Edit tour

Windows Analysis Report
https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection

Overview

General Information

Sample URL:https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
Analysis ID:669260
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5924 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 1384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,11984701893465035516,3308727000603284705,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: global trafficHTTP traffic detected: GET /HumanResources25/DirectorsAndEmployeesBenefitSection HTTP/1.1Host: www.cognitoforms.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Content/public-form.css?cachehash=1789269854 HTTP/1.1Host: www.cognitoforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSectionAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Scripts/testing/AutotestDetect.js HTTP/1.1Host: www.cognitoforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSectionAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Scripts/vertical-form-edge-snapping.js?cachehash=1789269854 HTTP/1.1Host: www.cognitoforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSectionAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /f/seamless.js HTTP/1.1Host: www.cognitoforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSectionAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://apis.google.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: 9d40633a-58fe-4489-9d9d-368e9fd09512.tmp.1.dr, 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://dns.google
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://r4---sn-4g5e6nsk.gvt1.com
Source: 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://www.google.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: classification engineClassification label: clean0.win@14/21@3/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,11984701893465035516,3308727000603284705,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,11984701893465035516,3308727000603284705,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62D77D26-1724.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 669260 URL: https://www.cognitoforms.co... Startdate: 19/07/2022 Architecture: WINDOWS Score: 0 5 chrome.exe 11 46 2->5         started        dnsIp3 11 192.168.2.1 unknown unknown 5->11 13 192.168.2.4 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 8 chrome.exe 13 5->8         started        process4 dnsIp5 17 cognitoforms.com 23.96.4.241, 443, 49763, 49764 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 8->17 19 accounts.google.com 142.250.180.141, 443, 49765 GOOGLEUS United States 8->19 21 4 other IPs or domains 8->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection1%VirustotalBrowse
https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://dns.google0%URL Reputationsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
cognitoforms.com
23.96.4.241
truefalse
    high
    accounts.google.com
    142.250.180.141
    truefalse
      high
      clients.l.google.com
      216.58.209.46
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          www.cognitoforms.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://www.cognitoforms.com/Scripts/testing/AutotestDetect.jsfalse
              high
              https://www.cognitoforms.com/Content/public-form.css?cachehash=1789269854false
                high
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                  high
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    high
                    https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSectionfalse
                      high
                      https://www.cognitoforms.com/Scripts/vertical-form-edge-snapping.js?cachehash=1789269854false
                        high
                        https://www.cognitoforms.com/f/seamless.jsfalse
                          high
                          NameSourceMaliciousAntivirus DetectionReputation
                          https://www.google.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                            high
                            https://dns.google9d40633a-58fe-4489-9d9d-368e9fd09512.tmp.1.dr, 5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                            • URL Reputation: safe
                            unknown
                            https://ogs.google.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                              high
                              https://accounts.google.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                                high
                                https://clients2.googleusercontent.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                                  high
                                  https://apis.google.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                                    high
                                    https://clients2.google.com5f24ec1a-2894-4b13-b920-5514f9fbe9c6.tmp.1.dr, 07dbbae0-ae93-4a48-b50d-fe433d1fbd45.tmp.1.drfalse
                                      high
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      23.96.4.241
                                      cognitoforms.comUnited States
                                      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      216.58.209.46
                                      clients.l.google.comUnited States
                                      15169GOOGLEUSfalse
                                      239.255.255.250
                                      unknownReserved
                                      unknownunknownfalse
                                      142.250.180.141
                                      accounts.google.comUnited States
                                      15169GOOGLEUSfalse
                                      IP
                                      192.168.2.1
                                      192.168.2.4
                                      127.0.0.1
                                      Joe Sandbox Version:35.0.0 Citrine
                                      Analysis ID:669260
                                      Start date and time: 19/07/202220:56:092022-07-19 20:56:09 +02:00
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 4m 59s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:browseurl.jbs
                                      Sample URL:https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                      Number of analysed new started processes analysed:17
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:CLEAN
                                      Classification:clean0.win@14/21@3/7
                                      EGA Information:Failed
                                      HDC Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 0
                                      • Number of non-executed functions: 0
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 23.54.113.53, 23.213.168.66, 142.250.184.78, 142.251.209.3, 173.194.187.73, 74.125.163.198, 142.250.184.35
                                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, r4---sn-4g5e6nsk.gvt1.com, r1.sn-4g5lznle.gvt1.com, e12564.dspb.akamaiedge.net, r1---sn-4g5lznle.gvt1.com, redirector.gvt1.com, login.live.com, store-images.s-microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r4.sn-4g5e6nsk.gvt1.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenFile calls found.
                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                      No simulations
                                      No context
                                      No context
                                      No context
                                      No context
                                      No context
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):451603
                                      Entropy (8bit):5.009711072558331
                                      Encrypted:false
                                      SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                      MD5:A78AD14E77147E7DE3647E61964C0335
                                      SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                      SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                      SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                      Malicious:false
                                      Reputation:low
                                      Preview:BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):418327
                                      Entropy (8bit):6.046110471814276
                                      Encrypted:false
                                      SSDEEP:6144:IDFOUxbkvSBHojgbG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinV:cBqvSRoj4GNPUZ+w7wJHyEtAWY
                                      MD5:9E28B63C18841096229C71CB62CDA4E2
                                      SHA1:B8EE31F6C2B39A7D0A471FC9FCF3E7AB9EBBB9FB
                                      SHA-256:387283586430389058313206B5039DE3584570A486B6AE63504D014447529FA4
                                      SHA-512:11031761BE949A8156D0F670CD60FB16F58BF8EA69C96991A73C7D8030DE5CBBBFB60CD114255BE70AFBB65A8ECE1E439C7D4E4C1D6D05BAF3EF532A30BBA214
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.658289453268598e+12,"network":1.658257056e+12,"ticks":183211112.0,"uncertainty":7278230.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):409603
                                      Entropy (8bit):6.02538684095003
                                      Encrypted:false
                                      SSDEEP:6144:TDFOUxbkvSBHojgbG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinV:VBqvSRoj4GNPUZ+w7wJHyEtAWY
                                      MD5:9CBEB71AF7A481FC8192FE1DA807ED10
                                      SHA1:91B00CFA02373DB476211083CA414CDBA00FF2B0
                                      SHA-256:1692EE4E7CEB42B719D675BD47771073BAA31E3AD97E02301FD014B329EE77A6
                                      SHA-512:E8985C2D872A564A990D75F49697E171C30EEF4C0B065A1DABC3C14D7A88A3CCCA2B3D6C6AFBD64999DF90A382284AF9469C76DBE4B79AF091F8D6738FE31D41
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.658289453268598e+12,"network":1.658257056e+12,"ticks":183211112.0,"uncertainty":7278230.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):418327
                                      Entropy (8bit):6.046110471814276
                                      Encrypted:false
                                      SSDEEP:6144:IDFOUxbkvSBHojgbG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinV:cBqvSRoj4GNPUZ+w7wJHyEtAWY
                                      MD5:9E28B63C18841096229C71CB62CDA4E2
                                      SHA1:B8EE31F6C2B39A7D0A471FC9FCF3E7AB9EBBB9FB
                                      SHA-256:387283586430389058313206B5039DE3584570A486B6AE63504D014447529FA4
                                      SHA-512:11031761BE949A8156D0F670CD60FB16F58BF8EA69C96991A73C7D8030DE5CBBBFB60CD114255BE70AFBB65A8ECE1E439C7D4E4C1D6D05BAF3EF532A30BBA214
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.658289453268598e+12,"network":1.658257056e+12,"ticks":183211112.0,"uncertainty":7278230.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):40
                                      Entropy (8bit):3.3041625260016576
                                      Encrypted:false
                                      SSDEEP:3:FkXEwozZHn:+EwozZHn
                                      MD5:BEBB369FF4A565B19D5E0BC83CD176AE
                                      SHA1:A6F07666F8DDDF61E5AACE533129BFB541A8A769
                                      SHA-256:8018F98553432706436A31FFD1E743018C3B7F1AA8D34B2FA18F494A4CFCEB19
                                      SHA-512:5D2F9F6E9502517AFF4673C3157D57046D4E38D70B5E228F468FB820363E559087D1A2F2E4006B4589BF3F175A4507F1FA3D7BE5FC34F9FA39EB17757DAEC17F
                                      Malicious:false
                                      Reputation:low
                                      Preview:sdPC.......................y3..M.Y.NbD.
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:modified
                                      Size (bytes):1929
                                      Entropy (8bit):4.882782261391631
                                      Encrypted:false
                                      SSDEEP:48:YALteBdpNntw3qyvTCXDHz5sB2GsBvDsB4RLsBTB6rDbG:2lNnOa+TCXDHzy2bvQ4qN6rDS
                                      MD5:CC33F0E1BC6BAC6EC31C99E891E9952F
                                      SHA1:6FF6D8BF2C9D0450A7E0E994A688C28B912EEDE1
                                      SHA-256:9985665551B04B22B9D949BD37947AEEF187244E50674BF278AAD4938420142F
                                      SHA-512:000758CE43AAD19E553BC62A874CEE7AEC2D871834E8E74C145BF3499B04785657212128CAA40605F266170DF450F8DA165A8B6104299057CAAD63F70FBD3D77
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):5140
                                      Entropy (8bit):4.9803364992585895
                                      Encrypted:false
                                      SSDEEP:96:nfXbVMqm1paAKI/xk0JCKL89AG4k1vS1fmqbOTQVuwn:nfXbtm1p974KFG4k1aBmg
                                      MD5:431C8AFE05075B4FC335E16AB77D0DC3
                                      SHA1:78B9BF0B78E08A902E8DE71591009CB1B7EBA76E
                                      SHA-256:D4929873369E7D704788596794B0CF87B9AAE2AC7BE24F68C8B1B4F1D41045E0
                                      SHA-512:8A6123F757B6088E2C2CFD697BE2C898A4A1F431406025A9DF4D3C3D4C28B96372A499D7E5FBA55EB887B2324E4F5F4CB9FDA8E8F2BAD98ADEC2228EDEA4E36F
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13302763049963598","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:very short file (no magic)
                                      Category:dropped
                                      Size (bytes):1
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3:L:L
                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                      Malicious:false
                                      Reputation:low
                                      Preview:.
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):2825
                                      Entropy (8bit):4.86435102445835
                                      Encrypted:false
                                      SSDEEP:48:YALtdpBeMsNMHK5sJDysACs37sHWsd5/sSYMHCKs/MHCzsSOMHwsSJtFsX3RLs9D:HQxGKWDS1i/5vYGmGqOGKJ03QshS
                                      MD5:95488A82D5073BDAAFC1480073FF801F
                                      SHA1:E2E979B6D4A3EE16A815115C414D0A98E1DFA93F
                                      SHA-256:C091AE68AFCD5EC632B2C324B983D70F722463CB4D05A3CE8D52E07AA7E5A5D6
                                      SHA-512:D536466352320C5D394130A59B605617580050CDF325C4B3392D87D384C246E9D8C54FC16A247FF4B379F162536304E0D312D7781FFE245C643C5081B8BE08CD
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952675493","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":32613},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952813644","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952748754","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952634896","port":443,"protocol_str":"quic"}],"isolation":[],"server"
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):17529
                                      Entropy (8bit):5.5742516321268605
                                      Encrypted:false
                                      SSDEEP:384:BQSt2LlI9X+1kXqKf/pUZNCgVLH2HfD6rUj874h4g:GLlU+1kXqKf/pUZNCgVLH2Hf2rU474hD
                                      MD5:2B8E5357782BA1FF3834F5CAE1CA23D0
                                      SHA1:436B361E0892738A1DD4DBA7DDC541E68117B3D0
                                      SHA-256:6E381DECB0663A25E26DEE108C3AD2D5A43860C345D9B80CF8888C58173AB889
                                      SHA-512:801953CD581E20C11E5E910AFB3149060D26E6A524F08AAC49B322FBF56CBE06846973E9054DAAE93BAC05BD4D7C2B9E8A93444793F43A6D78E0EBC4202F7CFE
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13302763048302472","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):1929
                                      Entropy (8bit):4.882782261391631
                                      Encrypted:false
                                      SSDEEP:48:YALteBdpNntw3qyvTCXDHz5sB2GsBvDsB4RLsBTB6rDbG:2lNnOa+TCXDHzy2bvQ4qN6rDS
                                      MD5:CC33F0E1BC6BAC6EC31C99E891E9952F
                                      SHA1:6FF6D8BF2C9D0450A7E0E994A688C28B912EEDE1
                                      SHA-256:9985665551B04B22B9D949BD37947AEEF187244E50674BF278AAD4938420142F
                                      SHA-512:000758CE43AAD19E553BC62A874CEE7AEC2D871834E8E74C145BF3499B04785657212128CAA40605F266170DF450F8DA165A8B6104299057CAAD63F70FBD3D77
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):5153
                                      Entropy (8bit):4.982475619016409
                                      Encrypted:false
                                      SSDEEP:96:nfXbVFqm1paAKI/xk0JCKL89AG4k1vS1fmcbOTQVuwn:nfXbmm1p974KFG4k1aBmm
                                      MD5:4924E6C33A0E8794C5060954D75F8987
                                      SHA1:C177B5F0D037D264F2615A4936B6FB4D45B16951
                                      SHA-256:09504256A8AF956C04F858CC22EC128A4889DA1AA71CB5B4E59956F106ADFFED
                                      SHA-512:901B82691CB613D4EB191FA9A83F1A3AE2B08EEBEB38AAF34530E14DB69F2498353C36DD48E3E2FC53691CCEFB8EE8A1EF19840F715024D2FD58DA0451C20D29
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13302763049963598","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):17530
                                      Entropy (8bit):5.5742541516535296
                                      Encrypted:false
                                      SSDEEP:384:BQStHLlI9X+1kXqKf/pUZNCgVLH2HfD6rUK874h4+:3LlU+1kXqKf/pUZNCgVLH2Hf2rUl74h1
                                      MD5:1819DD77EBE766116BBC7517BCAE565C
                                      SHA1:40F75F4F9630AFF7CBFA00861147A7238DE6A66F
                                      SHA-256:4F9EFE4D5B421EFB9327F9D28FBD024F7872B044A5034484C2C2C1FD67DEA665
                                      SHA-512:C930AF4A76F69C7AF083D53200F606ACB5166703A19F02DBA0662A0932F5657BDDFB47FAFE7D44CBE1E987C263AEC0E1EBA4C26C300319C7DDE6D472CA4D0A60
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13302763048302472","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):325
                                      Entropy (8bit):4.95629898779197
                                      Encrypted:false
                                      SSDEEP:6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
                                      MD5:D5BB2F0F1694209F0C6AE5BA44DAC338
                                      SHA1:41B2CDE10C8937FC9607E608AF65EDF709033350
                                      SHA-256:20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
                                      SHA-512:A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):270336
                                      Entropy (8bit):0.0012471779557650352
                                      Encrypted:false
                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                      Malicious:false
                                      Reputation:low
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):325
                                      Entropy (8bit):4.95629898779197
                                      Encrypted:false
                                      SSDEEP:6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
                                      MD5:D5BB2F0F1694209F0C6AE5BA44DAC338
                                      SHA1:41B2CDE10C8937FC9607E608AF65EDF709033350
                                      SHA-256:20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
                                      SHA-512:A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):17530
                                      Entropy (8bit):5.5742541516535296
                                      Encrypted:false
                                      SSDEEP:384:BQStHLlI9X+1kXqKf/pUZNCgVLH2HfD6rUK874h4+:3LlU+1kXqKf/pUZNCgVLH2Hf2rUl74h1
                                      MD5:1819DD77EBE766116BBC7517BCAE565C
                                      SHA1:40F75F4F9630AFF7CBFA00861147A7238DE6A66F
                                      SHA-256:4F9EFE4D5B421EFB9327F9D28FBD024F7872B044A5034484C2C2C1FD67DEA665
                                      SHA-512:C930AF4A76F69C7AF083D53200F606ACB5166703A19F02DBA0662A0932F5657BDDFB47FAFE7D44CBE1E987C263AEC0E1EBA4C26C300319C7DDE6D472CA4D0A60
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13302763048302472","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):5153
                                      Entropy (8bit):4.982475619016409
                                      Encrypted:false
                                      SSDEEP:96:nfXbVFqm1paAKI/xk0JCKL89AG4k1vS1fmcbOTQVuwn:nfXbmm1p974KFG4k1aBmm
                                      MD5:4924E6C33A0E8794C5060954D75F8987
                                      SHA1:C177B5F0D037D264F2615A4936B6FB4D45B16951
                                      SHA-256:09504256A8AF956C04F858CC22EC128A4889DA1AA71CB5B4E59956F106ADFFED
                                      SHA-512:901B82691CB613D4EB191FA9A83F1A3AE2B08EEBEB38AAF34530E14DB69F2498353C36DD48E3E2FC53691CCEFB8EE8A1EF19840F715024D2FD58DA0451C20D29
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13302763049963598","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):13
                                      Entropy (8bit):2.8150724101159437
                                      Encrypted:false
                                      SSDEEP:3:Yx7:4
                                      MD5:C422F72BA41F662A919ED0B70E5C3289
                                      SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                      SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                      SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                      Malicious:false
                                      Reputation:low
                                      Preview:85.0.4183.121
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:dropped
                                      Size (bytes):409603
                                      Entropy (8bit):6.02538684095003
                                      Encrypted:false
                                      SSDEEP:6144:TDFOUxbkvSBHojgbG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinV:VBqvSRoj4GNPUZ+w7wJHyEtAWY
                                      MD5:9CBEB71AF7A481FC8192FE1DA807ED10
                                      SHA1:91B00CFA02373DB476211083CA414CDBA00FF2B0
                                      SHA-256:1692EE4E7CEB42B719D675BD47771073BAA31E3AD97E02301FD014B329EE77A6
                                      SHA-512:E8985C2D872A564A990D75F49697E171C30EEF4C0B065A1DABC3C14D7A88A3CCCA2B3D6C6AFBD64999DF90A382284AF9469C76DBE4B79AF091F8D6738FE31D41
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.658289453268598e+12,"network":1.658257056e+12,"ticks":183211112.0,"uncertainty":7278230.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines, with no line terminators
                                      Category:modified
                                      Size (bytes):409603
                                      Entropy (8bit):6.02538684095003
                                      Encrypted:false
                                      SSDEEP:6144:TDFOUxbkvSBHojgbG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinV:VBqvSRoj4GNPUZ+w7wJHyEtAWY
                                      MD5:9CBEB71AF7A481FC8192FE1DA807ED10
                                      SHA1:91B00CFA02373DB476211083CA414CDBA00FF2B0
                                      SHA-256:1692EE4E7CEB42B719D675BD47771073BAA31E3AD97E02301FD014B329EE77A6
                                      SHA-512:E8985C2D872A564A990D75F49697E171C30EEF4C0B065A1DABC3C14D7A88A3CCCA2B3D6C6AFBD64999DF90A382284AF9469C76DBE4B79AF091F8D6738FE31D41
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.658289453268598e+12,"network":1.658257056e+12,"ticks":183211112.0,"uncertainty":7278230.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                      No static file info

                                      Download Network PCAP: filteredfull

                                      • Total Packets: 79
                                      • 443 (HTTPS)
                                      • 53 (DNS)
                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 19, 2022 20:57:34.969235897 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.969296932 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:34.970300913 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.970300913 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.970330954 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:34.970434904 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.971513033 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.971534967 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:34.972141981 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:34.972192049 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:34.992357969 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:34.992402077 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:34.992495060 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:34.992969990 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:34.992988110 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:35.061850071 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:35.156582117 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:35.156631947 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:35.158051014 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:35.158127069 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:35.158180952 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:35.281131983 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:35.288887024 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.293422937 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.391442060 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.392086029 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.523607016 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.523648977 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.524283886 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.524308920 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.524847031 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.524868965 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.524971962 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.525521994 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.525538921 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:35.525641918 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:35.618983030 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:35.619030952 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.619157076 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:35.619741917 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:35.619760990 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.681581020 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.683196068 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:35.683229923 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.683635950 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.683716059 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:35.684572935 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:35.684670925 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.018029928 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.018238068 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:36.018583059 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.018724918 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.018944025 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.019057989 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:36.019288063 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.019428968 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.019895077 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.019922018 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:36.020591021 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.020606041 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.020994902 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.021019936 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:36.061937094 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:36.062026978 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.062041044 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:36.062125921 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.065247059 CEST49768443192.168.2.6216.58.209.46
                                      Jul 19, 2022 20:57:36.065263033 CEST44349768216.58.209.46192.168.2.6
                                      Jul 19, 2022 20:57:36.081197977 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.084561110 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:36.084681034 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.084693909 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:36.084769011 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.104146957 CEST49765443192.168.2.6142.250.180.141
                                      Jul 19, 2022 20:57:36.104173899 CEST44349765142.250.180.141192.168.2.6
                                      Jul 19, 2022 20:57:36.191220999 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.191236019 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.191247940 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.191925049 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.191953897 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.192034006 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.192034960 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.192106009 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.196091890 CEST49763443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.196126938 CEST4434976323.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.293554068 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.462189913 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.494813919 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.494865894 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.494967937 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.495498896 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.495520115 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.497328043 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.497366905 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.497487068 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.497817039 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.497832060 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.499433994 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.499469995 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.499546051 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.499840975 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.499854088 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.508500099 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.583801031 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.583859921 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.583934069 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.583952904 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.583992958 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.584017992 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.584054947 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.605554104 CEST49764443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.605578899 CEST4434976423.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.811009884 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.811719894 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.811757088 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.812103033 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.812726974 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.813323975 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.813481092 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.813652039 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.813671112 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.813833952 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.815960884 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.816123962 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.817007065 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.817147017 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.817267895 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.817286015 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.856502056 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.891530037 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.928883076 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.928925991 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.928987980 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:36.928999901 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.929027081 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.967462063 CEST49770443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:36.967493057 CEST4434977023.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:37.438992977 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:37.466857910 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:37.466900110 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:37.467453003 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:37.470449924 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:37.470616102 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:37.470835924 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:37.512504101 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:38.436981916 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:38.437175989 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:57:38.437259912 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:41.412261963 CEST49772443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:57:41.412288904 CEST4434977223.96.4.241192.168.2.6
                                      Jul 19, 2022 20:58:22.520262003 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:58:22.520291090 CEST4434977123.96.4.241192.168.2.6
                                      Jul 19, 2022 20:59:07.524734020 CEST49771443192.168.2.623.96.4.241
                                      Jul 19, 2022 20:59:07.524754047 CEST4434977123.96.4.241192.168.2.6
                                      TimestampSource PortDest PortSource IPDest IP
                                      Jul 19, 2022 20:57:34.257461071 CEST5659153192.168.2.68.8.8.8
                                      Jul 19, 2022 20:57:34.266551971 CEST6035053192.168.2.68.8.8.8
                                      Jul 19, 2022 20:57:34.271507978 CEST5174853192.168.2.68.8.8.8
                                      Jul 19, 2022 20:57:34.276762962 CEST53565918.8.8.8192.168.2.6
                                      Jul 19, 2022 20:57:34.283822060 CEST53603508.8.8.8192.168.2.6
                                      Jul 19, 2022 20:57:34.299165010 CEST53517488.8.8.8192.168.2.6
                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                      Jul 19, 2022 20:57:34.257461071 CEST192.168.2.68.8.8.80x882cStandard query (0)accounts.google.comA (IP address)IN (0x0001)
                                      Jul 19, 2022 20:57:34.266551971 CEST192.168.2.68.8.8.80xe1b2Standard query (0)www.cognitoforms.comA (IP address)IN (0x0001)
                                      Jul 19, 2022 20:57:34.271507978 CEST192.168.2.68.8.8.80xff59Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                      Jul 19, 2022 20:57:34.276762962 CEST8.8.8.8192.168.2.60x882cNo error (0)accounts.google.com142.250.180.141A (IP address)IN (0x0001)
                                      Jul 19, 2022 20:57:34.283822060 CEST8.8.8.8192.168.2.60xe1b2No error (0)www.cognitoforms.comcognitoforms.comCNAME (Canonical name)IN (0x0001)
                                      Jul 19, 2022 20:57:34.283822060 CEST8.8.8.8192.168.2.60xe1b2No error (0)cognitoforms.com23.96.4.241A (IP address)IN (0x0001)
                                      Jul 19, 2022 20:57:34.299165010 CEST8.8.8.8192.168.2.60xff59No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                      Jul 19, 2022 20:57:34.299165010 CEST8.8.8.8192.168.2.60xff59No error (0)clients.l.google.com216.58.209.46A (IP address)IN (0x0001)
                                      • accounts.google.com
                                      • www.cognitoforms.com
                                      • clients2.google.com
                                      • https:
                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.649765142.250.180.141443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                      Host: accounts.google.com
                                      Connection: keep-alive
                                      Content-Length: 1
                                      Origin: https://www.google.com
                                      Content-Type: application/x-www-form-urlencoded
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:36 UTC0OUTData Raw: 20
                                      Data Ascii:
                                      2022-07-19 18:57:36 UTC3INHTTP/1.1 200 OK
                                      Content-Type: application/json; charset=utf-8
                                      Access-Control-Allow-Origin: https://www.google.com
                                      Access-Control-Allow-Credentials: true
                                      X-Content-Type-Options: nosniff
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Tue, 19 Jul 2022 18:57:36 GMT
                                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                                      Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Y7XpQXLnf8h73mwGvs25qA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                      Content-Security-Policy: script-src 'nonce-Y7XpQXLnf8h73mwGvs25qA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                      Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                                      Server: ESF
                                      X-XSS-Protection: 0
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                      Accept-Ranges: none
                                      Vary: Accept-Encoding
                                      Connection: close
                                      Transfer-Encoding: chunked
                                      2022-07-19 18:57:36 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                      Data Ascii: 11["gaia.l.a.r",[]]
                                      2022-07-19 18:57:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      1192.168.2.64976323.96.4.241443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC0OUTGET /HumanResources25/DirectorsAndEmployeesBenefitSection HTTP/1.1
                                      Host: www.cognitoforms.com
                                      Connection: keep-alive
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:36 UTC5INHTTP/1.1 200 OK
                                      Cache-Control: no-cache, no-store, must-revalidate
                                      Pragma: no-cache
                                      Content-Type: text/html; charset=utf-8
                                      Expires: -1
                                      Server: Microsoft-IIS/10.0
                                      Strict-Transport-Security: max-age=35136000; includeSubDomains
                                      Access-Control-Allow-Origin: *
                                      X-Server-Time: 2022-07-19T18:57:36.097Z
                                      Access-Control-Expose-Headers: X-SessionToken,X-Server-Time
                                      P3P: CP="Cognito does not have a P3P policy. Visit https://cognitoforms.com/privacy for details."
                                      X-Role-Instance: Cognito.Services_IN_16
                                      X-Request-Time: 28ms
                                      Content-Security-Policy: default-src 'self' https://*; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:;
                                      X-Content-Type-Options: nosniff
                                      Referrer-Policy: origin-when-cross-origin
                                      Request-Context: appId=cid-v1:bac45fa9-8f8e-4ddb-8e70-d648fe57a27a
                                      Date: Tue, 19 Jul 2022 18:57:36 GMT
                                      Connection: close
                                      Content-Length: 2123
                                      2022-07-19 18:57:36 UTC6INData Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 63 6f 67 2d 70 75 62 6c 69 63 2d 66 6f 72 6d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 74 69 74 6c 65 3e 44 69 72 65 63 74 6f 72 73 20 61 6e 64 20 45 6d 70 6c 6f 79 65 65 73 20 42 65 6e 65 66 69 74 20 53 65 63 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65
                                      Data Ascii: <!DOCTYPE html><html lang="en" class="cog-public-form"><head><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Directors and Employees Benefit Section</title><meta name="viewport" content="width=device


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      2192.168.2.649768216.58.209.46443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC1OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                      Host: clients2.google.com
                                      Connection: keep-alive
                                      X-Goog-Update-Interactivity: fg
                                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                      X-Goog-Update-Updater: chromecrx-85.0.4183.121
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:36 UTC1INHTTP/1.1 200 OK
                                      Content-Security-Policy: script-src 'report-sample' 'nonce--tGl4QmLgUdVSK9oH2Et-w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                      Pragma: no-cache
                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                      Date: Tue, 19 Jul 2022 18:57:36 GMT
                                      Content-Type: text/xml; charset=UTF-8
                                      X-Daynum: 5678
                                      X-Daystart: 43056
                                      X-Content-Type-Options: nosniff
                                      X-Frame-Options: SAMEORIGIN
                                      X-XSS-Protection: 1; mode=block
                                      Server: GSE
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                      Accept-Ranges: none
                                      Vary: Accept-Encoding
                                      Connection: close
                                      Transfer-Encoding: chunked
                                      2022-07-19 18:57:36 UTC2INData Raw: 33 31 62 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 36 37 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 33 30 35 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                      Data Ascii: 31b<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5678" elapsed_seconds="43056"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                      2022-07-19 18:57:36 UTC3INData Raw: 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61
                                      Data Ascii: mmhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><a
                                      2022-07-19 18:57:36 UTC3INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      3192.168.2.64976423.96.4.241443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC8OUTGET /Content/public-form.css?cachehash=1789269854 HTTP/1.1
                                      Host: www.cognitoforms.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept: text/css,*/*;q=0.1
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: style
                                      Referer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:36 UTC8INHTTP/1.1 200 OK
                                      Content-Type: text/css
                                      Last-Modified: Thu, 14 Jul 2022 13:14:32 GMT
                                      Accept-Ranges: bytes
                                      ETag: "7de969a88397d81:0"
                                      Server: Microsoft-IIS/10.0
                                      Strict-Transport-Security: max-age=35136000; includeSubDomains
                                      Access-Control-Allow-Origin: *
                                      X-Server-Time: 2022-07-19T18:57:36.516Z
                                      Access-Control-Expose-Headers: X-SessionToken,X-Server-Time
                                      P3P: CP="Cognito does not have a P3P policy. Visit https://cognitoforms.com/privacy for details."
                                      X-Role-Instance: Cognito.Services_IN_35
                                      X-Request-Time: 0ms
                                      Content-Security-Policy: default-src 'self' https://*; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:;
                                      X-Content-Type-Options: nosniff
                                      Referrer-Policy: origin-when-cross-origin
                                      Request-Context: appId=cid-v1:bac45fa9-8f8e-4ddb-8e70-d648fe57a27a
                                      Date: Tue, 19 Jul 2022 18:57:36 GMT
                                      Connection: close
                                      Content-Length: 3738
                                      2022-07-19 18:57:36 UTC9INData Raw: 2f 2a 20 43 53 53 20 66 6f 72 20 74 68 65 20 70 75 62 6c 69 63 20 66 6f 72 6d 20 70 72 6f 70 65 72 20 61 73 20 77 65 6c 6c 20 61 73 20 6f 74 68 65 72 20 69 6e 74 65 72 6e 61 6c 6c 79 20 65 6d 62 65 64 64 65 64 20 66 6f 72 6d 73 20 73 75 63 68 20 61 73 20 62 75 69 6c 64 65 72 20 70 72 65 76 69 65 77 2e 20 2a 2f 0d 0a 0d 0a 68 74 6d 6c 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 2c 0d 0a 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 3a 72 6f 6f 74 20 62 6f 64 79 20 7b 0d 0a 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 20 6e 6f 6e 65
                                      Data Ascii: /* CSS for the public form proper as well as other internally embedded forms such as builder preview. */html:root:root:root:root:root,:root:root:root:root:root body {height: 100%;box-sizing: border-box;margin: 0;overscroll-behavior: none


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      4192.168.2.64977023.96.4.241443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC13OUTGET /Scripts/testing/AutotestDetect.js HTTP/1.1
                                      Host: www.cognitoforms.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept: */*
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Referer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:36 UTC14INHTTP/1.1 200 OK
                                      Content-Type: application/javascript
                                      Last-Modified: Thu, 14 Jul 2022 13:14:33 GMT
                                      Accept-Ranges: bytes
                                      ETag: "c877ca88397d81:0"
                                      Server: Microsoft-IIS/10.0
                                      Strict-Transport-Security: max-age=35136000; includeSubDomains
                                      Access-Control-Allow-Origin: *
                                      X-Server-Time: 2022-07-19T18:57:36.863Z
                                      Access-Control-Expose-Headers: X-SessionToken,X-Server-Time
                                      P3P: CP="Cognito does not have a P3P policy. Visit https://cognitoforms.com/privacy for details."
                                      X-Role-Instance: Cognito.Services_IN_30
                                      X-Request-Time: 0ms
                                      Content-Security-Policy: default-src 'self' https://*; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:;
                                      X-Content-Type-Options: nosniff
                                      Referrer-Policy: origin-when-cross-origin
                                      Request-Context: appId=cid-v1:bac45fa9-8f8e-4ddb-8e70-d648fe57a27a
                                      Date: Tue, 19 Jul 2022 18:57:36 GMT
                                      Connection: close
                                      Content-Length: 5561
                                      2022-07-19 18:57:36 UTC15INData Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 73 63 72 69 70 74 45 72 72 6f 72 73 20 3d 20 5b 5d 3b 0d 0a 20 20 20 20 76 61 72 20 73 63 72 69 70 74 4c 6f 67 73 20 3d 20 5b 5d 3b 0d 0a 20 20 20 20 76 61 72 20 6c 6f 67 53 74 61 72 74 54 69 6d 65 20 3d 20 6e 75 6c 6c 3b 0d 0a 20 20 20 20 76 61 72 20 6c 6f 67 49 6e 69 74 69 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 20 3d 20 6e 75 6c 6c 3b 0d 0a 0d 0a 20 20 20 20 76 61 72 20 6d 69 6c 6c 69 53 65 63 50 65 72 53 65 63 6f 6e 64 20 3d 20 31 30 30 30 3b 0d 0a 20 20 20 20 76 61 72 20 6d 69 6c 6c 69 53 65 63 50 65 72 4d 69 6e 75 74 65 20 3d 20 6d 69 6c 6c 69 53 65 63 50 65 72 53 65 63 6f 6e 64 20 2a 20 36 30 3b 0d 0a 20 20 20 20 76 61 72 20 6d 69 6c 6c 69 53 65 63 50 65 72 48 6f 75 72 20 3d
                                      Data Ascii: (function () { var scriptErrors = []; var scriptLogs = []; var logStartTime = null; var logInitialMilliseconds = null; var milliSecPerSecond = 1000; var milliSecPerMinute = milliSecPerSecond * 60; var milliSecPerHour =


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      5192.168.2.64977223.96.4.241443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:36 UTC13OUTGET /Scripts/vertical-form-edge-snapping.js?cachehash=1789269854 HTTP/1.1
                                      Host: www.cognitoforms.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept: */*
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Referer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2022-07-19 18:57:38 UTC21INHTTP/1.1 200 OK
                                      Content-Type: application/javascript
                                      Last-Modified: Thu, 14 Jul 2022 13:14:33 GMT
                                      Accept-Ranges: bytes
                                      ETag: "ee9193a88397d81:0"
                                      Server: Microsoft-IIS/10.0
                                      Strict-Transport-Security: max-age=35136000; includeSubDomains
                                      Access-Control-Allow-Origin: *
                                      X-Server-Time: 2022-07-19T18:57:38.369Z
                                      Access-Control-Expose-Headers: X-SessionToken,X-Server-Time
                                      P3P: CP="Cognito does not have a P3P policy. Visit https://cognitoforms.com/privacy for details."
                                      X-Role-Instance: Cognito.Services_IN_24
                                      X-Request-Time: 0ms
                                      Content-Security-Policy: default-src 'self' https://*; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:;
                                      X-Content-Type-Options: nosniff
                                      Referrer-Policy: origin-when-cross-origin
                                      Request-Context: appId=cid-v1:bac45fa9-8f8e-4ddb-8e70-d648fe57a27a
                                      Date: Tue, 19 Jul 2022 18:57:38 GMT
                                      Connection: close
                                      Content-Length: 1013
                                      2022-07-19 18:57:38 UTC22INData Raw: 66 75 6e 63 74 69 6f 6e 20 76 65 72 74 69 63 61 6c 53 6e 61 70 28 29 20 7b 0d 0a 09 76 61 72 20 66 6f 72 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 63 6f 67 2d 66 6f 72 6d 27 29 3b 0d 0a 09 76 61 72 20 66 6f 72 6d 43 6f 6e 74 65 6e 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 63 6f 67 2d 66 6f 72 6d 5f 5f 63 6f 6e 74 65 6e 74 27 29 3b 0d 0a 09 76 61 72 20 66 6f 72 6d 48 65 69 67 68 74 20 3d 20 66 6f 72 6d 43 6f 6e 74 65 6e 74 20 3f 20 66 6f 72 6d 43 6f 6e 74 65 6e 74 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 20 3a 20 30 3b 0d 0a 09 0d 0a 09 2f 2f 20 43 66 2e 20 6d 65 64 69 61 20 71 75 65 72 79 20 6f 6e 20 4c 6f 61 64 46 6f 72 6d 2e 63 73 68 74 6d 6c 0d 0a 09 69 66 28 66 6f
                                      Data Ascii: function verticalSnap() {var form = document.querySelector('.cog-form');var formContent = document.querySelector('.cog-form__content');var formHeight = formContent ? formContent.clientHeight : 0;// Cf. media query on LoadForm.cshtmlif(fo


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      6192.168.2.64977123.96.4.241443C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampkBytes transferredDirectionData
                                      2022-07-19 18:57:37 UTC20OUTGET /f/seamless.js HTTP/1.1
                                      Host: www.cognitoforms.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                      Accept: */*
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Referer: https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9


                                      050100s020406080100

                                      Click to jump to process

                                      050100s0.0020406080MB

                                      Click to jump to process

                                      • File
                                      • Registry

                                      Click to dive into process behavior distribution

                                      Click to jump to process

                                      Target ID:0
                                      Start time:20:57:24
                                      Start date:19/07/2022
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://www.cognitoforms.com/HumanResources25/DirectorsAndEmployeesBenefitSection
                                      Imagebase:0x7ff6220c0000
                                      File size:2150896 bytes
                                      MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      Target ID:1
                                      Start time:20:57:28
                                      Start date:19/07/2022
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,11984701893465035516,3308727000603284705,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
                                      Imagebase:0x7ff6220c0000
                                      File size:2150896 bytes
                                      MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      No disassembly