]/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f .f.i.c.e.1.6.\...... m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s...... 1.6...0...4.2.6.6...1.0.0.1.....D...C .:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Temp\2df690ab-028e-417a-a2d3-616c424f3b1e.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21 Malicious: false Reputation: low Preview: .

C:\Users\user\AppData\Local\Temp\59021a47-02d0-4c4d-b0ab-bfb1f267faed.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21 Malicious: false Reputation: low Preview: .

C:\Users\user\AppData\Local\Temp\b37e2a0e-3e83-4409-bdb3-81cb844596ba.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe Copyright Joe Security LLC 2021 Page 29 of 42 C:\Users\user\AppData\Local\Temp\b37e2a0e-3e83-4409-bdb3-81cb844596ba.tmp File Type: Google Chrome extension, version 3 Category: dropped Size (bytes): 248531 Entropy (8bit): 7.963657412635355 Encrypted: false SSDEEP: 3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL MD5: 541F52E24FE1EF9F8E12377A6CCAE0C0 SHA1: 189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6 SHA-256: 81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82 SHA-512: D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C 88 Malicious: false Reputation: low Preview: Cr24...... 0.."0...*.H...... 0...... \7c.<...... Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ...... [...L|....3>/....u.:T.7...(.yM...?V.k.|1..n. ....\f..X..I..2."l...w....7f|.~.c.4.E...... 0..0...*.H...... 0...... ).'..b.*$w\$.q&.]zF_2..;...?.U,.. .W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A...... I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6.. @?v.;~..2..c....[0Y0...*.H.=....*.H.=....B...... r...2..+Y.I...k..bR.j5Sl..8...... H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\bc399ad3-189e-454d-a7de-1a80fa995080.tmp

Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: Google Chrome extension, version 3 Category: dropped Size (bytes): 768843 Entropy (8bit): 7.992932603402907 Encrypted: true SSDEEP: 12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob MD5: A11D5CAF6BF849AEB84B0C95B1C3B7CF SHA1: 27F410CCBD75852C01C7464A1FD7EF8C29BE3916 SHA-256: D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31 SHA-512: 086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590 Malicious: false Reputation: low Preview: Cr24...... 0.."0...*.H...... 0...... \7c.<...... Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ...... [...L|....3>/....u.:T.7...(.yM...?V.k.|1..n. Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./ ?'.....L..fH&.._<..&.p.k^..\s...:[email protected]:..Y.@;..j...... =ae...0...... DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei...... 0..0...*.H...... 0...... Mbh=.[O}.+..U .KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$...... l-m...... m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F ....D....X\.1ct.<...... [email protected]..^...&YR...I.o...,.....[0Y0...*.H.=....*.H.=....B...... r...2..+Y.I...k..bR.j5Sl..8...... H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\browser-sslkeys.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 10290 Entropy (8bit): 4.645482871156745 Encrypted: false SSDEEP: 192:lgWYC38eh3XilYvV5Wg4geRiQ3bgDcqClWxNelS:b38e15WNbgDcqClWL MD5: 725B4C2AF992A5F2AA31868857A4C9DA SHA1: 31AA50DF60A77F06E9FF528F052A2B634DEF7834 SHA-256: 6BC9D1AEBC9B28F3AB826996D051FA1993EE1ACBB7A0EA26BDBC3398EFBF69A1 SHA-512: 4A5173453E17CA1943F246EFB6F14A53D84D3FAB87D9B5A2948A34E95F7D17C30BF31FE52EED23D9C11921D17084DE6261C068F7EE95E9EAD935B4A099AB7024 Malicious: false Reputation: low Preview: CLIENT_HANDSHAKE_TRAFFIC_SECRET 7fe7011fe771cfc59aec02c90bc450032c313ef43ea0eb2a7e51d6944a56898e 1fb9244eea362a1806e93d474ee0bf4e4 9b3325f6ad98683284e715751d23e99.SERVER_HANDSHAKE_TRAFFIC_SECRET 7fe7011fe771cfc59aec02c90bc450032c313ef43ea0eb2a7e51d6944a56898e 2 665a717887d1f42601bb17f0b54185986c926b75c73e9014018898a1b766b9e.CLIENT_HANDSHAKE_TRAFFIC_SECRET 2b47d64e8be3860a8274083bd813cbedc9 779fc6061b1d3d05af85ed46e4c492 96ed91ac8fd765a7599d1124fff13d30a18477674e05b12487ff51ff217303d8.SERVER_HANDSHAKE_TRAFFIC_SECRET 2b 47d64e8be3860a8274083bd813cbedc9779fc6061b1d3d05af85ed46e4c492 22ce57906f208fa8d8479a6aa7fcae678eed64a63512c4603f82227bc664e57f.CLIENT_HANDS HAKE_TRAFFIC_SECRET 19863b92e91dace1bdac4445aba8a19e977c53b71306255beb3ce85b90d330e2 4157fb736c511a3296d4e94802a508c85dc8a4b9321e7 52c4145196726493729.SERVER_HANDSHAKE_TRAFFIC_SECRET 19863b92e91dace1bdac4445aba8a19e977c53b71306255beb3ce85b90d330e2 9a90065c46e04 08fcb0be86ff401dc6970d50e841f8f4a2e6a46957d9c53ebc0.CLIENT_HANDSHAKE_TRAFFIC_SEC

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\am\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17307 Copyright Joe Security LLC 2021 Page 30 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\am\messages.json Entropy (8bit): 5.461848619761356 Encrypted: false SSDEEP: 384:arfbEVrFvMP4rMhuDopC3vUuFBYZV6uml:aHEVrFvMP4KuFvr6D6uml MD5: 26330929DF0ED4E86F06C00C03F07CE3 SHA1: 478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C SHA-256: 621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22 SHA-512: 0BE6183A1BF12575C0F99960705D4249E79CDB8528C55FF132BE99A111F09494231AD6A36CD61B090A3B34C6971D68A29373BA346888E852C52E05DC14380682 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "1282768764603190 75": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...".. },.. "1850397500312020388": {.. "message": ".$START_LINK$Google Home ...... $END_LINK$ ...... Chromecast ...... ? $START_SPAN$*$END_SPAN$",.. "placeholde

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\ar\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 16809 Entropy (8bit): 5.458147730761559 Encrypted: false SSDEEP: 192:0IprKC78JmUjk8RkeryFOYPATxLZ8fsbE3/IFV6c8TEKdl:Jrp8JjA8RkerK0lc3wFV6uml MD5: 44325A88063573A4C77F6EF943B0FC3E SHA1: 78908D766F3E7A0E4545E7BD823C8ED47C7164EB SHA-256: 67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B SHA-512: 889C02BC986794C58C76022E78F57F867DD1D5217687F12D679A33A2DB9E5A18F3A37CF94D8FE4585E747C78E4662EAB93361FF7D945990774C7CFCACCFB79D1 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ".. },.. "128276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast .. $START_LINK$..... Google Home$END_LINK$. $START_SPAN$*$END_SPAN$",.. "pl aceholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\bg\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 18086 Entropy (8bit): 5.408731329060678 Encrypted: false SSDEEP: 192:4jjpr342SIwPIasR9VhMkACVmrv8evj+3eXivOMbb2vVzCkwRV6V6c8TEKdl:4ZrYo+rxT+qOV6V6uml MD5: 6911CE87E8C47223F33BEF9488272E40 SHA1: 980398F076BB7D451B18D7FDE2DE09041B1F55AD SHA-256: 273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA SHA-512: CDB69405BB553E46DCF02F71B1A394307D0051E7FA662DFFEBA7888F30DD933F13C7FD6E32F1D7AEAEE8746316873B6E1D92029724ABDC75E49DCC092172EA2 2 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... -...... ?".. },.. "12827687 6460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... , ...... ".. },.. "1550904064710828958": {.. "message": "...... ".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "18027627 46589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast . $START_LINK$...... Google Hom e$END_LINK$? $START_SPAN$*$END_SPAN$",.. "p

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\bn\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 19695 Entropy (8bit): 5.315564774032776 Encrypted: false SSDEEP: 384:PrUCrcTIOeswIW/Vre/sZn8TFfzheV6uml:lPswIWtoK8xfG6uml MD5: F9DDF525C07251282A3BFFCEE9A09ABB SHA1: A343A078E804AF400A8F3E1891E3390DA754A5CD

Copyright Joe Security LLC 2021 Page 31 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\bn\messages.json SHA-256: C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227 SHA-512: EBD339C37162984672513019D470B92DF8B743DD69D4430361EF12D42FD1C208DBDE818A7BFE20BE8A7D63CD6E02B3F4344DEA1C4AEDB8719D789981A49DA44 C Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "128 276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "...... ".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "18027627 46589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "$START_LINK$ Google

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\ca\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15518 Entropy (8bit): 5.242542310885 Encrypted: false SSDEEP: 384:drGUBKxMF2ayv8FrIccUVFmwf+7d9VKS3V6uml:dCUBKxMFBy0FE3UzmQ+zkSl6uml MD5: A90CF7930E7C3BEC61EE252DEFAD574A SHA1: F630CA01114A7BDD39607CB84B8280CCE218A5C6 SHA-256: A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474 SHA-512: 598F991B344FA6724617D6CE57BB0D6D64EF86B4F5317BF6AD5EDF43E6B0A385094E7885F7A8FA2B107405B31C3D9F76E92315BC1D9BB52ACD4ECAD342917DE 1 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Es congela".. },.. "1213957982723875920": {.. "message": "Quina de les opcions.seg.ents descriu millor la vostra xarxa?".. },.. "128276876460319075": {.. "message": "Detecci. de dispositius".. },.. "1428448869078126731": {.. "message": "Flu.desa del v.deo".. },.. "1522 140683318860351": {.. "message": "S'ha produ.t un error en la connexi.. Torneu-ho a provar.".. },.. "1550904064710828958": {.. "message": "Correcta".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Pots veure el Chromecast a l'$START_LINK$aplicaci. Google.Home$END_LINK$?$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\cs\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15552 Entropy (8bit): 5.406413558584244 Encrypted: false SSDEEP: 192:eVdprJrG5efiTk93ebrxZR1fdc8VDCwT9fTV6c8TEKdl:2rMqiQerxQ88W7V6uml MD5: 17E753EE877FDED25886D5F7925CA652 SHA1: 8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678 SHA-256: C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382 SHA-512: 33D61F6327FC81D7A45AA2CC97922DC527F5F43E54AA1A1638DA6EE407024A2F10CFD82CC5C3C581C2E7B216276987CB26C3FA95198572E139ACF29CC5B7ADC B Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Video zamrz.".. },.. "1213957982723875920": {.. "message": "Kter. popis nejl.pe vystihuje va.i s..?".. },.. "128276876460319075": {.. "message": "Zji..ov.n. za..zen.".. },.. "1428448869078126731": {.. "message": "Plynulost videa".. },.. "1522140683318860351": {.. "message": "P.ipojen. se nezda.ilo. Zkuste to pros.m znovu.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "m essage": "Perfektn.".. },.. "1802762746589457177": {.. "message": "Hlasitost".. },.. "1850397500312020388": {.. "message": "Vid.te sv.j Chromecast v.$ST ART_LINK$aplikaci Google Home $END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. " END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\da\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15340 Entropy (8bit): 5.2479291792849105 Encrypted: false SSDEEP: 192:+Upr8XnI1MY2kPuir8j7Rd3kbTWc4QtV6c8TEKdl:FrJ1H9br8h6eZCV6uml MD5: F08A313C78454109B629B37521959B33 SHA1: 3D585D52EC8B4399F66D4BE88CED10F4A034FCCC SHA-256: 23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564 SHA-512: 9F2868AEBBF7F6167A7EA120FE65E752F9A65D1DC51072AA2413B2FDE374DA2D169D455A4788E341717F694179E6F1FA80413C080D9CD8CB397C3E84668CBFEC Malicious: false Copyright Joe Security LLC 2021 Page 32 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\da\messages.json Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket af f.lgende udsagn beskriver bedst dit netv.rk?".. },.. "128276876460319075": {.. "message": "Enhedsregistrering".. },.. "1428448869078126731": {.. "message": "Videostabilitet".. },.. "152214068331 8860351": {.. "message": "Forbindelsen blev afbrudt. Pr.v igen.".. },.. "1550904064710828958": {.. "message": "Problemfri".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lydstyrke".. },.. "1850397500312020388": {.. "message": "Kan du se din Chromecast i $ START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "STAR

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\de\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15555 Entropy (8bit): 5.258022363187752 Encrypted: false SSDEEP: 192:AJprM71A4qyJSwlk5KR5rtXsmvL0xhVw921YV6c8TEKdl:2re3jJS5A5rt8msA2KV6uml MD5: 980FB419ED6ED94AD75686AFFB4E4C2E SHA1: 871BFBCA6BCBA9197811883A93C50C0716562D57 SHA-256: 585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1 SHA-512: 1681FA9C3BA882250A5005FB807D759EB8A634F1AA011725B1C865C0028BE7AB7BC16DC821A7F5BBFBA84C91E7D663ADE715284798E7E84E8FFF2D254488882D Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "H.ngenbleiben".. },.. "1213957982723875920": {.. "message": "Welche dieser Aussagen beschreibt dein Netzwerk am besten?".. },.. "128276876460319075": {.. "message": "Ger.teerkennung".. },.. "1428448869078126731": {.. "message": "Videowiedergabequalit.t".. },.. "1522140683318860351": {.. "message": "Fehler beim Herstellen der Verbindung. Bitte versuche es noch einmal.".. },.. "1550904064710828958": {.. "message": "St.rungsfrei".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lautst.rke".. },.. "18503975003 12020388": {.. "message": "Siehst du deinen Chromecast in der $START_LINK$Google Home App$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholde rs": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\el\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17941 Entropy (8bit): 5.465343004010711 Encrypted: false SSDEEP: 384:S0rDuhLh41cZrP3TzDBknbpgo6djIV6uml:S0fuBh46ZD3TzDinbpgoUK6uml MD5: 40EB778339005A24FF9DA775D56E02B7 SHA1: B00561CC7020F7FE717B5F692884253C689A7C61 SHA-256: F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1 SHA-512: 8BED281A33EC1E4E88A9F9D62BB13FE0266C0FAF8856D1DC2A843D26DD3CE5E7D1400FD3325ABD783B0364EC4FB1188AD941D56AEB9073BC365BE0D12DE6C 013 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ;".. },.. "1282768 76460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast .... $START_LINK$...... Google Home$END_LINK$; $START_SPAN $*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\en\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 14897 Entropy (8bit): 5.197356586852831 Encrypted: false SSDEEP: 96:2MKUOp5N7GTNMRuv6M0bIt3FXGkW6/5NkkQ9NJKJhnH3t9F410sUA+ISN6cGDSyR:VKzprogudTGkWqrKcJhdIR+V6c8TEKdl MD5: 8351AF4EA9BDD9C09019BC85D25B0016 SHA1: F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF SHA-256: F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212 SHA-512: 75672B57F21F38F97341AD76A199AD764E9FBAB2384D701BF6EB06CEFDE6C4F20F047F9051A4E30D99621E5C1FBBDB9E38E8D2B47470806704B38DA130A146CF Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 33 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\en\messages.json Preview: {.. "1018984561488520517": {.. "message": "Freezes".. },.. "1213957982723875920": {.. "message": "Which of the following best describes your network?".. },.. "128276876460319075": {.. "message": "Device Discovery".. },.. "1428448869078126731": {.. "message": "Video Smoothness".. },.. "1522140683318860 351": {.. "message": "Connection failed. Please try again.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Are you able to see your Chrom ecast in the $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\es\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15560 Entropy (8bit): 5.236752363299121 Encrypted: false SSDEEP: 192:NAgprfy1pTCukFr+1DIyDRoanvV6c8TEKdl:KMrq6FrmvV6uml MD5: 8A70C18BB1090AA4D500DE9E8E4A00EF SHA1: 8AFC097FA956C1317DB0835348B2DA19F0789669 SHA-256: FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4 SHA-512: 140BAF40A4ABE9B8AF0855B0EBB7DFDF17869EDFC4EE1037C5EA7FDD8EDEBD4850E055B6A4D7B8782657618BCE1517813779BA01BA993CC838BB43E0BE71E EEE Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Congelaci.n de im.genes".. },.. "1213957982723875920": {.. "message": ".Cu.l de las siguientes respuestas descr ibe mejor tu red?".. },.. "128276876460319075": {.. "message": "Detecci.n de dispositivo".. },.. "1428448869078126731": {.. "message": "Fluidez del v.deo".. },.. "1522140683318860351": {.. "message": "Error en la conexi.n. Vuelve a intentarlo.".. },.. "1550904064710828958": {.. "message": "V.deo fluido".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volumen".. },.. "1850397500312020388": {.. "message": ".Puedes ver tu Chromecast en la $START_LINK$aplicaci.n Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\et\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15139 Entropy (8bit): 5.228213017029721 Encrypted: false SSDEEP: 96:Z48bxhWYp5Ny5M63niwAKD4rrJSJ2RkPXh9P5NFP2+NBMU01jewUEVez3QOiSevy:ikxprot3lYkf/rHBc0KsUV6c8TEKdl MD5: A62F12BCBA6D2C579212CA2FF90F8266 SHA1: F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E SHA-256: 3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D SHA-512: E300201245C00ADEC8F39D586875F8FA4607AB203572BF3CE353C1CA7CDCA05B8786810CA0CEE27E4EA54A5EFD53690F1EA7AA4148CFF472A66BB1120272356 6 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Hangub".. },.. "1213957982723875920": {.. "message": "Milline j.rgmistest v.idetest kirjeldab k.ige paremini teie v.rku?".. },.. "128276876460319075": {.. "message": "Seadme tuvastamine".. },.. "1428448869078126731": {.. "message": "Video sujuvus".. },.. "152 2140683318860351": {.. "message": ".hendamine eba.nnestus. Proovige uuesti.".. },.. "1550904064710828958": {.. "message": ".htlane".. },.. "163668674768 7494376": {.. "message": "T.iuslik".. },.. "1802762746589457177": {.. "message": "Helitugevus".. },.. "1850397500312020388": {.. "message": "Kas n.ete oma Chromecasti $START_LINK$rakenduses Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "conte nt": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fa\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17004 Entropy (8bit): 5.485874780010479 Encrypted: false SSDEEP: 192:rngaIprIX/t9wkjTJrs3hqaXxRQdiIMDnD+LhfHdoltV6c8TEKdl:4rin5rU1X7Qd0M9CtV6uml MD5: 852BD3CFF960F1BC3A2AAB3CB3874EF9 SHA1: C9F6F3C776542889FE3B67971D65ACFE048A3A0A SHA-256: D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6 SHA-512: 2A7AE4D70E33E53EE31831CE2E61DD8DF103C4170EC483BDA14B8788E5DD536EEE84DBA340CACBDF16889C7E6465B48D82C4714E746E8A7B372D12CBDF371C 95 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 34 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fa\messages.json Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ".. },.. "128 276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast ...... $START_LINK$ ...... Google Home$END_LINK$ ...... $START_SPA N$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fi\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15268 Entropy (8bit): 5.268402902466895 Encrypted: false SSDEEP: 192:efMprYXiYUNpj5Coik1tXxrUhvUzSPWV6c8TEKdl:eIrjbjosdrU5WV6uml MD5: 3902581B6170D0CEA9B1ECF6CC82D669 SHA1: C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B SHA-256: D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1 SHA-512: 612FDD8A3C5051F0A4F1E11E50B5D124B337C77D62D987D35C2AF9E08AFC6AFCEBAEE8D40FDFBCD1E1889F39758B96FAECBF6C6D1CF146C741A52619520502 21 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Pys.htyy".. },.. "1213957982723875920": {.. "message": "Mik. seuraavista kuvaa parhaiten verkkoasi?".. },.. "128276876460319075": {.. "message": "Laitteiden tunnistaminen".. },.. "1428448869078126731": {.. "message": "Videon tasaisuus".. },.. "152214068331886 0351": {.. "message": "Yhteys ep.onnistui. Yrit. uudelleen.".. },.. "1550904064710828958": {.. "message": "Tasainen".. },.. "1636686747687494376": {.. "message": "T.ydellinen".. },.. "1802762746589457177": {.. "message": "..nenvoimakkuus".. },.. "1850397500312020388": {.. "message": "N.etk. Chromecastisi $START_LINK$Google Home .sovelluksessa$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fil\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15570 Entropy (8bit): 5.1924418176212646 Encrypted: false SSDEEP: 192:+esprzAsQp68wIJYkMyr2k0jR1/7Rr1uV6c8TEKdl:Gr78JDMyrR0tJuV6uml MD5: 59483AD798347B291363327D446FA107 SHA1: C069F29BB68FA7BA2631B0BF5BBF313346AC6736 SHA-256: DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12 SHA-512: 091595CA135E965ED3DE376873541117F0E7A8EBDEB4714833EFDD6C820234373891BE5DEC437BA85CCB79CCCA053D407E6ADA17EBDAE7D313324A48775C001 0 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Hindi gumagalaw".. },.. "1213957982723875920": {.. "message": "Alin sa sumusunod ang pinakamahusay na naglalarawan sa iyong network?".. },.. "128276876460319075": {.. "message": "Pagtuklas ng Device".. },.. "1428448869078126731": {.. "message": "Pagka-s mooth ng Video".. },.. "1522140683318860351": {.. "message": "Hindi nakakonekta. Pakisubukang muli.".. },.. "1550904064710828958": {.. "message": "Smoot h".. },.. "1636686747687494376": {.. "message": "Perpekto".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Nakikita mo ba ang iyong Chromecast sa $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fr\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15826 Entropy (8bit): 5.277877116547859 Encrypted: false SSDEEP: 192:nLZprAZg3EkV3sjrICe8L/1Va7lt1rlxLAkoYHHavV6c8TEKdl:vrW+2jrI7TdLAk3MV6uml MD5: 9B416146FE4F1403C2AACAC4DCF1A5C3 SHA1: 616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD SHA-256: 7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC SHA-512: 6E8E70380A8C6E2C0587ADFF6AE36963EC76694904841CE1DFE4EEE215B917AD3E8AF727555627FBDF6B8BA6A4A0674D2B90AC4E9331B6628A32F4C4348FB51 B Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 35 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\fr\messages.json Preview: {.. "1018984561488520517": {.. "message": "Se fige".. },.. "1213957982723875920": {.. "message": "Parmi les propositions suivantes, laquelle d.crit le mieux votre r.seau.?".. },.. "128276876460319075": {.. "message": "D.tection d'appareils".. },.. "1428448869078126731": {.. "message": "Fluidit. de la vid.o".. },.. "1522140683318860351": {.. "message": ".chec de la connexion. Veuillez r.essayer.".. },.. "1550904064710828958": {.. "message": "Fluide".. },.. "163 6686747687494376": {.. "message": "Parfaite".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Votre Chromecast est-il visible dans l'$START_LINK$application Google.Home$END_LINK$.? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\gu\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 19255 Entropy (8bit): 5.32628732852814 Encrypted: false SSDEEP: 384:Hq2Mr+qPlJKYMdzKgXr3dGsGF+yAK37Wf7Cy/V6uml:KxzTVgX7ykj6uml MD5: 68B03519786F71A426BAC24DECA2DD52 SHA1: B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D SHA-256: C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4 SHA-512: 5FFE06A10774877AF25E05BA07F3032CC52F874896D67E320F4EF9D524A22E40B462CC6206700E9557EB354FA2730172DC6912EBCA49C671FB0EF155B17F9EFF Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "128276876 460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... $START_LINK$ Google Home ..$END_LINK$... Chromecast..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\hi\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 19381 Entropy (8bit): 5.328912995891658 Encrypted: false SSDEEP: 384:zrGrSmhKy7KyY+bNEDqlQdrMEPxtShJV6uml:zBqG6QdwEPrW6uml MD5: 20C86E04B1833EA7F21C07361061420A SHA1: 617C0D70E162CF380005E9780B61F650B7A39F9B SHA-256: C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553 SHA-512: 9FB91AA8E0226519E298B1136E8A1A3C1879DB7F0E6052AF1BFD55921CD698346278D04602510680A9695A76DD5C96D9665380580044C50D81392BB2CB3E8E95 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "128276 876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "...... ".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "...... $START_LINK$ Google Home ...... $END_LINK$ ...... Ch

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\hr\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15507 Entropy (8bit): 5.290847699527565 Encrypted: false SSDEEP: 192:Pdapr6h85tRwVQgkvJryLkla5Kfndg/V6c8TEKdl:Arwot2Q7BryVce/V6uml MD5: 3ED90E66789927D80B42346BB431431E SHA1: 2B061E3271DF4255B1FFC47BDB207CDEC0D9724F SHA-256: 0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74 SHA-512: 92BE43F1FFC8EFBF5BBC50573AC4C65F6104416A5B6CD04404C3A9854CA3DCF2A43A4044C168590CDF83887D234495843572331ADCD5B020D2E48A3956F3C164 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Zamrzavanje".. },.. "1213957982723875920": {.. "message": "Koje od sljede.eg najbolje opisuje va.u mre.u?".. },.. "128276876460319075": {.. "message": "Otkrivanje ure.aja".. },.. "1428448869078126731": {.. "message": "Ujedna.enost videoreprodukcije".. },.. "1 522140683318860351": {.. "message": "Povezivanje nije uspjelo. Poku.ajte ponovo.".. },.. "1550904064710828958": {.. "message": "Glatko".. },.. "16366867 47687494376": {.. "message": "Savr.ena".. },.. "1802762746589457177": {.. "message": "Glasno.a".. },.. "1850397500312020388": {.. "message": "Vidite li svoj Chromecast u $START_LINK$aplikaciji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "co ntent": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

Copyright Joe Security LLC 2021 Page 36 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\hu\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15682 Entropy (8bit): 5.354505633120392 Encrypted: false SSDEEP: 192:CCEAproS9fZv+JwkDMrC2NSxoSgbV6c8TEKdl:5r5VZv+RDMrazoV6uml MD5: 8E9FF7E49473C5734A2F6F0812E12EB3 SHA1: A4F10DDD1580582533D5EB59EDF6D8048F887C81 SHA-256: 6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A SHA-512: E9A4AF31B1A276F395599BB620A3164CABF3459F3C102DD3F57DFEA734510BD985DE65CB409E1975559ACCC615075439A08E1DEBE22C90A0ABCAA3CAFEE79A C7 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Lefagy".. },.. "1213957982723875920": {.. "message": "Az al.bbiak k.z.l melyik jellemzi legjobban h.l.zat.t?".. },.. "128276876460319075": {.. "message": "Eszk.zfelfedez.s".. },.. "1428448869078126731": {.. "message": "Vide. folyamatoss.ga".. },.. "1522140683318860351" : {.. "message": "Sikertelen kapcsol.d.s. K.rj.k, pr.b.lja .jra.".. },.. "1550904064710828958": {.. "message": "Folyamatos".. },.. "1636686747687494376": {.. "message": "T.k.letes".. },.. "1802762746589457177": {.. "message": "Hanger.".. },.. "1850397500312020388": {.. "message": "L.tja a Chromecastot a $STA RT_LINK$Google Home alkalmaz.sban$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content":

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\id\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15070 Entropy (8bit): 5.190057470347349 Encrypted: false SSDEEP: 192:GsprMtChjkWfrEWL0KRCnEOWV6c8TEKdl:9rtAEr3LTRuWV6uml MD5: 7ADF9F2048944821F93879336EB61A78 SHA1: C3DA74FB544684D5B250767BB0CB66FFB7C58963 SHA-256: 3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE SHA-512: 1F28BB80E1839C5581106BEA3AE2501C7618249D7E3115819F5A9A87771D59F5DE346C1B9C87F7FFC390604D5B9888CE738E25F2F04A094002A0FB3B22CBEC95 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Membeku".. },.. "1213957982723875920": {.. "message": "Dari berikut ini, manakah yang paling mendeskripsikan jaringan Anda?".. },.. "128276876460319075": {.. "message": "Penemuan Perangkat".. },.. "1428448869078126731": {.. "message": "Kelancaran Video".. },.. "1522140683318860351": {.. "message": "Sambungan gagal. Coba lagi.".. },.. "1550904064710828958": {.. "message": "Lancar".. },.. "1636686747687494376" : {.. "message": "Sempurna".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Bisakah Anda melihat Chromecast di $START_LINK$aplikasi Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": " $1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\it\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15256 Entropy (8bit): 5.210663765771143 Encrypted: false SSDEEP: 192:lYprk52dAaykVza8rE0QWBKD9+vq0hKEV6c8TEKdl:qrlA8r6DalV6uml MD5: BB3041A2B485B900F623E57459AE698A SHA1: 502F5EA89F9FB0287E864B240EA39889D72053A4 SHA-256: 025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E SHA-512: BA51784073BEF82F3A116B33DA406FDB10EC823B9EE74375C46036DAD8BDCB4141F60845DE141ABE42CEEF9251572F6AB287CA5FC7669C60E4F68071D5AB8C2 D Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Si blocca".. },.. "1213957982723875920": {.. "message": "Quale delle seguenti definizioni descrive meglio la tua rete?".. },.. "128276876460319075": {.. "message": "Rilevamento dispositivi".. },.. "1428448869078126731": {.. "message": "Uniformit. video".. },.. "1522140 683318860351": {.. "message": "Connessione non riuscita. Riprova.".. },.. "1550904064710828958": {.. "message": "Fluido".. },.. "1636686747687494376": {.. "message": "Perfetta".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Riesci a vedere il tuo dispositivo Chromecast nell'$START_LINK$app Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\ja\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators

Copyright Joe Security LLC 2021 Page 37 of 42 C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\ja\messages.json Category: dropped Size (bytes): 16519 Entropy (8bit): 5.675556017051063 Encrypted: false SSDEEP: 192:nkprPhQdxkRWrZe1wYpMR5wnAV6c8TEKdl:YrLRWri65wAV6uml MD5: 6F2CC1A6B258DF45F519BA24149FABDC SHA1: 8A58C7880C6D22765DCBB6BCE22A192C1B109AE1 SHA-256: 42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342 SHA-512: F7454F0E14301C59CC54361ACC0A1C6D072EF9BDF5DEA60646FB90B1CE47612785938C784A4CF1DE3E62648A14420374933B5F5DA43907BC00D3799FF163A3D0 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...".. },.. "1213957982723875920": {.. "message": "...... ".. },.. "128276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "15509040 64710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "..".. },.. "18503975 00312020388": {.. "message": "$START_LINK$Google Home ...$END_LINK$. Chromecast ...... $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_ LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".

C:\Users\user\AppData\Local\Temp\scoped_dir2408_1395836804\CRX_INSTALL\_locales\kn\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 20406 Entropy (8bit): 5.312117131662377 Encrypted: false SSDEEP: 384:a6C5rBSzvrZreGnla9ZBHRUDYr9yRwEcAa4rSeD5BSz0hJz8qbbM3gbr//Hkr44c:a6C5rBSzvFreGnla9ZBHRUDYr9yRwEcC MD5: 2E3239FC277287810BC88D93A6691B09 SHA1: FC5D585DA00ADC90BF79109C7377BD55E6653569 SHA-256: 5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA SHA-512: DF8BC9E577D3ECB0E6C303E1D2C9E9A4A8317CAE810A9DFC88D91B373A4B665722C5A9AB5A589BB947FDA4C7CD9A6DF39DDD13EA47FE9EFF7E0AC43E49FF 3479 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "1 28276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "180276274658 9457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": ".... $

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jul 24, 2021 00:55:34.215748072 CEST 192.168.2.3 8.8.8.8 0x17a8 Standard query clientconf A (IP address) IN (0x0001) (0) ig.passport.net Jul 24, 2021 00:55:45.345590115 CEST 192.168.2.3 8.8.8.8 0x1a8c Standard query odlinks.go A (IP address) IN (0x0001) (0) vdelivery.com

Copyright Joe Security LLC 2021 Page 38 of 42 Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jul 24, 2021 00:55:45.358475924 CEST 192.168.2.3 8.8.8.8 0xef32 Standard query accounts.g A (IP address) IN (0x0001) (0) oogle.com Jul 24, 2021 00:55:45.374715090 CEST 192.168.2.3 8.8.8.8 0x7865 Standard query clients2.g A (IP address) IN (0x0001) (0) oogle.com Jul 24, 2021 00:55:46.748982906 CEST 192.168.2.3 8.8.8.8 0x5e3b Standard query f-or.online A (IP address) IN (0x0001) (0) Jul 24, 2021 00:55:47.193897009 CEST 192.168.2.3 8.8.8.8 0x3a52 Standard query www.google.com A (IP address) IN (0x0001) (0) Jul 24, 2021 00:55:47.194838047 CEST 192.168.2.3 8.8.8.8 0x1559 Standard query stackpath. A (IP address) IN (0x0001) (0) bootstrapc dn.com Jul 24, 2021 00:55:48.941385031 CEST 192.168.2.3 8.8.8.8 0x7d47 Standard query clients2.g A (IP address) IN (0x0001) (0) oogleuserc ontent.com

DNS Answers

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jul 24, 2021 8.8.8.8 192.168.2.3 0x17a8 No error (0) clientconf authgfx.msa.akadns6.net CNAME IN (0x0001) 00:55:34.252849102 ig.passport.net (Canonical CEST name) Jul 24, 2021 8.8.8.8 192.168.2.3 0x1a8c No error (0) odlinks.go odlinks- CNAME IN (0x0001) 00:55:45.391748905 vdelivery.com dc3.govdelivery.com (Canonical CEST name) Jul 24, 2021 8.8.8.8 192.168.2.3 0x1a8c No error (0) odlinks-dc 66.117.61.23 A (IP address) IN (0x0001) 00:55:45.391748905 3.govdeliv CEST ery.com Jul 24, 2021 8.8.8.8 192.168.2.3 0xef32 No error (0) accounts.g 172.217.168.45 A (IP address) IN (0x0001) 00:55:45.399354935 oogle.com CEST Jul 24, 2021 8.8.8.8 192.168.2.3 0x7865 No error (0) clients2.g clients.l.google.com CNAME IN (0x0001) 00:55:45.417711973 oogle.com (Canonical CEST name) Jul 24, 2021 8.8.8.8 192.168.2.3 0x7865 No error (0) clients.l. 142.250.203.110 A (IP address) IN (0x0001) 00:55:45.417711973 google.com CEST Jul 24, 2021 8.8.8.8 192.168.2.3 0x5e3b No error (0) f-or.online 107.172.168.195 A (IP address) IN (0x0001) 00:55:46.799170971 CEST Jul 24, 2021 8.8.8.8 192.168.2.3 0x3a52 No error (0) www.google 172.217.168.68 A (IP address) IN (0x0001) 00:55:47.221826077 .com CEST Jul 24, 2021 8.8.8.8 192.168.2.3 0x1559 No error (0) stackpath. 104.18.10.207 A (IP address) IN (0x0001) 00:55:47.231499910 bootstrapc CEST dn.com Jul 24, 2021 8.8.8.8 192.168.2.3 0x1559 No error (0) stackpath. 104.18.11.207 A (IP address) IN (0x0001) 00:55:47.231499910 bootstrapc CEST dn.com Jul 24, 2021 8.8.8.8 192.168.2.3 0x2683 No error (0) gstaticads 172.217.168.3 A (IP address) IN (0x0001) 00:55:48.391294956 sl.l.google.com CEST Jul 24, 2021 8.8.8.8 192.168.2.3 0x7d47 No error (0) clients2.g googlehosted.l.googleuse CNAME IN (0x0001) 00:55:48.985551119 oogleuserc rcontent.com (Canonical CEST ontent.com name) Jul 24, 2021 8.8.8.8 192.168.2.3 0x7d47 No error (0) googlehost 142.250.203.97 A (IP address) IN (0x0001) 00:55:48.985551119 ed.l.googl CEST euserconte nt.com

HTTP Request Dependency Graph

f-or.online

HTTP Packets

Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.3 49717 107.172.168.195 80 C:\Program Files\Google\Chrome\Application\chrome.exe

kBytes Timestamp transferred Direction Data

Copyright Joe Security LLC 2021 Page 39 of 42 kBytes Timestamp transferred Direction Data Jul 24, 2021 1361 OUT GET /?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20= HTTP/1.1 00:55:46.918109894 CEST Host: f-or.online Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/sig ned-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Jul 24, 2021 1531 IN HTTP/1.1 302 Found 00:55:47.032100916 CEST Server: nginx Date: Fri, 23 Jul 2021 22:55:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=60 X-Powered-By: PHP/5.4.16 Set-Cookie: PHPSESSID=lm97ta7jpppfdij7dbde9pmtr0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache location: main/ Jul 24, 2021 1532 OUT GET /main/ HTTP/1.1 00:55:47.035978079 CEST Host: f-or.online Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/sig ned-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=lm97ta7jpppfdij7dbde9pmtr0 Jul 24, 2021 1541 IN HTTP/1.1 200 OK 00:55:47.158346891 CEST Server: nginx Date: Fri, 23 Jul 2021 22:55:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=60 Vary: Accept-Encoding X-Powered-By: PHP/5.4.16 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Encoding: gzip Data Raw: 62 65 34 0d 0a 1f 8b 08 00 00 00 00 00 02 03 6d 97 59 b3 a3 58 72 c7 df eb 53 c8 77 c2 11 dd e1 b8 57 62 87 99 aa 0a b3 08 84 04 42 ec cb 1b fb be 1f 56 87 bf bb b9 55 35 dd 3d b6 79 10 87 3c f9 cf 93 64 22 38 bf 2f 5f ff 8d 53 58 c3 7d 5d 4f 19 a8 ab d3 cb 64 24 91 3d bd bd 9f cf 36 c2 9e cf 9c c1 9d 9c 9b 21 4b 27 e8 e3 72 32 06 bf 19 73 90 b7 8d 5f 9d cf d7 e7 db e9 2d 03 a0 fb fb f9 bc 2c cb c7 82 7c b4 43 7a 36 b4 f3 fa 19 0b fa 14 ff 1a be 83 bf 28 3f 22 10 bd 7d ff f2 f5 c7 82 6b 5d 35 e3 b7 ff 27 0c 44 51 d4 4f f5 0f df d8 8f 8e 53 1d 03 ff f4 e9 fb 1e f7 53 3e 7f 7b 63 db 06 c4 0d 78 37 b6 2e 7e 3b 85 3f af be bd 81 78 05 e7 4f ed 3f 4e 61 e6 0f 63 0c be 4d 20 79 27 df 4e e7 23 0a c8 41 15 7f d7 e2 28 1f e2 10 e4 4d fa f1 f1 f1 f5 fc d3 fa e5 eb 18 0e 79 07 4e e3 10 fe 4c 6b fc 95 57 da b6 69 15 7f 84 6d 7d 3e 64 7e 07 8e c8 67 bf cb 3f 8a f1 ed e4 8f 5b 13 9e a2 38 89 87 ef 5f cf 3f 43 1c b1 aa bc 29 4f d9 10 27 7f 86 1a 81 1f 96 9d 0f b2 8f a0 6d c1 78 14 a6 0b a3 e6 47 d8 3f 0c 67 f4 03 f9 80 ce e1 38 fe 69 fb a8 f3 c3 6b 3c d6 1a e2 ea db db 08 b6 2a 1e b3 38 06 6f a7 fc b8 eb 74 c8 c1 76 98 33 1f 21 d1 f7 34 55 36 ed 92 3b 6c 20 ab 33 e2 e4 5d ed 23 a8 cc fd 47 74 3b 43 89 4a 90 e8 b9 c0 43 f7 9c df 0d d5 54 b2 d0 1e 88 95 ba cf ad b6 1a b0 ec 2d 90 71 94 72 68 c7 b1 1d f2 34 6f be bd f9 4d db 6c 75 3b 8d 6f 7f d4 e7 fb e9 cb 5f ee f3 fc ab 3f 41 1b 6d df bf 9c 4e 5f a3 7c 3e 85 95 3f 1e ad fd 6c 8a 9f 37 f1 70 ca de a1 cb e5 14 bd 27 55 bc 9e 8a 69 04 79 b2 bd ff ea d9 7b 78 fc c4 c3 db a7 fa 5f f5 f5 f6 ee 4f a0 fd 35 f3 63 36 69 87 fa e4 87 9f 8f d3 31 7f 0 4 ff e8 b2 ee 6f fe 82 33 e4 40 76 a9 6b 27 b6 3b 42 bd c7 81 96 76 37 75 81 3c e2 ba e5 3e 6f e4 38 24 d6 17 9e 71 38 c4 45 10 76 19 c3 19 82 21 18 a6 04 7a d0 92 ca af 1a 5d 6c d6 b2 0c da 22 1e 2d c9 24 32 8b ca dd 70 e4 65 73 81 13 a1 e5 76 fc 42 f4 55 fe ba ae d9 5e 84 02 4d a8 06 06 57 8f 57 92 e9 b3 9b 52 6b 4d f1 cf d9 65 fd d9 7c 28 f8 d0 c6 59 56 94 1c ea 1b 35 dc 95 f9 a6 f3 e2 3a 46 33 d6 42 17 f2 85 ef 71 a9 2d d7 d0 bf d7 08 d6 8d dd 0d ca ea fb eb e5 54 56 55 5b 53 00 21 7d 6d 39 10 41 3c a6 e0 65 70 09 c3 2f 6e 5b 3f ab db fd 86 5c 83 44 48 04 24 e0 d0 5c 52 9e 36 77 a3 f5 3c e9 32 4e c6 3c a0 dc d6 51 97 29 12 84 05 9e b2 3a da 2b 22 d1 31 fd f5 72 cb e5 67 9e 32 de 13 d5 e9 e8 82 f4 a5 7f b3 61 b9 d6 26 90 62 a6 85 b3 91 d1 2d d4 65 76 d0 66 cd 5b fa 2e 4a fd f5 19 42 fc 6d b6 9f 9d 66 40 98 dc 33 f6 80 1b f3 d4 2b 3a b4 d1 b2 9b d0 41 9a 1a 52 28 04 c8 1e 52 35 f7 c8 51 2d a0 2b b6 8b 38 47 e9 6d 14 22 cb 0c c2 c1 2d 5f b3 59 e0 c8 de 8a 32 e2 c9 3d 42 ad f1 79 85 b8 bf 12 14 4f 03 da 05 44 e2 2a 3a 91 28 e5 62 13 be 50 42 c8 24 e8 4c 7f d3 66 85 10 5a 8c 9a 2b b2 8c 92 1d a2 71 e7 96 72 70 76 5b 5c 9a ec 32 cf c4 09 7a 8a 1e 97 cd 28 65 d2 78 8a 9e d4 a7 dd b8 12 de 72 23 2d ef a8 6f Data Ascii: be4mYXrSwWbBVU5=y{cx7.~;?xO?NacM y'N#A(MyNLkWi m}>d~g?[8_?C)O'mxG?g8ik<*8otv3!4U6;l 3]#Gt;CJCT-qrh4oMlu;o_?AmN_|>?l7p'Uiy{x_O5c6i1o3@vk';Bv7u<>o8$q 8Ev!z]l"-$2pesvBU^MWWRkMe|(YV5:F3Bq-TVU[S!}m9A

Copyright Joe Security LLC 2021 Page 40 of 42 kBytes Timestamp transferred Direction Data Jul 24, 2021 2122 IN HTTP/1.1 200 OK 00:55:48.948678017 CEST Server: nginx Date: Fri, 23 Jul 2021 22:55:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 135 Connection: keep-alive Keep-Alive: timeout=60 Last-Modified: Fri, 23 Jul 2021 19:32:34 GMT ETag: "87-5c7cf7728d990" Accept-Ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 3f 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 70 6c 69 74 28 22 3f 22 29 5b 31 5d 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii:

HTTPS Packets

Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jul 24, 2021 66.117.61.23 443 192.168.2.3 49709 CN=*.govdelivery.com, CN=DigiCert TLS RSA Thu Apr Fri Apr 771,4865-4866- b32309a26951912be7dba 00:55:45.696445942 O="Granicus, LLC", SHA256 2020 CA1, 29 29 4867-49195- 376398abc3b CEST L=Denver, ST=Colorado, O=DigiCert Inc, C=US 02:00:00 01:59:59 49199-49196- C=US CN=DigiCert TLS CN=DigiCert Global CEST CEST 49200-52393- RSA SHA256 2020 CA1, Root CA, 2021 2022 52392-49171- O=DigiCert Inc, C=US OU=www.digicert.com, Thu Sep Tue Sep 49172-156-157- CN=DigiCert Global Root O=DigiCert Inc, C=US 24 24 47-53,0-23-65281- CA, OU=www.digicert.com, CN=DigiCert Global 02:00:00 01:59:59 10-11-35-16-5-13- O=DigiCert Inc, C=US Root CA, CEST CEST 18-51-45-43-27- OU=www.digicert.com, 2020 Fri 2030 21,29-23-24,0 O=DigiCert Inc, C=US Nov 10 Mon 01:00:00 Nov 10 CET 01:00:00 2006 CET 2031 CN=DigiCert TLS RSA CN=DigiCert Global Thu Sep Tue Sep SHA256 2020 CA1, Root CA, 24 24 O=DigiCert Inc, C=US OU=www.digicert.com, 02:00:00 01:59:59 O=DigiCert Inc, C=US CEST CEST 2020 2030 CN=DigiCert Global Root CN=DigiCert Global Fri Nov Mon CA, OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 2408 Parent PID: 2160

General

Start time: 00:55:40 Copyright Joe Security LLC 2021 Page 41 of 42 Start date: 24/07/2021 Path: C:\Program Files\Google\Chrome\Application\chrome.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automat ion 'https://odlinks.govdelivery.com/track?type=click&enid=bWFpbGluZ2lkPTM1MTQ1 NjY5MCZtZXNzYWdlaWQ9UFJELU9ETS0zNTE0NTY2OTAmZGF0YWJhc2VpZD0x MDAxJnNlcmlhbD0xJmVtYWlsaWQ9cGNyaWNrQGFscGhhY2FyZC5jb20mdXNl cmlkPTQxMDg1MjQxNiZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&&&100&&&http: //f-or.online/?sp=YnJ1Y2UuYnJlY2hlaXNlbkBzZWFib2FyZG1hcmluZS5jb20=' Imagebase: 0x7ff77b960000 File size: 2150896 bytes MD5 hash: C139654B5C1438A95B321BB01AD63EF6 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities Show Windows behavior

Registry Activities Show Windows behavior

Analysis Process: chrome.exe PID: 3880 Parent PID: 2408

General

Start time: 00:55:42 Start date: 24/07/2021 Path: C:\Program Files\Google\Chrome\Application\chrome.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type= network.mojom.NetworkService --field-trial-handle=1540,16795447826492151838,1552 0115229080165850,131072 --lang=en-US --service-sandbox-type=network --enable-audio- service-sandbox --mojo-platform-channel-handle=1740 /prefetch:8 Imagebase: 0x7ff77b960000 File size: 2150896 bytes MD5 hash: C139654B5C1438A95B321BB01AD63EF6 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities Show Windows behavior

Disassembly