Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://office.yacivt.com/wriEcFSZ

Overview

General Information

Sample URL:http://office.yacivt.com/wriEcFSZ
Analysis ID:1577040

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected suspicious Javascript
AI detected suspicious URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1820,i,4649529684174484674,13567822806288796015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://office.yacivt.com/wriEcFSZ" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
0.8.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    0.12.i.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      0.20.i.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        3.4.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          4.5.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 4 entries
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'office.yacivt.com' does not match the legitimate domain 'microsoft.com'., The domain 'yacivt.com' is not associated with Microsoft, which is suspicious., The use of 'office' as a subdomain could be an attempt to mimic Microsoft's Office services., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft accounts. DOM: 4.8.pages.csv
            Source: Yara matchFile source: 0.8.id.script.csv, type: HTML
            Source: Yara matchFile source: 0.12.i.script.csv, type: HTML
            Source: Yara matchFile source: 0.20.i.script.csv, type: HTML
            Source: Yara matchFile source: 3.4.pages.csv, type: HTML
            Source: Yara matchFile source: 4.5.pages.csv, type: HTML
            Source: Yara matchFile source: 4.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 4.9.pages.csv, type: HTML
            Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://office.yacivt.com/wriEcFSZ... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have some legitimate functionality, the overall risk level is high due to the presence of these malicious indicators.
            Source: 0.14.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://office.yacivt.com/common/oauth2/v2.0/autho... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The script appears to be attempting to automatically fill in user credentials and submit a login form, which is a common phishing technique. Additionally, the script uses obfuscated code and base64 encoding, further raising suspicion. While the script may have a legitimate purpose, the overall behavior and lack of transparency suggest a high-risk scenario that requires further investigation.
            Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://office.yacivt.com
            Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://office.yacivt.com
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://office.yacivt.com/wriEcFSZ?__cf_chl_rt_tk=u3QxlQJkYaRJN0Gk8SDYFFeQ8eDAqPZYTcxDksVOHps-1734469556-1.0.1.1-WZT0OAR1XUlx1H5hmO9y0jJnW.5wAnZNubxrtsjemSkHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://office.yacivt.com/wriEcFSZ?__cf_chl_rt_tk=u3QxlQJkYaRJN0Gk8SDYFFeQ8eDAqPZYTcxDksVOHps-1734469556-1.0.1.1-WZT0OAR1XUlx1H5hmO9y0jJnW.5wAnZNubxrtsjemSkHTTP Parser: No favicon
            Source: https://office.yacivt.com/wriEcFSZHTTP Parser: No favicon
            Source: https://office.yacivt.com/wriEcFSZHTTP Parser: No favicon
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: No favicon
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49717 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49765 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 26MB
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: office.yacivt.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.youtube.com
            Source: global trafficDNS traffic detected: DNS query: react.yacivt.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: ywnjb.yacivt.com
            Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49717 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49765 version: TLS 1.2
            Source: classification engineClassification label: mal64.phis.win@20/32@30/212
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1820,i,4649529684174484674,13567822806288796015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://office.yacivt.com/wriEcFSZ"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1820,i,4649529684174484674,13567822806288796015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
            Browser Extensions
            1
            Process Injection
            1
            Masquerading
            OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder
            1
            Registry Run Keys / Startup Folder
            1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Extra Window Memory Injection
            1
            Extra Window Memory Injection
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            http://office.yacivt.com/wriEcFSZ0%Avira URL Cloudsafe
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            NameIPActiveMaliciousAntivirus DetectionReputation
            a.nel.cloudflare.com
            35.190.80.1
            truefalse
              high
              youtube-ui.l.google.com
              172.217.19.206
              truefalse
                high
                react.yacivt.com
                104.21.15.142
                truefalse
                  unknown
                  ywnjb.yacivt.com
                  104.21.15.142
                  truefalse
                    unknown
                    challenges.cloudflare.com
                    104.18.94.41
                    truefalse
                      high
                      sni1gl.wpc.omegacdn.net
                      152.199.21.175
                      truefalse
                        high
                        www.google.com
                        142.250.181.132
                        truefalse
                          high
                          s-part-0035.t-0009.t-msedge.net
                          13.107.246.63
                          truefalse
                            high
                            office.yacivt.com
                            172.67.162.198
                            truetrue
                              unknown
                              identity.nel.measure.office.net
                              unknown
                              unknownfalse
                                high
                                aadcdn.msftauth.net
                                unknown
                                unknownfalse
                                  high
                                  www.youtube.com
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://office.yacivt.com/wriEcFSZtrue
                                      unknown
                                      https://office.yacivt.com/wriEcFSZ?__cf_chl_rt_tk=u3QxlQJkYaRJN0Gk8SDYFFeQ8eDAqPZYTcxDksVOHps-1734469556-1.0.1.1-WZT0OAR1XUlx1H5hmO9y0jJnW.5wAnZNubxrtsjemSkfalse
                                        unknown
                                        https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=truetrue
                                          unknown
                                          https://office.yacivt.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638700663924236788.M2JhMTQ3M2MtOTY5ZS00ODU1LWFkZGEtNDA3N2M2NjI0MGM0MTEwZDlkOTEtMWY3Yi00NmNmLWE3ZjMtOTA3MTZiN2YzMjJj&ui_locales=en-US&mkt=en-US&client-request-id=37a7e2c6-4a3b-47f6-a0af-ccced59b0b1f&state=l6BTM8D70dyZpNtlmK9yP7pGcVJJkYIuCnzjG4ZCjnuNmRf69zWEx5SNwmNeeCLEHhtNj3-XJVrZR76PiFDwL1SwilGZk2eEVrXFdAiBU72BufoEi41Y172sL8lPoxuYI8o6qHDNnvcdKMbCR0XzEc-yC94Vsm8XhjIPAE1BAsxOTqaWVneplzoe-4aZvR8YHENzT2sxUahoRcn7Lzj6NsqiVdwQAWKX7W4gtrPqy8-ovgh1zOZRXMDyCt-8tXE-A2110vJYi2der3W4JaYeVg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0false
                                            unknown
                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs
                                            IPDomainCountryFlagASNASN NameMalicious
                                            172.217.19.206
                                            youtube-ui.l.google.comUnited States
                                            15169GOOGLEUSfalse
                                            172.217.19.227
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            13.107.246.63
                                            s-part-0035.t-0009.t-msedge.netUnited States
                                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            1.1.1.1
                                            unknownAustralia
                                            13335CLOUDFLARENETUSfalse
                                            172.217.17.78
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            104.21.15.142
                                            react.yacivt.comUnited States
                                            13335CLOUDFLARENETUSfalse
                                            172.217.17.35
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            172.217.17.46
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            104.18.94.41
                                            challenges.cloudflare.comUnited States
                                            13335CLOUDFLARENETUSfalse
                                            23.32.238.168
                                            unknownUnited States
                                            2828XO-AS15USfalse
                                            104.18.95.41
                                            unknownUnited States
                                            13335CLOUDFLARENETUSfalse
                                            172.217.19.202
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            142.250.181.132
                                            www.google.comUnited States
                                            15169GOOGLEUSfalse
                                            13.69.109.131
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            239.255.255.250
                                            unknownReserved
                                            unknownunknownfalse
                                            152.199.21.175
                                            sni1gl.wpc.omegacdn.netUnited States
                                            15133EDGECASTUSfalse
                                            35.190.80.1
                                            a.nel.cloudflare.comUnited States
                                            15169GOOGLEUSfalse
                                            64.233.163.84
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            172.67.162.198
                                            office.yacivt.comUnited States
                                            13335CLOUDFLARENETUStrue
                                            20.50.201.205
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            IP
                                            192.168.2.17
                                            192.168.2.16
                                            192.168.2.5
                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1577040
                                            Start date and time:2024-12-17 22:05:12 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                            Sample URL:http://office.yacivt.com/wriEcFSZ
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:14
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • EGA enabled
                                            Analysis Mode:stream
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal64.phis.win@20/32@30/212
                                            • Exclude process from analysis (whitelisted): svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.17.78, 64.233.163.84, 172.217.17.46
                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • VT rate limit hit for: http://office.yacivt.com/wriEcFSZ
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 20:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2673
                                            Entropy (8bit):3.990101316396611
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F2A90B4879A54384D268ADDA5F403072
                                            SHA1:0EF69E7C5C4E8234ABE86C9E483492CEA09F390D
                                            SHA-256:24C25C76549178404A019BBDD2617AEC144688195EEEC9C5E4D25C9326A7E599
                                            SHA-512:22C44E7D195694D9CE8FB897940AE42E1CDDACB4E5B4605FFD0D658B209A42AC64E37AA1D9D82BF7A4767F33447C01BB99A3F1F293BA8302D5A72DBBD07242E4
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.......s.P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 20:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2675
                                            Entropy (8bit):4.005622732287905
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4BE25F8A178989E9B9D1FF539A72BEA0
                                            SHA1:8526173BE772B41C8B5C38511085317DF615AC17
                                            SHA-256:C436CD15D835D400A04880E3F1B75CB9049A24204194FA0A867AB05AF7517EDE
                                            SHA-512:725750C01209C21FBF3171455CFCCF0EDDE18AB07DA0D1EE3ED2C3936C787D0D5BE3157EF45FC5ADCF400C6BCED36822A5582ABDF30AC09D1EDFD5FD20A75F73
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,....G..r.P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2689
                                            Entropy (8bit):4.013482081687088
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:149EFBE7D5333745A5A332108A56DF1C
                                            SHA1:C9302EB73AA009BC5795F849842D955BEBF8B71C
                                            SHA-256:C14B641FD4D63684F93BBC6B51C2D1A7377FE52597D921B2A00A5644C1F5FE0D
                                            SHA-512:78B90C849254AC6DC52758CEFF628DD391EF07A68A9F862C338C3BFC0B5B817D48E004A62D4CEBD4872306B37DC78B7157A33B7D439A459C327003D0B16AEC75
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 20:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):4.003641934783942
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:468B930FB9B289976F03C1D41985662C
                                            SHA1:72423F27FE3E7F85C75EA4DD726EA0CC4AF5EBC7
                                            SHA-256:45A28DDB2E502A86DDF4218BE838A8E181082D0DFD4FD35E283789FD7B737213
                                            SHA-512:71A796AC3F88C4E3137B788E693A67098B8472FE12E0D536C1C4672E315D70AA3F5DC7E420A4F82E79F93DB5198656B3E15E9E95F94C00FBD9D207C0924AD0C7
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....&.r.P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 20:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.992588755053862
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:3B7548C4B65EA844E8393930EBA6419D
                                            SHA1:BEF4E3CE39B7ADDEDDED5EE391C9CB96F1DD62BC
                                            SHA-256:8AD5ACF7D66CF4AF250AAE2A2A1AD74744483286DCEDCC1EF919E6F0FD6C588E
                                            SHA-512:E333C6858D5BB203160CC82ED595C90FF795320D912FA821C78AD0B6126A5492C377A49E64A641BF185F5D0E7C5E18BF984941FC60DA51E392CE9468212CC259
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,....d..s.P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 17 20:05:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2679
                                            Entropy (8bit):4.000178783598887
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:03F2D5C54700CF0A6BA1E962FC1C97A3
                                            SHA1:ED3579B1FDE5A68DACC43C7AEA79C63D1E6735B7
                                            SHA-256:2FD60B2387DD836A745E7295B20A5ECC9E421E59F9E884A9BD059CC9D4762220
                                            SHA-512:DFB56D4190459B6E297EEBAFA4E14ECF70092CAF9080BF960E6A5C5EED3968CE5953F17756CB7D2E2299A24F32277A2583CBD8F46197C0C618695C42FC113AB4
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....;.r.P..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............vk......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (64616)
                                            Category:downloaded
                                            Size (bytes):450755
                                            Entropy (8bit):5.449552702818663
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:900C7DA993921F883DD05347B2D1CC08
                                            SHA1:31F7A9C889C260DD56AE1B601C7AC73AC806C38F
                                            SHA-256:3BB35E786C5EF0186C1202CE43B9745D0EA7315C2158259BDFBDF9CC028780C6
                                            SHA-512:8FD0A4EB1E15FFE26081B9F7731260B8C18F89884A4E37258B4890C10D3FAF1CA9DEF61A1B86436A16A49345E56EF8D5416300B7C4C1D0085544B83D9D8958D1
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):2672
                                            Entropy (8bit):6.640973516071413
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):3651
                                            Entropy (8bit):4.094801914706141
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                            SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                            SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                            SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):72
                                            Entropy (8bit):4.241202481433726
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9E576E34B18E986347909C29AE6A82C6
                                            SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                            SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                            SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):3620
                                            Entropy (8bit):6.867828878374734
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:downloaded
                                            Size (bytes):1592
                                            Entropy (8bit):4.205005284721148
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4E48046CE74F4B89D45037C90576BFAC
                                            SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                            SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                            SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (47691)
                                            Category:downloaded
                                            Size (bytes):47692
                                            Entropy (8bit):5.4016459163756165
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9046FDD8B20F930F537279DEDE41E747
                                            SHA1:EBB905F60D71F45D056D42E6096736EA8C2D4BD9
                                            SHA-256:5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
                                            SHA-512:F289C718B32D9E75E5725116D7696070C840426310B2A75E3EE66933E50B85BF738B4015FCFB8BAF7A8545B600B9820D85F8BB41C055FB0877C1420655E5E975
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/api.js?onload=WXqDk4&render=explicit
                                            Preview:"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (64612)
                                            Category:downloaded
                                            Size (bytes):98298
                                            Entropy (8bit):5.4493352943919104
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:DA178DC70BA6B9E4372B2D63F6B4DA50
                                            SHA1:50DA78701CEBFF1D815433C5D0EEFFB225379D0A
                                            SHA-256:67B89B06D6963E76E28C618EE9942F35D1A2242C5E1D08E58F536CF5AC8F4F45
                                            SHA-512:8747EB84A317D49EA33E5D5B1721A383615848BEF64FA994725BBA0F132C0535BB9E4E8BEF238A86AB4CD11E3444AC04617473C37E63D4A22ED34E595EDEC5E4
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[37],{1379:function(e,t,
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):28
                                            Entropy (8bit):4.307354922057605
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                            SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                            SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                            SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwm5wauWBEtXsBIFDdFbUVISBQ1Xevf9?alt=proto
                                            Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142367
                                            Category:downloaded
                                            Size (bytes):49911
                                            Entropy (8bit):7.994516776763163
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:9B96CC09F9E89D0334BA2FBC22B5197A
                                            SHA1:B5FE69F39E9F61FEF88DF794F02DC4F4086E2592
                                            SHA-256:E6331018533143C411BAE25326AB52FCED541C48674551AEA78E750855BDCD1D
                                            SHA-512:2BDD71A34A7D6172AD4B7B6CF077A891D6266C148000EEF8345E2343E6C21ED8783B2EA328EF3BF7176462A3CA575D2D6D4B55A07138CFD1B02900C95F61077D
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
                                            Preview:...........m[.8.0........OL....;w.....a.....\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De.._.8.+S?N..HL..J......%O..S........(=.gO.|.T.0......6.. ..y....x..*..8..p.T"1...|$.Cz..V.D%.Ie.F....^."..5....c...?..T8..._..b.gs.4....S]kDZ..7.J.V..l}..?.....c...g.A...8.......8.VB..*....^..f..O.*... ...`...H.{.$. OP..S..AC.gVE.I8..).-U.....R...A..%.T[...Fc{..49..If...y.'w.Q}..oz..v.....W...pp..%..G.+.r:.A.*.....[.:..s.?U......_............k.y0.U....+I5..0.>.Q%.".w.....O....5w..;.;.>..mr.k53r.......k.0.I.<.D......d&...c..jhE..zx.]....y|W....i...`.. .k.P...@.Uq.\;..1............z|.O..Y5..........XtR,....R...k3..<.*.\.2.>.;T..$...kj.5-.i?/..YH`!jb..Z..=.&.L..F...([..y....K5pzQ.>i.1.......0..P...@...L.".n.x..Cj?..w.:+...n..4..H.. .*....S.....h*....8....v.l.[M.0..q..c;.....0*..*.8.......l.TM..n "..km..S.<.T..].k.+1.....P.V...4-W.C....0-/.S;.w......K.z+...DZ....=q.E.@ .Dv.z...@.d.#tE...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (61177)
                                            Category:downloaded
                                            Size (bytes):98303
                                            Entropy (8bit):5.305842219690955
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6216BDD5FD779D2F123087AF1E35258C
                                            SHA1:FE20B272098209C5CD22D42068096E218817C5C2
                                            SHA-256:715FE71EBB9BC4EBC3495A984D729D0E023FD9F1D1E3463E62E434AC9C1AA14D
                                            SHA-512:4DB8CD8A7DC65277139B6242FC6CAAF2039CEA83788C9EBDB158D5D9F74E70FD44012CC5C41CC6AC40247AFCB481B27E165D9405500778946A5DFF17357F2929
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                            Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (512)
                                            Category:dropped
                                            Size (bytes):11970
                                            Entropy (8bit):5.416120131770621
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:39A0EB35CD7799A181D34F4AE1DDB496
                                            SHA1:E933CA8534BCB6AD79D240316CE23C8B870050D0
                                            SHA-256:C8CEF105FCAF7CBF3F8682C861045505C24D41CF6686C20C1C03E14031A3DB69
                                            SHA-512:0AE990F9B57B55C3A8025BBE13C98ECD8A40C38380F9E0EFEF2BE7B418642EB040E4C537E684D2FEF7E04113450CFD4DEFF3414310773177220209991BBF1643
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:/*! ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. .. * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain..Provided for Informational Purposes Only..Public Domain. .NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK..----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------ */."object"!=typeof JSON&&(JSON={}),
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 23 x 46, 8-bit/color RGB, non-interlaced
                                            Category:dropped
                                            Size (bytes):61
                                            Entropy (8bit):4.068159130770306
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:CE55194F685D76C4A9B92B04157FEC06
                                            SHA1:6094055CB3473FA96ED20824BB8082D8662FAD93
                                            SHA-256:44EDC8673EBD7BC7AFDE45572DE7973735433150A396304EA1C7E0DF9941AAAB
                                            SHA-512:16FE3EE9B820C0B2415F3988ED6C9C7F82B829080684524FE5C7056795AC9668B47DE2DC46222F6A93051D3FCE223BEDAD5AB447668E459AA783A0D1D4678D57
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:.PNG........IHDR.............L=......IDAT.....$.....IEND.B`.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                                            Category:downloaded
                                            Size (bytes):20410
                                            Entropy (8bit):7.980582012022051
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                                            SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                                            SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                                            SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                            Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (45797)
                                            Category:dropped
                                            Size (bytes):406986
                                            Entropy (8bit):5.31789636250024
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9083D228E539FD87EF95A94B7ABC396C
                                            SHA1:159AE950D79B4987D65F18FFBF6FF87D76C5B536
                                            SHA-256:54B34EA260D9DCF6D7961A60C9B540673312A965F9DDC2F1AB9855D622BFA07C
                                            SHA-512:1306A0CFBA637F249786677E9C29D72E15C72F1575DEB217E9E965E456D2320C5644CDE43F06BA1E8373D11E16D33DD955FB3E9077C38F585E4A33B5A1075A0B
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(539).concat([f
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                            Category:dropped
                                            Size (bytes):35170
                                            Entropy (8bit):7.993096534744333
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:171A4DD9400708B88724B57D62B24A6A
                                            SHA1:9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37
                                            SHA-256:EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
                                            SHA-512:5B13B63912B34E3EEEDD8DA5953B869A83DF82FFD2A8D737AA81DC984F1811800A534F340C48041DA803C25B6B8F5605EA8D003B6A09A1874408F95A710F5126
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........z.....|..t.. [.C.....{...~..c......ua...~.v<.I..P#._{{}._.......Km...eR....u?GY..h..}..gAv...<.l.Z...#.....:P?Q..."..........,.D...I<._.'..-..=..;.>.C_..#.....D[0.Y..*...M.....{.YT,...x..SQ/......N<`...|._.k....0)......+.Z..4...M. ...i...`.ml..-X.E.....d.. .}.e4.{6hz^..}....@....W.1...d8...>.@.....(.'[..`..A..?...yL.|..QTF...-.='S@.Q.sM.`...}.t..$..y^..0J.kC.S...U.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (65450), with CRLF line terminators
                                            Category:downloaded
                                            Size (bytes):119648
                                            Entropy (8bit):5.356165204896218
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:75CF78D0E38C65A538AD253CA9E48DBE
                                            SHA1:BF0452E4A42A9AF3B69D5D8C3A3A0433F14921B6
                                            SHA-256:DF2AA8537C1992C94846A0FFFFAA9031D430D9D0210B9E396EC059AFF62627E0
                                            SHA-512:81383E4FDAE1F34F8E652F69058D57A2A4BD0A77C2C41C3174BEE0CEBA83A8326229C2A74EAF415BFBD34382B1C442A97C41034F43CD77A391BA9B4DAAE65463
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
                                            Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                            Category:dropped
                                            Size (bytes):61
                                            Entropy (8bit):3.990210155325004
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                            SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                            SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                            SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 text, with very long lines (32016)
                                            Category:dropped
                                            Size (bytes):57510
                                            Entropy (8bit):5.3728935008680745
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:23C7FEEF919F9374C1B26F019804CDA8
                                            SHA1:3E22BA24CFD4F5A1C4D189AAADB1A82A867377C0
                                            SHA-256:993A5748DB7B6BC125F88788845A7599234130BCE2858B528071035488CB886D
                                            SHA-512:93D4D19CA4BACFC0AD64690E2426D573D47991DAF772D178D5C477369675539274A5E97C666A97A49AD0EC82E566EF4B71E967E7D7FFC575FBD2171E06791276
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text, with very long lines (3434), with CRLF line terminators
                                            Category:downloaded
                                            Size (bytes):3436
                                            Entropy (8bit):5.1233945099568645
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:A994D99A93E2F0B897934E40A3479770
                                            SHA1:BD839A3169F522DA566A0231784A50D4D22AB4FF
                                            SHA-256:67B6BAE583A90C318F4F54D316F6F84F552798635509C1E3355919D6B3007741
                                            SHA-512:F9A07B13FA81CB4013D6FC93B8B40247C996E396662C9E2EBF4C406BF573027B4E5EE0EC1924A8BDC070AFF64B57E958923B2A7E598D45E04D83A4681FF07495
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://ywnjb.yacivt.com/Me.htm?v=3
                                            Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):1864
                                            Entropy (8bit):5.222032823730197
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BC3D32A696895F78C19DF6C717586A5D
                                            SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                            SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                            SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (3757)
                                            Category:downloaded
                                            Size (bytes):4730
                                            Entropy (8bit):5.124053413630943
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:26BEAB8FC9F63A634D684759AAC93F19
                                            SHA1:23D4364F70C8995CB37DCB2E87AA3B3C52BEC331
                                            SHA-256:1F672F38B297EC2CF5B236633ADE54BB9B2BE29EABA8F7B15392F367E4E57973
                                            SHA-512:8BC03B007F39FF63FA11ED719DFD7631E365DFDF98A1CB33C3EFF91ED6A49608513B311FC72363E4590BB36DC6EAAD763A76B205CB21A21E0E9FA44D20A3B96C
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_3ca848e05d76b2c07f9b.js
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[36],{509:function(t,e,i
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (2054)
                                            Category:dropped
                                            Size (bytes):9285
                                            Entropy (8bit):5.397876465825329
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:439A53994F1A9C860C7787ED5100CA0C
                                            SHA1:15BA120F64BBF6A59A457841B10DF0D6D1B4574C
                                            SHA-256:441BFA485FB0EB8AD2BE7001209868B57C41769CAE9512A774419F5882C093E6
                                            SHA-512:FB6002797BD9E28A352BCBE4643BC7E998C562218D9189AE879E1DC605BC79C3234435029B46667724E5C85A475A72C8DDDED17E3EEFD7791EC1FB21822D3804
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:!function(){function e(){return(x.location.protocol||"").concat("//",x.location.hostname||x.location.host)}function r(e){if(e){try{var r=/function (.{1,})\(/,n=r.exec(e.constructor.toString());return n&&n.length>1?n[1]:""}catch(e){}}return""}function n(e,r,n){if(e&&r){n||(e=e.toLowerCase());for(var t=0;t<r.length;t++){var o=r[t];if(o&&(n||(o=o.toLowerCase()),e.indexOf(o)>=0)){return r[t]}}}return null}function t(e,r,n){return!!(0===n&&r&&r.indexOf("Script error.")>=0)}function o(e,r){.if(!e.expectedVersion||e.expectedVersion!==E().jquery){if(r&&r.indexOf("jQuery.easing[jQuery.easing.def] is not a function")>=0){return!0}if(r&&r.indexOf("The bound jQuery version is not the expected version -- loaded")>=0){return!0}}return!1}function i(e){if(e){try{if("string"!==E.type(e)&&JSON&&JSON.stringify){var n=r(e),t=JSON.stringify(e);return t&&"{}"!==t||(e.error&&(e=e.error,n=r(e)),(t=JSON.stringify(e))&&"{}"!==t||(t=e.toString())),n+":"+t}}catch(e){}}return""+(e||"")}function a(e,r){return{."sig
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                            Category:downloaded
                                            Size (bytes):17174
                                            Entropy (8bit):2.9129715116732746
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (14782)
                                            Category:dropped
                                            Size (bytes):15755
                                            Entropy (8bit):5.364203403428075
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B21937967628C01620B33966B480E387
                                            SHA1:2685229BC5F2540A4C36A2CD2D4BAE0C93489C86
                                            SHA-256:73911B6531D9AF94C4B34095F0899A00CB5765A417A5EEDAC85D5DC5458390F9
                                            SHA-512:50A6755F76EF09F02CD77F1111C249BCA7FF4ABC5B84DFF09BC45C405BC882B60096AA5ED19680D9EF41DC903EF529C1ABF0E48FA85DAD9104EDC7CA91CB9B53
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[17],{525:function(e,n,s
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                            Category:dropped
                                            Size (bytes):190152
                                            Entropy (8bit):5.348678574819375
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4877EFC88055D60953886EC55B04DE34
                                            SHA1:2341B026A3E2A3B01AFA1A39D1706840D75E09B3
                                            SHA-256:8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
                                            SHA-512:625844EDC37594D5C2F7622BD1B59278BF68ABB2FA22476C56826433C961C7B1924858A7588F8B6284D3C5AC8738ECB895EEC949DE18667A98C04A59CB03DAC0
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:(window.telemetry_webpackJsonp=window.telemetry_webpackJsonp||[]).push([[2],[,,,function(e,t,n){"use strict";n.r(t),n.d(t,"ValueKind",(function(){return r.e})),n.d(t,"EventLatency",(function(){return r.a})),n.d(t,"EventPersistence",(function(){return r.b})),n.d(t,"TraceLevel",(function(){return r.d})),n.d(t,"AppInsightsCore",(function(){return i.a})),n.d(t,"BaseCore",(function(){return d})),n.d(t,"_ExtendedInternalMessageId",(function(){return r.f})),n.d(t,"EventPropertyType",(function(){return r.c})),n.d(t,"ESPromise",(function(){return g})),n.d(t,"ESPromiseScheduler",(function(){return C})),n.d(t,"ValueSanitizer",(function(){return I})),n.d(t,"NotificationManager",(function(){return E.a})),n.d(t,"BaseTelemetryPlugin",(function(){return S.a})),n.d(t,"ProcessTelemetryContext",(function(){return N.a})),n.d(t,"MinChannelPriorty",(function(){return w.a})),n.d(t,"EventsDiscardedReason",(function(){return P.a})),n.d(t,"DiagnosticLogger",(function(){return c.a})),n.d(t,"LoggingSeverity",(fun
                                            No static file info