Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://groupjlansen.com/?klkzhkfz

Overview

General Information

Sample URL:https://groupjlansen.com/?klkzhkfz
Analysis ID:1559379

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1920,i,4274234110311577847,15660070812511481882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://groupjlansen.com/?klkzhkfz" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • notepad.exe (PID: 7956 cmdline: "C:\Windows\system32\notepad.exe" MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup
SourceRuleDescriptionAuthorStrings
0.8.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    2.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      3.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        No Sigma rule has matched
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueJoe Sandbox AI: Score: 9 Reasons: The brand 'Outlook' is a well-known email service provided by Microsoft., The legitimate domain for Outlook is 'outlook.com'., The provided URL '9szxhcaw3gh.coachingsquarebe.site' does not match the legitimate domain for Outlook., The URL contains suspicious elements such as a random string '9szxhcaw3gh' and an unusual domain extension 'coachingsquarebe.site'., The URL does not have any recognizable association with Microsoft or Outlook., The presence of input fields related to account access and creation is typical for phishing sites attempting to harvest credentials. DOM: 3.3.pages.csv
        Source: Yara matchFile source: 0.8.id.script.csv, type: HTML
        Source: Yara matchFile source: 2.2.pages.csv, type: HTML
        Source: Yara matchFile source: 3.3.pages.csv, type: HTML
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: Number of links: 1
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuYHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuYHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuYHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: <input type="password" .../> found
        Source: https://groupjlansen.com/?klkzhkfz=c8f889685377917b0791ff812e49d5682583ee2af696934e9edba06fe91f1f97209bae2b0d3cfae925e75d7da4444e79f966459903184a20253bdf030354880bHTTP Parser: No favicon
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==HTTP Parser: No favicon
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No favicon
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No favicon
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No favicon
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No <meta name="author".. found
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No <meta name="author".. found
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
        Source: https://9szxhcaw3gh.coachingsquarebe.site/?41vk0pw7x=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9YzQzNDcxYzEtNDhhNi1kYjIzLTI4ZmMtYjEzMTUwNzc2M2M5JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODY3NzAxMzkxODM5MTAzNi43ZDcwNTI1NC0yOTUzLTRmN2EtODA0Yy1kYWE4MTQ5NjgwMWUmc3RhdGU9RGNzeEVvQXdDQUJCb3VOek1CQklJTTloakxhV2ZsLUt2ZTRLQU94cFM0VXlZRU44bUJITFpFOGs0N1JsMUZ0WGJMTUw2bU9CVG5yaGluRFdPWno0THZrZTlmMmlfZw==&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49751 version: TLS 1.2
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
        Source: global trafficDNS traffic detected: DNS query: groupjlansen.com
        Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: 9szxhcaw3gh.coachingsquarebe.site
        Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
        Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
        Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
        Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49728 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49734 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49747 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49751 version: TLS 1.2
        Source: classification engineClassification label: mal56.phis.win@22/27@20/146
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
        Source: C:\Windows\System32\notepad.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1920,i,4274234110311577847,15660070812511481882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://groupjlansen.com/?klkzhkfz"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1920,i,4274234110311577847,15660070812511481882,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: unknownProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\notepad.exe"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
        Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
        Source: C:\Windows\System32\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Drive-by Compromise
        Windows Management Instrumentation1
        DLL Side-Loading
        1
        Process Injection
        1
        Masquerading
        OS Credential Dumping1
        System Information Discovery
        Remote ServicesData from Local System2
        Encrypted Channel
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder
        1
        DLL Side-Loading
        1
        Process Injection
        LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Registry Run Keys / Startup Folder
        1
        DLL Side-Loading
        Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        https://groupjlansen.com/?klkzhkfz0%Avira URL Cloudsafe
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        NameIPActiveMaliciousAntivirus DetectionReputation
        9szxhcaw3gh.coachingsquarebe.site
        141.98.233.129
        truetrue
          unknown
          ooc-g2.tm-4.office.com
          40.99.150.18
          truefalse
            high
            groupjlansen.com
            141.98.233.129
            truefalse
              unknown
              challenges.cloudflare.com
              104.18.95.41
              truefalse
                high
                s-part-0017.t-0009.t-msedge.net
                13.107.246.45
                truefalse
                  high
                  sni1gl.wpc.omegacdn.net
                  152.199.21.175
                  truefalse
                    high
                    www.google.com
                    142.250.184.228
                    truefalse
                      high
                      r4.res.office365.com
                      unknown
                      unknownfalse
                        high
                        aadcdn.msftauth.net
                        unknown
                        unknownfalse
                          high
                          outlook.office365.com
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            https://groupjlansen.com/?klkzhkfz=c8f889685377917b0791ff812e49d5682583ee2af696934e9edba06fe91f1f97209bae2b0d3cfae925e75d7da4444e79f966459903184a20253bdf030354880bfalse
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.185.67
                              unknownUnited States
                              15169GOOGLEUSfalse
                              1.1.1.1
                              unknownAustralia
                              13335CLOUDFLARENETUSfalse
                              40.99.150.18
                              ooc-g2.tm-4.office.comUnited States
                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              23.38.98.103
                              unknownUnited States
                              16625AKAMAI-ASUSfalse
                              13.107.246.45
                              s-part-0017.t-0009.t-msedge.netUnited States
                              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              142.250.186.174
                              unknownUnited States
                              15169GOOGLEUSfalse
                              104.18.94.41
                              unknownUnited States
                              13335CLOUDFLARENETUSfalse
                              20.190.159.73
                              unknownUnited States
                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              104.18.95.41
                              challenges.cloudflare.comUnited States
                              13335CLOUDFLARENETUSfalse
                              142.251.168.84
                              unknownUnited States
                              15169GOOGLEUSfalse
                              239.255.255.250
                              unknownReserved
                              unknownunknownfalse
                              142.250.185.163
                              unknownUnited States
                              15169GOOGLEUSfalse
                              172.217.18.106
                              unknownUnited States
                              15169GOOGLEUSfalse
                              141.98.233.129
                              9szxhcaw3gh.coachingsquarebe.siteRussian Federation
                              41011CH-NET-ASROtrue
                              142.250.184.228
                              www.google.comUnited States
                              15169GOOGLEUSfalse
                              142.250.184.206
                              unknownUnited States
                              15169GOOGLEUSfalse
                              IP
                              192.168.2.16
                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1559379
                              Start date and time:2024-11-20 13:08:26 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                              Sample URL:https://groupjlansen.com/?klkzhkfz
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:17
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              Analysis Mode:stream
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal56.phis.win@22/27@20/146
                              • Exclude process from analysis (whitelisted): svchost.exe
                              • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.251.168.84, 142.250.186.174, 199.232.214.172, 34.104.35.123
                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                              • Not all processes where analyzed, report is missing behavior information
                              • VT rate limit hit for: https://groupjlansen.com/?klkzhkfz
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 11:08:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2673
                              Entropy (8bit):3.9737205803896116
                              Encrypted:false
                              SSDEEP:
                              MD5:699152A6265F492C43BC62C3CC4EE95D
                              SHA1:7B56B775920607DDFF8AA1B6702515C81E7372DE
                              SHA-256:592E3A2F113DE31D6B3C18B613D86E4BAC62CD39AE2E9D7FD1E88044C61A03C5
                              SHA-512:9EBFECEDBCD04BB8B611486CC902471B4457EDE2F5F4B7BBCECAB3B07238642255A32CEABAD445E4C43FD0013583063790EB14C529C8497EAAFB32C8921F2D5D
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,........D;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 11:08:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2675
                              Entropy (8bit):3.9892883260662275
                              Encrypted:false
                              SSDEEP:
                              MD5:FD23046E600869C17CA7CEB91CDB098D
                              SHA1:BB1FE5F610C63DBF3FC4C5D1AD1B9D935AD53014
                              SHA-256:6BAE5DFCBA6076FABE46C3A76FD75789192DAB58BBFC7703D70B2A641DC4FCEB
                              SHA-512:E7776205337BEAAA0431A46C30CC8FA3005311716258B40025E5B66704CA4FDA769B98DEE724CCF68567BA40E2ED9B9486A2331BE6088C30014E5AF1163B176D
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,........D;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2689
                              Entropy (8bit):4.000463800422421
                              Encrypted:false
                              SSDEEP:
                              MD5:AF6ACEBC531577E7B1A56C75774F5097
                              SHA1:81E59D29BC9E17DE81F1C77227F89DBC8C663C00
                              SHA-256:F567BF94F5E261B3DF5FAE8D05A6F689F14A7F4AF0E0370E14E0591BF4196F2D
                              SHA-512:10ACA1E2923071425C5F82A3486A8AE705C43B1ED17CC96F7380F72A7E0416E70C1093E6BCAF7A1341F33E2B2D5C8F15D915A7B7820A66C7A4EC866CD2DE9AFE
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 11:08:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.989625835522171
                              Encrypted:false
                              SSDEEP:
                              MD5:233DF39DD4DA346910151E142D35229B
                              SHA1:CFAB7E5941172D2602B2D93F760277666B32406E
                              SHA-256:D4BF2E40C565ED34A3F19A0E44D6C7F81C70845684E160F47F77D9A57482AC0A
                              SHA-512:69F6A7C41A6580D92B82A55B463CB98169D923E973B3CFE7DDC65736B809FA85729E552583B1A80AEE0B1D80BD49251EB297A75EE2A8566133F858CCC2245AF0
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,....v...D;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 11:08:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9782932749840647
                              Encrypted:false
                              SSDEEP:
                              MD5:EC8C97716C28C1C2F40A358DA94ECA1E
                              SHA1:21CB47B5DE9F8A3D1BB10F53E449F916451A5C91
                              SHA-256:2B5B9F127182D6555AC9F7744D9BE5DBD67EF669DC831FD914DF035B46C9E894
                              SHA-512:8B87D7E57AE196B9CC09A4C19A35DDE79F828F0900D1BC71D2B9A74E84555C199B1C9619541F34053297596CDA1D6DE59140137A4B5EAE8B7A95761D28C28619
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....<..D;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 11:08:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.9863175963828423
                              Encrypted:false
                              SSDEEP:
                              MD5:70A6A518EA2F0DFBE462E256F17690E5
                              SHA1:5B0B73F45C84CC9A491A9F9B2D68D01AF55F76D8
                              SHA-256:1154D2B380C787167C5E0FDEAB6E1A99824C5388513486036DD575DB4D3AE621
                              SHA-512:DFA1FABB8A8716DA2AD3461A4C862FD0A0FC92FEB8F7F66C6B63C9B9A8BADA4C851AC1C18F852F21E5974B81DAF519324A43DC8EB134DFFB70342408F610D0A5
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,....~...D;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY.a....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY.a....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY.a....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY.a..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.a...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............F.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):663451
                              Entropy (8bit):5.3635307555313165
                              Encrypted:false
                              SSDEEP:
                              MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                              SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                              SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                              SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/scripts/boot.worldwide.0.mouse.js
                              Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 12 x 3, 8-bit/color RGB, non-interlaced
                              Category:downloaded
                              Size (bytes):61
                              Entropy (8bit):4.035372245524405
                              Encrypted:false
                              SSDEEP:
                              MD5:A1B4950DB74BECFCA1652BD1EA67FCE4
                              SHA1:F06604989AF5D6E5BC1FB8D98D992E929718B7D7
                              SHA-256:DAD78B8212937A764A56DE36BD3AD1634C4F3D12DE364A242407E36AD8C1EC1D
                              SHA-512:2D0003F5B6B7AD776BA3EBC06BB80AE9E52F88B14111E5B4BE6C6F4D50522D60580B9287ABC69F4BAF8C5CE58251EE0AE55D369C7D86F02B03F413FCC3957914
                              Malicious:false
                              Reputation:unknown
                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e585421dc398c2d/1732104542130/gnnBOdiaCnQvSh0
                              Preview:.PNG........IHDR.............(Aye....IDAT.....$.....IEND.B`.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
                              Category:downloaded
                              Size (bytes):20400
                              Entropy (8bit):7.980289584022803
                              Encrypted:false
                              SSDEEP:
                              MD5:F0DE9A98DBDFA8C02742CE6D92FB2524
                              SHA1:CDEC682AEB9E39EDCCC2374DAB26F04DB754A8B5
                              SHA-256:FAF4294F27A542B0F9EA2A7CB2711529AB027CD84A5F5BADFAE752100855E6BE
                              SHA-512:856FC9AB199997E69A9487372BC0083564F7115B3E0678CF1D542B9864E9A88D5FFB85697FD93538DC9439071E3BCD4B8BCCBFC610E1A45DE104D6362D8ADCD9
                              Malicious:false
                              Reputation:unknown
                              URL:https://9szxhcaw3gh.coachingsquarebe.site/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                              Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):689017
                              Entropy (8bit):4.210697599646938
                              Encrypted:false
                              SSDEEP:
                              MD5:3E89AE909C6A8D8C56396830471F3373
                              SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                              SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                              SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                              Malicious:false
                              Reputation:unknown
                              URL:https://9szxhcaw3gh.coachingsquarebe.site/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_h6TdaK6cfsrg175w47aRCA2.js
                              Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                              Category:dropped
                              Size (bytes):1435
                              Entropy (8bit):7.8613342322590265
                              Encrypted:false
                              SSDEEP:
                              MD5:9F368BC4580FED907775F31C6B26D6CF
                              SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                              SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                              SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                              Malicious:false
                              Reputation:unknown
                              Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                              Category:dropped
                              Size (bytes):621
                              Entropy (8bit):7.673946009263606
                              Encrypted:false
                              SSDEEP:
                              MD5:4761405717E938D7E7400BB15715DB1E
                              SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                              SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                              SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                              Malicious:false
                              Reputation:unknown
                              Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):660449
                              Entropy (8bit):5.4121922690110535
                              Encrypted:false
                              SSDEEP:
                              MD5:D9E3D2CE0228D2A5079478AAE5759698
                              SHA1:412F45951C6AEDA5F3DF2C52533171FC7BDD5961
                              SHA-256:7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
                              SHA-512:06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/scripts/boot.worldwide.3.mouse.js
                              Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.3.mouse.js'] = (new Date()).getTime();..;_n.a.jR=function(n){return n.dS()};_n.a.jZ=function(n){return n.eh()};_n.a.jP=function(n){return n.cC()};_n.a.jQ=function(n){return n.ca()};_n.a.hZ=function(n){return n.dO};_n.a.jU=function(n){return n.ed()};_n.a.jT=function(n){return n.ea()};_n.a.kb=function(n){return n.ej()};_n.a.hM=function(n){return 300};_n.a.fh=function(n){return n.V};_n.a.jV=function(n){return n.bI()};_n.a.ie=function(n){return n.mh()};_n.a.km=function(n){return n.bl()};_n.a.ka=function(n){return n.ei()};_n.a.ko=function(n){return n.cV()};_n.a.eX=function(n){return _y.E.isInstanceOfType(n)?n.y:null};_n.a.jN=function(n){return n.c()};_n.a.gm=function(n){return n.b()};_n.a.jM=function(n){return n.b()};_n.a.ib=function(n){return n.jM()};_n.a.iq=function(n){return n.bG};_n.a.iX=function(n){return _n.V.isInstanceOfType(n)?n
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                              Category:dropped
                              Size (bytes):17453
                              Entropy (8bit):3.890509953257612
                              Encrypted:false
                              SSDEEP:
                              MD5:7916A894EBDE7D29C2CC29B267F1299F
                              SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                              SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                              SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                              Malicious:false
                              Reputation:unknown
                              Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:downloaded
                              Size (bytes):232394
                              Entropy (8bit):5.54543362321178
                              Encrypted:false
                              SSDEEP:
                              MD5:AF8D946B64D139A380CF3A1C27BDBEB0
                              SHA1:C76845B6FFEAF14450795C550260EB618ABD60AB
                              SHA-256:37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
                              SHA-512:C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/resources/styles/0/boot.worldwide.mouse.css
                              Preview:.feedbackList{-webkit-animation-duration:.17s;-moz-animation-duration:.17s;animation-duration:.17s;-webkit-animation-name:feedbackListFrames;-moz-animation-name:feedbackListFrames;animation-name:feedbackListFrames;-webkit-animation-fill-mode:both;-moz-animation-fill-mode:both;animation-fill-mode:both}@-webkit-keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-webkit-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@-moz-keyframes feedbackListFrames{from{-moz-transform:scale(1,1);transform:scale(1,1);-moz-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-moz-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);-moz-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):3452
                              Entropy (8bit):5.117912766689607
                              Encrypted:false
                              SSDEEP:
                              MD5:CB06E9A552B197D5C0EA600B431A3407
                              SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                              SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                              SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                              Malicious:false
                              Reputation:unknown
                              URL:https://login.live.com/Me.htm?v=3
                              Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):5139
                              Entropy (8bit):7.865234009830226
                              Encrypted:false
                              SSDEEP:
                              MD5:8B36337037CFF88C3DF203BB73D58E41
                              SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                              SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                              SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):22
                              Entropy (8bit):3.6978458230844122
                              Encrypted:false
                              SSDEEP:
                              MD5:6AAB5444A217195068E4B25509BC0C50
                              SHA1:7B22EAF7EAA9B7E1F664A0632D3894D406FE7933
                              SHA-256:FC5525D427BFA27792D3A87411BE241C047D07F07C18E2FC36BF00B1C2E33D07
                              SHA-512:AA5F66638B142B5E6D1D008F2934530C7AAD2F7F19128CA24609825D0DACFFD25A77591BFD7FB1D225BE2FA77CABCE837E0741326C1AC622C244D51E6FAFB303
                              Malicious:false
                              Reputation:unknown
                              URL:https://groupjlansen.com/favicon.ico
                              Preview:<h1>Access Denied</h1>
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):28
                              Entropy (8bit):4.307354922057605
                              Encrypted:false
                              SSDEEP:
                              MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                              SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                              SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                              SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                              Malicious:false
                              Reputation:unknown
                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlWvL0wHbJ1lBIFDdFbUVISBQ1Xevf9?alt=proto
                              Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):662286
                              Entropy (8bit):5.315860951951661
                              Encrypted:false
                              SSDEEP:
                              MD5:12204899D75FC019689A92ED57559B94
                              SHA1:CCF6271C6565495B18C1CED2F7273D5875DBFB1F
                              SHA-256:39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
                              SHA-512:AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/scripts/boot.worldwide.2.mouse.js
                              Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.2.mouse.js'] = (new Date()).getTime();.._y.lC=function(){};_y.lC.registerInterface("_y.lC");_y.jw=function(){};_y.jw.registerInterface("_y.jw");_y.lA=function(){};_y.lA.registerInterface("_y.lA");var IDelayedSendEvent=function(){};IDelayedSendEvent.registerInterface("IDelayedSendEvent");var IIsShowingComposeInReadingPaneEvent=function(){};IIsShowingComposeInReadingPaneEvent.registerInterface("IIsShowingComposeInReadingPaneEvent");var ISendFailedO365Event=function(){};ISendFailedO365Event.registerInterface("ISendFailedO365Event");var ISendFailureRemoveO365Event=function(){};ISendFailureRemoveO365Event.registerInterface("ISendFailureRemoveO365Event");_y.gw=function(){};_y.gw.registerInterface("_y.gw");_y.iB=function(){};_y.iB.registerInterface("_y.iB");_y.ih=function(){};_y.ih.registerInterface("_y.ih");_y.jy=function(){};_y.jy.regis
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                              Category:downloaded
                              Size (bytes):987
                              Entropy (8bit):6.922003634904799
                              Encrypted:false
                              SSDEEP:
                              MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                              SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                              SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                              SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                              Malicious:false
                              Reputation:unknown
                              URL:https://9szxhcaw3gh.coachingsquarebe.site/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
                              Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (47671)
                              Category:downloaded
                              Size (bytes):47672
                              Entropy (8bit):5.401921124762015
                              Encrypted:false
                              SSDEEP:
                              MD5:B804BCD42117B1BBE45326212AF85105
                              SHA1:7B4175AAF0B7E45E03390F50CB8ED93185017014
                              SHA-256:B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
                              SHA-512:9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
                              Malicious:false
                              Reputation:unknown
                              URL:https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js
                              Preview:"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                              Category:dropped
                              Size (bytes):61
                              Entropy (8bit):3.990210155325004
                              Encrypted:false
                              SSDEEP:
                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (994), with no line terminators
                              Category:downloaded
                              Size (bytes):994
                              Entropy (8bit):4.934955158256183
                              Encrypted:false
                              SSDEEP:
                              MD5:E2110B813F02736A4726197271108119
                              SHA1:D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857
                              SHA-256:6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
                              SHA-512:E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/resources/images/0/sprite1.mouse.css
                              Preview:.image-loading_blackbg-gif{background:url('loading_blackbg.gif');width:16px;height:16px}.image-loading_whitebg-gif{background:url('loading_whitebg.gif');width:16px;height:16px}.image-thinking16_blue-gif{background:url('thinking16_blue.gif');width:16px;height:16px}.image-thinking16_grey-gif{background:url('thinking16_grey.gif');width:16px;height:16px}.image-thinking16_white-gif{background:url('thinking16_white.gif');width:16px;height:16px}.image-thinking24-gif{background:url('thinking24.gif');width:24px;height:24px}.image-thinking32_blue-gif{background:url('thinking32_blue.gif');width:32px;height:32px}.image-thinking32_grey-gif{background:url('thinking32_grey.gif');width:32px;height:32px}.image-thinking32_white-gif{background:url('thinking32_white.gif');width:32px;height:32px}.image-clear1x1-gif{width:1px;height:1px;background:url('sprite1.mouse.png') -0 -0}.csimg{padding:0;border:none;background-repeat:no-repeat;-webkit-touch-callout:none}span.csimg{-ms-high-contrast-adjust:none}
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):132
                              Entropy (8bit):4.945787382366693
                              Encrypted:false
                              SSDEEP:
                              MD5:3EDA15637AFEAC6078F56C9DCC9BBDB8
                              SHA1:97B900884183CB8CF99BA069EEDC280C599C1B74
                              SHA-256:68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
                              SHA-512:06B21827589FCAF63B085DB2D662737B24A39A697FF9138BDF188408647C3E90784B355F2B8390160CA487992C033CE735599271EE35873E1941812AB6C34B52
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/resources/images/0/sprite1.mouse.png
                              Preview:.PNG........IHDR...X..........x......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..1......Om.O ...j.a...\BW....IEND.B`.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                              Category:downloaded
                              Size (bytes):17174
                              Entropy (8bit):2.9129715116732746
                              Encrypted:false
                              SSDEEP:
                              MD5:12E3DAC858061D088023B2BD48E2FA96
                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                              Malicious:false
                              Reputation:unknown
                              URL:https://9szxhcaw3gh.coachingsquarebe.site/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):659798
                              Entropy (8bit):5.352921769071548
                              Encrypted:false
                              SSDEEP:
                              MD5:9786D38346567E5E93C7D03B06E3EA2D
                              SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                              SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                              SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                              Malicious:false
                              Reputation:unknown
                              URL:https://r4.res.office365.com/owa/prem/15.20.8158.24/scripts/boot.worldwide.1.mouse.js
                              Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:
                              No static file info