Windows
Analysis Report
https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u
Overview
General Information
Detection
Score: | 20 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6280 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6828 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2160 --fi eld-trial- handle=191 2,i,173934 3223466717 0224,81190 1154644441 6373,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6496 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://forms .office.co m/Pages/Re sponsePage .aspx?id=I FlAaXO2fE- IReEk6dCK8 oXJBkKKoBZ PtujagCihf l1UNzFaTTZ PSkRVSlI2V 0ZETUxBNkN COVhMUy4u" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Persistence and Installation Behavior |
---|
Source: | LLM: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.185.164 | true | false |
| unknown |
forms.office.com | unknown | unknown | false |
| unknown |
c.office.com | unknown | unknown | false |
| unknown |
cdn.forms.office.net | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.78 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.74.202 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
2.21.22.168 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
20.189.173.9 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.186.163 | unknown | United States | 15169 | GOOGLEUS | false | |
74.125.71.84 | unknown | United States | 15169 | GOOGLEUS | false | |
13.107.6.194 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.189.173.16 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
13.74.129.1 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.186.142 | unknown | United States | 15169 | GOOGLEUS | false | |
204.79.197.237 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
172.217.16.131 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532975 |
Start date and time: | 2024-10-14 08:34:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus20.win@17/29@14/156 |
- Exclude process from analysis (whitelisted): svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.78, 74.125.71.84, 13.107.6.194, 34.104.35.123, 2.21.22.168, 2.21.22.185, 142.250.74.202, 172.217.16.138, 172.217.18.106, 142.250.185.170, 142.250.186.74, 142.250.184.202, 216.58.206.42, 142.250.186.42, 142.250.186.106, 142.250.186.138, 142.250.186.170, 216.58.206.74, 142.250.185.106, 172.217.18.10, 216.58.212.138, 172.217.16.202, 199.232.210.172, 13.74.129.1, 204.79.197.237, 13.107.21.237
- Excluded domains from analysis (whitelisted): b-0039.b-msedge.net, accounts.google.com, content-autofill.googleapis.com, c-msn-com-nsatc.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, cdn.forms.office.net.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, a1894.dscms.akamai.net, clients2.google.com, edgedl.me.gvt1.com, c.bing.com, dual-a-0034.a-msedge.net, clients.l.google.com, forms.office.com.b-0039.b-msedge.net
- Not all processes where analyzed, report is missing behavior information
Input | Output |
---|---|
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: gemini-1.5-flash | { "text": "DENSO Purchase Order Acknowledgement Required Purchase Order Number Paste from the email notification, (ex. ORN-00..) Enter your answer Order Acknowledgement Did you receive the Purchase Order? Select your answer Order Fulfillment Date If \"Yes\", then provide the expected fulfillment date. If \"No\", then do not complete this section... the PO will be reissued. Please input date (M/d/yyyy) Submit Never give out your password. Report abuse Microsoft 365", "contains_trigger_text": false, "trigger_text": "", "prominent_button_name": "Submit", "text_input_field_labels": ["Purchase Order Number", "Enter your answer", "Select your answer", "Please input date (M/d/yyyy)"], "pdf_icon_visible": false, "has_visible_qrcode": false, "has_visible_captcha": false, "has_urgent_text": false} |
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: jbxai | { "brands":["Microsoft 365"], "text":"DENSO Purchase Order Acknowledgement", "contains_trigger_text":true, "trigger_text":"Purchase Order Number", "prominent_button_name":"Submit", "text_input_field_labels":["Purchase Order Number", "Order Acknowledgement", "Order Fulfillment Date"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: gemini-1.5-flash | { "brands": ["DENSO", "Microsoft 365"]} |
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: gemini-1.5-flash | { "text": "DENSO Purchase Order Acknowledgement Required Purchase Order Number Paste from the email notification, (ex. ORN-00..) Enter your answer Order Acknowledgement Did you receive the Purchase Order? Select your answer Order Fulfillment Date If \"Yes\", then provide the expected fulfillment date. If \"No\", then do not complete this section... the PO will be reissued. Please input date (M/d/yyyy) Submit Never give out your password. Report abuse Microsoft 365", "contains_trigger_text": false, "trigger_text": "", "prominent_button_name": "Submit", "text_input_field_labels": ["Purchase Order Number", "Enter your answer", "Select your answer", "Please input date (M/d/yyyy)"], "pdf_icon_visible": false, "has_visible_qrcode": false, "has_visible_captcha": false, "has_urgent_text": false} |
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: jbxai | { "brands":["Microsoft 365"], "text":"DENSO Purchase Order Acknowledgement", "contains_trigger_text":true, "trigger_text":"Purchase Order Number", "prominent_button_name":"Submit", "text_input_field_labels":["Purchase Order Number", "Order Acknowledgement", "Order Fulfillment Date"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=IFlAaXO2fE-IReEk6dCK8oXJBkKKoBZPtujagCihfl1UNzFaTTZPSkRVSlI2V0ZETUxBNkNCOVhMUy4u Model: gemini-1.5-flash | { "brands": ["DENSO", "Microsoft 365"]} |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9808528047546723 |
Encrypted: | false |
SSDEEP: | |
MD5: | 41E1D5A894993F1517B4084D0A5E3A5F |
SHA1: | 8F246EC05D91F47E7FEACFD9FB4669380974230C |
SHA-256: | 72FA52D0E472A00F73D15C54B88795411B1775CA31BC8104A9597B233F92F9DB |
SHA-512: | DDFDEAFA39890D4B8DF9ECA8029A6B5DE03E765B3AB8DFBE10C7D508E66809F9EAE4883810A45273E092F9120AEFA89CD5A8806E3F28F23121304232E8745E60 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9997950813928607 |
Encrypted: | false |
SSDEEP: | |
MD5: | F5AF6C7A9ECC929842F4E4C7C28C992D |
SHA1: | 5353DFC2173BD1574BD7A80582EE35C36CB0DF4B |
SHA-256: | 7AFA3B03506575E2D5C4EE079C195786C19F30A84A429CD210A80BE0247DFD0A |
SHA-512: | E90DBE126BD27E8292CC3FBB27D430CDD3BD36087C569ED21B6FA572C2266A9E5B7ECE72499A1BC5D5A9729F90635EF3D2968E2AED61B0CE48D913ACE1371BE4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.005655640439749 |
Encrypted: | false |
SSDEEP: | |
MD5: | 458A23A32C63B5994024C182694B73EB |
SHA1: | C376FAF4D8FBA7DAA6A9F81A3B71C4A609ADDD03 |
SHA-256: | 258CC74720F56407732C2E95E33A3B4518837680735EEEBA1938A061E43E3979 |
SHA-512: | 71635629D171A9C807AF64BE6ED1F6DE5B4AE56A3955378D0200443C16EE93A11AEE36B7411F4198586F2CCC3B36B38B8DC3DC991FF57C88C4F6A2C69056EC64 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9965022489283157 |
Encrypted: | false |
SSDEEP: | |
MD5: | CE1AB244F22F56DE29896D9A35CE20E9 |
SHA1: | D96E73BA248C699898D45332ADBB273554D7DB6F |
SHA-256: | 14CC859B3052F1A94D2B8A9720F716A1C540EE3F4638200043F5FEA5A2CBDD03 |
SHA-512: | C9FD7D99647FB0FFFDCF31C4EE6473A2A5BF0DF79FDC7830AB79E3CEE5CFD498E8BDCAF009DA2649F44BE117AADACDEC93B4DD9916640CFAEA0C2BC22B2299AF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.985867322026814 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2B6838CB26A4E40E1286E64826615330 |
SHA1: | 733A2E883ABC9C5A68D56A7570FA004C1B03BD2A |
SHA-256: | 8A9410B3FD24295729B0E0DE037BACE3D7EACEFFAE09B55441E2E2EE53124A5F |
SHA-512: | A28294BA3997C6F008C66AD8D62739E87F24C8869C43F495FD479EA8468494AB1F3318AD74F6A6A12F582F234BD35690958270952CAF2560AD253EBB65D5E450 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9918927644825493 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F087E799188047AFBB7030356C90708 |
SHA1: | A8424F93C866DEE799DC1D3E4990C401634CA026 |
SHA-256: | A00B180808951BFA4121FC26E23B4E9ED3EBA64EE56728AF1D19ECE8C55B88B6 |
SHA-512: | 13690D13FA4D33DBA26153AEA2E94544FDA06FDF73C8CAE0F0E56D4898C666E64ED4C686FD89391FB8724E5AD56A23D1F896374E29A94DDBCC8CB841F76A4903 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1779 |
Entropy (8bit): | 7.589819392147309 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4150A5D4F2B0284A9E62D247929DD2AA |
SHA1: | 97CA2D9ECE8F0855B2A93E6BFDFC4883685C51CB |
SHA-256: | F058653DCBA7E8B00D4BDB9409E06817F098AB18125CE5A5821520F04030D176 |
SHA-512: | D034378E76D58A899047B4639115102CC8F89AEF3F300DDAF0C0B3EAE40C8381040D1656109632E9095ED3F399218F196087D070C099FD89B9605DFBC34FB585 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28 |
Entropy (8bit): | 4.307354922057604 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F54FCE09B68AC5A85FD830B837FC0D6 |
SHA1: | BB5411FB4FBBA08147AEB6A3F723726A3AD7D2D0 |
SHA-256: | 62A39E3942718AE7512B9D85BC43FD906274B9D85818EEF14FCBE5CDAB0461C0 |
SHA-512: | 66970F949103941870260882DCBF58BDAE1C92F3675E35F0F9A054EEEC10E4219945F5EBE8C4E6707C0B3886B54FE00E1E5CD5768F4E59C8A3230BF64C620545 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkykmvonLnONBIFDZFhlU4SBQ3yhrz7?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1964 |
Entropy (8bit): | 7.600533581971006 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC6A627A2D1D410B051C01928180D30F |
SHA1: | C7ED08502C1AD2DA413B56BFDFF63873ADF7F7A3 |
SHA-256: | 7F77C691D669FC94853C14F76DE8C2665411C899C168E4655A4215D296DE8C3B |
SHA-512: | C45343430A32AADD3A2F6CD0373CC46396C67088B1495BBC43EB1001D06906D19F29BF8296F13483E7B00F921276C8444D33A0CBAD0BDDE01BE3C76EBE80D594 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/fonts/light/fluent-hybrid-icons-d54cb751.woff |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 72660 |
Entropy (8bit): | 5.493211572878673 |
Encrypted: | false |
SSDEEP: | |
MD5: | DDFF800B8B17672D504D6EE9BDE3B8CF |
SHA1: | 5B48D7DB7B3BA81467C10507FAE6551C6FC55AF8 |
SHA-256: | DA468988273C8635A284D3EF8B044D688B2F0A36AD7DD9F24694A7E27AD7BFD2 |
SHA-512: | 4A87EC4F427085EF21B7013CFA1B3EB0BA54D7EB9BF68B58056B47F09E4B53B94A91E1FB7D1502FC44157750865D9E99C72062D1C633A1585C64F6D5B1524DDF |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.b19a000.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1152 |
Entropy (8bit): | 5.363646055902644 |
Encrypted: | false |
SSDEEP: | |
MD5: | 19F88A9690395484D35F200B1BD999A9 |
SHA1: | 43033D885678C2E3BDCB23070E018E8BDFB55A7F |
SHA-256: | 600C36C9E419E1410A833B42D3257CFC535395253A8DD9F63D6A6AB1ADEB366C |
SHA-512: | 46DE4DC998602E551ED1E7D5F276DCFA3DCDDF340A6863E2A64E0684500490916AD9430127EC4BD6B3DB1B5E55B31E4B64C498642D055EF7C7DA571961798CEB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7519 |
Entropy (8bit): | 5.350441596882731 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4142CD0F539A4C0E1D4459D83198818B |
SHA1: | 3EB046A9A2DF6D0DFD376E517CA3C47331E09ADC |
SHA-256: | 0BF7A5F75DA0A35CFD311931F3AF30CD14D449B410B6BC2BF2A1EB66A6C912B3 |
SHA-512: | F1CB13365A99DC6AD05C599E61DE49A94C672E1130991220B23CB5E51EC05695ED4669170C8DD4A94C361CE78D183F356B9CD0CF12E21DE8B199114847874682 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 43793 |
Entropy (8bit): | 5.335469772839654 |
Encrypted: | false |
SSDEEP: | |
MD5: | F2EEB2627892E1F965D7E7A001CDCE31 |
SHA1: | 9307F51A4D83B12BE7085BA2E21CA62DD4EE9561 |
SHA-256: | AF697F43BBFB036C4FB0D1076726B90B3E9F1D5A308C6BCC03DBDED3F591E80A |
SHA-512: | 084539073C4AF612AFEAA2CD752128B0F20E639DBA58271DE41B4F1958860AEEE3D710F76D186F8EA54011C179FC07ED48BB97AC0EA29A80EBD812A31A221453 |
Malicious: | false |
Reputation: | unknown |
URL: | https://forms.office.com/sw.js?ring=Business |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15555 |
Entropy (8bit): | 5.475100305077097 |
Encrypted: | false |
SSDEEP: | |
MD5: | E0A0FE385F015B2D6B40AD4831291157 |
SHA1: | 083852BCF18048D0B50BBCC90E8EFE4A3FD9BD77 |
SHA-256: | 5F0785E9F3222A870CDF1DC6361634DE263C8718D9BD5B708763E40A1AD60770 |
SHA-512: | 05BD0E82D02808F65D53E0FCFEBC879F520BB40330EE9D55B883DEF8A1D9C4C605345CF46FAF90E7E5E10E0C03E4CB1226542230F0C997F16A7B66BFF62D9790 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 142690 |
Entropy (8bit): | 5.441192223444894 |
Encrypted: | false |
SSDEEP: | |
MD5: | 561B6131C7410D7132743B7772572A24 |
SHA1: | AA371D4BABC109D1A9741D5F7152B3AE364074B8 |
SHA-256: | 2C3106B53F6591DCF6B1D876A75861B0B3C74CD7D85E3FFACC59466354E9256F |
SHA-512: | 93CC85959EF4CC921C07D49DC5C9E03E74160FBECDFEF5B795C17C6A9375B6E1D79AC1FF6614C28EEAFCD4E8C71B1D9BB79E76192752BAE892A657715F370A44 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7886 |
Entropy (8bit): | 3.973130033666625 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9425D8E9313A692BB3F022E8055FAB82 |
SHA1: | EDDCF3EA767D4C3042D01AC88594D7E795D8615C |
SHA-256: | F2A1ABCF12EBD0F329E5B66B811B0BD76C8E954CB283CE3B61E72FBF459EF6F1 |
SHA-512: | 93B3EB3C4CE385D80D4A8F6902355BBD156AC1AA20B8869AF05C8E714E90E74C5630BB8DE34D5B8FC9F876AC44BE314F3A2A08B3163295ADADBC6DD7B8D23561 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/images/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32 |
Entropy (8bit): | 4.179229296672174 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6B2EFEE9085D5FDDD69A24C23C621E06 |
SHA1: | DF0B1CB392694EB9F6BD3E8F579683BA1943FD5E |
SHA-256: | 2ADF60F143667BA8B6B4C477F6F6791897F28C70C30CE5DABCEE1727000F84DF |
SHA-512: | DD649651A8EC5BE1D89E243A7B093724CAFF0E72D55E85F7F6FA3C525989A73154A646AECDEC835CF92380E842B6F35385A6C8BD30065BFA6699CB473091CA47 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmll4-iimagcRIFDZFhlU4SBQ2RYZVO?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 826691 |
Entropy (8bit): | 7.894502285605265 |
Encrypted: | false |
SSDEEP: | |
MD5: | 34475113548EADB127E7DA6EC3FE596E |
SHA1: | AF2F18434016F0687CDEF92D4E259E2F5915FFE6 |
SHA-256: | 779781791DCF85B9156F682BFF7B790B166978D3DBB91E2AF6D0B44CE4BC5ED0 |
SHA-512: | 9D1E6AE060D74527FF6AFE68C91B036285B92091034896AFF4E6CCEB8CB23A3AA39496FF0E16175AC49A4BAF8A01A7383A9088CDAC2E31210E384AEC1DCC1BB6 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/images/theme/abstract-streamers.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 429026 |
Entropy (8bit): | 5.663572866895793 |
Encrypted: | false |
SSDEEP: | |
MD5: | 275685DCC7CC22DB1BE3CB3E2C13C2B6 |
SHA1: | 2998848CD57393FCDE5A1309886AA3FE6F95E3D4 |
SHA-256: | AAAB8186A7773193BACE162A5AF45F7B1BD471D387E514F781F1FFF5A9A8E7E8 |
SHA-512: | 2E5585CA32D2D7393D564A0162337452A170DC7006D7B4FC405472659E071A315E31D0788DA0A85D9EE021D4FAED585101728927A7E04FF26D9E03F2561CE3A5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 530 |
Entropy (8bit): | 4.860983185588505 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4D945878F36DCBBF35C41B5BB6E5513E |
SHA1: | 786EDE7740452B1C38B1FFA47C28F4E70140EC5F |
SHA-256: | 19DADB739E9886DBDDC79E9E916B753AC53A2C8C1A9560EF14AF28B400C234E0 |
SHA-512: | 37E16ACE0F5DF65065C150FB05E7968A5B3AA828F66EFDEF29DD78EF4C2D4B29D0C4F81502CDA069F1EFB0B0329FA69BC309579D74A447E2B7FE9E27AC9CCD99 |
Malicious: | false |
Reputation: | unknown |
URL: | https://forms.office.com/pwa/en-us/app.webmanifest |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 110658 |
Entropy (8bit): | 5.424597933748236 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7A1CBAE1C97AD1A1E67F351FAF0F81A4 |
SHA1: | 6F024274F89AFC9319DFE7AD9D0F23A48E279DB1 |
SHA-256: | 32859A35E0C0F3BC47CCAF2A01830BF7A8C41702C026D0B74FF7E50BC7E6CD51 |
SHA-512: | 7D15A261B69A80E70BE9628839EF9C904AF335347603EA2A299E64F5E3D13EA6C13B0B1D6213EF08188D1140C40AADDAB7AA9E04C9A5D2E26DB3A4217368802D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32551 |
Entropy (8bit): | 5.52866126258971 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5E6842FF0878254063E6C9AC937067D3 |
SHA1: | 0773062E0A3F7478F7B817B24B4B0329ECA0F86E |
SHA-256: | 856BFDF91C9BF623E1C3F542A8828CC1964D4DDE7D9E4E9B9FA48DFD9BC6B1C2 |
SHA-512: | 9086738B62AC96222937A3C5C31265E83B5CBDF673F724A10852BA8EF3317EC32EB15CD7A63CD046B1FF6572C6677B0FC06E69CD266F0F2E27A9A8E59A704E67 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_saveresponse.b869609.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 44745 |
Entropy (8bit): | 5.357853275003685 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0055D5757DB41BAD929E5C8B9B726180 |
SHA1: | FBA7C3D94C0FE43AF69BDCFC5186539E1DDE2EFF |
SHA-256: | 37D099733E4901725976E46366372584C0BB88EA5B32D288BAB5F996736725C4 |
SHA-512: | 674270C68411956F88AC9675948229D129FC00125F80DF3A37DC0004D0F89ADD5C07C09648D51A32F1179DA24567E6D74ABFE2BB58BAE51D200E06C097CC806C |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/scripts/dists/dll-dompurify.min.11aa374.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 176122 |
Entropy (8bit): | 5.332897534481064 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0403F233BF93504715F3AABE0ADA2E6D |
SHA1: | 197ED5FD6CAF05064320D723AB96E833B66FCD91 |
SHA-256: | 28CEFA7AAB4CF389A65BED523E7FC95F191892589BBA1A8AEAF2D64382742A99 |
SHA-512: | 00FF2A8AE02AD38A96868FC4F4E7EEB073CC0D9D8B1D03DC6D7246250EF9D4F35D8224E1303900E07C9E75B1187505F93310E69A71C8132849B626897EDC8B54 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.fluent.435ff9c.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5895 |
Entropy (8bit): | 7.720248605671278 |
Encrypted: | false |
SSDEEP: | |
MD5: | 311274C8C9C66E894F5AFA51FACD72CD |
SHA1: | 386D1FA0B2924DF2C21545CF2FF1DDE2CD985D33 |
SHA-256: | BC3C029408DAB6B5CB676B990B2E21BDD474E4B2E45DAF87E70210539390BF49 |
SHA-512: | 2117BC16AC878BCC307CEA0DEFA0638800715330E83E9C8C1CAD7398BBF207E9432391B851E004308FB75C20C2D6F587D015FA3FB13F8630FE3E0C7E194979FC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 491724 |
Entropy (8bit): | 5.476408369479291 |
Encrypted: | false |
SSDEEP: | |
MD5: | 506E1863A955ADA913A41B16CE68A31C |
SHA1: | 0CCD901EF85CCD7FEA212D7BD58D92DC582F31F2 |
SHA-256: | D2030540B8570E7719C0A937C4EBD0A892591B038DC3F0DDEEB7F9365DE19E9D |
SHA-512: | C6C6E95CFEA39A056337EF69FCB3763F2E9EBA92D191C4F79D9CEEB212A0315976446B3209448A46C2E7DC56E0E6AD062CD9CD69CABE2A0BAF10595EF257E24D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7914 |
Entropy (8bit): | 4.4735908000780045 |
Encrypted: | false |
SSDEEP: | |
MD5: | 56F9CD8A07135E776326431C8560F8F2 |
SHA1: | FCFF27C475A9FB014661B045B59C8BB4799A0392 |
SHA-256: | 0E1D105D6EE902B7279AEFD9E8AF21AB3E5D0CF058332A2A0E53A351524C75E6 |
SHA-512: | E75E2B65828CDE51CA880AEE30A74A3EE04B25B0FC0D2AF5B4BB675B62B592CF12D284771A0CE0A8174295F93C4D9007DA5C407C65229456EC0F1A18A6C8EE28 |
Malicious: | false |
Reputation: | unknown |
URL: | https://forms.office.com/offline.aspx |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 35075 |
Entropy (8bit): | 4.78247542504543 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2260CFACC25DE59539D0B1D7A50F9270 |
SHA1: | 84FECAFAFF77917530F170A1D3EBF70A51A9B7D1 |
SHA-256: | 9F00DFD9D0844DEA7FED92119F0E4149C4D6334169704CE875B14C1AC84E6629 |
SHA-512: | 4A7733F93FF56172E4D861A84F3059F2B9C4266989399D3F6D29F16D3B24BF382CA5C0D21E062D9923F487A2A5C870C124041A961134BF35A35ECDFAD3B45939 |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdn.forms.office.net/forms/scripts/dists/ls-response.en-us.db13558e2.js |
Preview: |