Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com

Overview

General Information

Sample URL:http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com
Analysis ID:1541323

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Performs DNS queries with encoded ASCII data (may be used to data exfiltration)
HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,9746546792604107715,5173652570084956654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=b575a8b0-f36d-36e0-9087-e562399e1e37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638653807340185379.d95a1399-7a4f-4d40-8b00-9684eb3a1276&state=DcsxEoAwCABBouNzMERIgOeQibaWfl-Kve4KAOxpS4UyoINtdDZSFmrWWf1c3qOxO2rIg7KE0CYR-jC5J0e7dJR8j_p-UX8&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49755 version: TLS 1.2

Networking

barindex
Performs DNS queries with encoded ASCII data (may be used to data exfiltration)
Source: unknownDNS traffic detected with encoded ASCII: query: 3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com; decoded parts: :((m]Ja6E5
Source: unknownDNS traffic detected with encoded ASCII: query: 3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com; decoded parts: :((m]Ja6E5
Source: unknownDNS traffic detected with encoded ASCII: query: 3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com; decoded parts: :((m]Ja6E5
Source: unknownDNS traffic detected with encoded ASCII: query: 3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com; decoded parts: :((m]Ja6E5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficDNS traffic detected: DNS query: 3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: classification engineClassification label: sus21.troj.win@19/34@26/215
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,9746546792604107715,5173652570084956654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,9746546792604107715,5173652570084956654,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		Windows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		1
Exfiltration Over Alternative Protocol		Abuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Data Encoding		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0044.t-0009.fb-t-msedge.net
13.107.253.72
truefalse
    		unknown
    sni1gl.wpc.omegacdn.net
    		152.199.21.175
    		truefalse
      		unknown
      www.google.com
      		142.250.186.100
      		truefalse
        		unknown
        HHN-efz.ms-acdc.office.com
        		52.98.228.50
        		truefalse
          		unknown
          identity.nel.measure.office.net
          		unknown
          		unknowntrue
            		unknown
            r4.res.office365.com
            		unknown
            		unknowntrue
              		unknown
              aadcdn.msftauth.net
              		unknown
              		unknowntrue
                		unknown
                login.microsoftonline.com
                		unknown
                		unknowntrue
                  		unknown
                  3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com
                  		unknown
                  		unknowntrue
                    		unknown
                    outlook.office365.com
                    		unknown
                    		unknowntrue
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.186.67
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.110.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.98.228.50
                      		HHN-efz.ms-acdc.office.comUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      52.98.84.114
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      20.190.159.73
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      172.217.18.3
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.185.110
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.206.42
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      40.126.32.76
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      2.16.164.49
                      		unknownEuropean Union
                      		20940AKAMAI-ASN1EUfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      40.126.31.67
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      20.190.160.22
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      152.199.21.175
                      		sni1gl.wpc.omegacdn.netUnited States
                      		15133EDGECASTUSfalse
                      142.250.186.142
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.98.84.98
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.186.100
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      23.38.98.96
                      		unknownUnited States
                      		16625AKAMAI-ASUSfalse

                      Private

                      IP
                      192.168.2.16
                      192.168.2.4
                      192.168.2.13
                      192.168.2.14

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1541323
                      Start date and time:2024-10-24 17:31:37 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Sample URL:http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:13
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Detection:SUS
                      Classification:sus21.troj.win@19/34@26/215

                      Warnings

                      • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.250.186.67, 142.250.185.110, 142.250.110.84, 52.98.84.114, 52.98.65.178, 52.98.37.2, 52.98.50.18, 52.98.90.2, 52.98.70.130, 40.100.55.2, 52.98.90.178, 34.104.35.123, 52.98.84.98, 52.98.33.130, 52.98.65.2, 52.98.50.66, 52.98.40.34
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, xsp-mvp.trafficmanager.net, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: http://3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com

                      LLM Input / Output

                      InputOutput
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in to continue to Outlook",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in to continue to Outlook",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "hfjkjbs"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "brands": [
    "Microsoft"
  ]
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "brands": [
    "Microsoft"
  ]
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in to continue to Outlook",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "hfjkjbs2222222"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "brands": [
    "Microsoft"
  ]
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in to continue to Outlook",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "hfjkjbs"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                      URL: https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2f3a2828d86d86bc5d064a6136459935d8.fp.measure.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode Model: claude-3-haiku-20240307
                      ```json
{
  "brands": [
    "Microsoft"
  ]
}

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:32:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.9851071242682568
                      Encrypted:false
                      SSDEEP:
                      MD5:1797E3BE3A26DF4C3DC33A9ED7AC9266
                      SHA1:2942F1B9296CF3A1FEF23EFCE7212D73D771776C
                      SHA-256:81C95B2FEAF22A69E053297C66E1BF51DFEC3607DEB008B58A5C8A9E0D9D7170
                      SHA-512:B72B763D686B77249C0942C1EBB850ABEEB06EAE8FF37328DC70F2D2AB5405F7179C475F0EE3FEE181881ADEB7B552E782792537366B58433BCAF750FF93B53B
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....M.\.)&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:32:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):4.000969022683646
                      Encrypted:false
                      SSDEEP:
                      MD5:86798A48D41AA30DB2246D80081BC473
                      SHA1:5F2AA578025D5992CC8F3D61CDF90E8F63FABD37
                      SHA-256:79978E218578E6FBACE79C6B77A348AD029D19DD9D176D4BAC2DF2722D3D1BEE
                      SHA-512:25ECC7F94CE5908D6B1363F75B284F850B126D1190CC53D6A950A64C8BC799A6DE5913F59BCBB6D12E67E620998B48C50E5B3363150819D76F4C00FA81AA9493
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....2R.)&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.011682728601525
                      Encrypted:false
                      SSDEEP:
                      MD5:CC9E0B9ED45CCC44B169BD3B7F19BF07
                      SHA1:3E4D5D19E27D3CCF68E6E5158EDBD071004F45D5
                      SHA-256:CFDBE6DE99F3E0384238C505318D7B9EE8AB0B761D1B7236D01B2DFB784687F2
                      SHA-512:569D53CED6C21962A631D7A95C3D24F639ABC672BB802709671F11F7D61EA1F6C25751349E57D8D663B1CEB5BEE62E2B98EB446CD1AD086E5EF397B421208210
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:32:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):4.001592365150497
                      Encrypted:false
                      SSDEEP:
                      MD5:318AB1CC973248A0EFF30D94A5ED542F
                      SHA1:A31010E5311D321D2B1AC3A3AA2A8C0586E7992F
                      SHA-256:19580A3E5CB46B2502623B5C01ECEA53171E493BE97AACEF3C45E1B0C583D90A
                      SHA-512:6312120E5A27A266B0CA4EDE388EAADD6D3ED5C614E4EB888D259E2883D56B71E4793D73E9BDA7A50525EB8DF4A22698B8D9E5201892FCDE24901E16594FB3E2
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......L.)&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:32:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9899865898926326
                      Encrypted:false
                      SSDEEP:
                      MD5:129FFD2B50555F4CF74609762A0C343E
                      SHA1:BE33BDFBB9D54210DB78CE33161ABC534AEE98F8
                      SHA-256:F40ED426F203E340BF7DFE2E00A6966D7BFEDD4F5B27443D1AB60D106B67A7BB
                      SHA-512:7B8B106716E3B1C4C630B33681B1EE1A1B74571FE6F50C063F89B2E94FE14B8FD71C0D82A30D0A7CE1E321659EA699566212E2F67AC541AA6AF95E5EC521001A
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....G.W.)&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 14:32:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9988697988863042
                      Encrypted:false
                      SSDEEP:
                      MD5:FDBD41982DE22A928D9E52327BD1963A
                      SHA1:B827D5B57DC9BB6251C70013F08258023097EBB4
                      SHA-256:7CAA9E7919FAF7967245686DDCAE4A8C6BB157675ED7F3A8721617E9A9670F96
                      SHA-512:E51410965DED31ACE9DB8710F3E70205BFB76DFF0A14E226C5A296B0127D3E2BC88A6E2E41B7537AB6F0DE7595286D429309A86DC8B622B137244DE64939B4EA
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....C.)&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.|....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY.|....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY.|..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.|...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c%1......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 103

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (994), with no line terminators
                      Category:downloaded
                      Size (bytes):994
                      Entropy (8bit):4.934955158256183
                      Encrypted:false
                      SSDEEP:
                      MD5:E2110B813F02736A4726197271108119
                      SHA1:D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857
                      SHA-256:6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
                      SHA-512:E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/resources/images/0/sprite1.mouse.css
                      Preview:.image-loading_blackbg-gif{background:url('loading_blackbg.gif');width:16px;height:16px}.image-loading_whitebg-gif{background:url('loading_whitebg.gif');width:16px;height:16px}.image-thinking16_blue-gif{background:url('thinking16_blue.gif');width:16px;height:16px}.image-thinking16_grey-gif{background:url('thinking16_grey.gif');width:16px;height:16px}.image-thinking16_white-gif{background:url('thinking16_white.gif');width:16px;height:16px}.image-thinking24-gif{background:url('thinking24.gif');width:24px;height:24px}.image-thinking32_blue-gif{background:url('thinking32_blue.gif');width:32px;height:32px}.image-thinking32_grey-gif{background:url('thinking32_grey.gif');width:32px;height:32px}.image-thinking32_white-gif{background:url('thinking32_white.gif');width:32px;height:32px}.image-clear1x1-gif{width:1px;height:1px;background:url('sprite1.mouse.png') -0 -0}.csimg{padding:0;border:none;background-repeat:no-repeat;-webkit-touch-callout:none}span.csimg{-ms-high-contrast-adjust:none}

                      Chrome Cache Entry: 104

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (64616)
                      Category:dropped
                      Size (bytes):449028
                      Entropy (8bit):5.448567122786254
                      Encrypted:false
                      SSDEEP:
                      MD5:0D04E619F3843263D447E55E85CF14E9
                      SHA1:2FCB499E93BCD0BE38355F6957E0FDFFF3D8B004
                      SHA-256:A286901D020DBB97BDED75B5150D495AB28566B21735000058B598E0E6667E23
                      SHA-512:22744EB9ECA78B4EC6086292B267F171B14AE53D14CFA449C3E565AE249ABC8EECC4750FADDFC4EAA24EA9211FB1C9DE75597DEC70832F3C2F43B9C40D46AD9B
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                      Chrome Cache Entry: 105

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (64612)
                      Category:downloaded
                      Size (bytes):113769
                      Entropy (8bit):5.492540089333064
                      Encrypted:false
                      SSDEEP:
                      MD5:C6C029BA88D52E5312FEC69603A00340
                      SHA1:079011F6F0662C11AE907C773EFE8E0C9338EAD0
                      SHA-256:DDD0BB1C19B3D2D045BFCDE85D2020BBA57854C887A6691B66DBA3DA1BB3AFBE
                      SHA-512:7DF09CD949A43D53D62D9013718158966508DEC2338491FFB38DC33D2EB85FF5C699792AE578975DA0E4F03CC7EA03774624208D06924EEA4C2EAC92E6E22C60
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[37],{1373:function(e,t,

                      Chrome Cache Entry: 106

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                      Category:downloaded
                      Size (bytes):17174
                      Entropy (8bit):2.9129715116732746
                      Encrypted:false
                      SSDEEP:
                      MD5:12E3DAC858061D088023B2BD48E2FA96
                      SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                      SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                      SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                      Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                      Chrome Cache Entry: 107

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (46090)
                      Category:dropped
                      Size (bytes):141866
                      Entropy (8bit):5.429983887489752
                      Encrypted:false
                      SSDEEP:
                      MD5:2509D4C564AFC2C77D16BA6CA509B39F
                      SHA1:201F1D80F8EEA9F5E8A7A7224CFF18674344F886
                      SHA-256:D468D9F009E53FE1C47B9D6FDEFA3FF1A8C239973F11A6F892848E341EA17CCD
                      SHA-512:C928C36D58BB0B2740E9BE3F3CA3F49624253F8DAD93BA7524E55F24CCCAF630E35FCA8C596CBCE50A0C1214C4986034FD3E26D98F759949C179C54009D5D93E
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)

                      Chrome Cache Entry: 108

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):659798
                      Entropy (8bit):5.352921769071548
                      Encrypted:false
                      SSDEEP:
                      MD5:9786D38346567E5E93C7D03B06E3EA2D
                      SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                      SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                      SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/scripts/boot.worldwide.1.mouse.js
                      Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:

                      Chrome Cache Entry: 109

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:GIF image data, version 89a, 352 x 3
                      Category:downloaded
                      Size (bytes):2672
                      Entropy (8bit):6.640973516071413
                      Encrypted:false
                      SSDEEP:
                      MD5:166DE53471265253AB3A456DEFE6DA23
                      SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                      SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                      SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                      Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                      Chrome Cache Entry: 110

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):663451
                      Entropy (8bit):5.3635307555313165
                      Encrypted:false
                      SSDEEP:
                      MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                      SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                      SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                      SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/scripts/boot.worldwide.0.mouse.js
                      Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam

                      Chrome Cache Entry: 111

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):1592
                      Entropy (8bit):4.205005284721148
                      Encrypted:false
                      SSDEEP:
                      MD5:4E48046CE74F4B89D45037C90576BFAC
                      SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                      SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                      SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                      Malicious:false
                      Reputation:unknown
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                      Chrome Cache Entry: 112

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):36
                      Entropy (8bit):4.503258334775644
                      Encrypted:false
                      SSDEEP:
                      MD5:06B313E93DD76909460FBFC0CD98CB6B
                      SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                      SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                      SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                      Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                      Chrome Cache Entry: 113

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:C source, ASCII text, with very long lines (6034)
                      Category:dropped
                      Size (bytes):7007
                      Entropy (8bit):5.214050086517853
                      Encrypted:false
                      SSDEEP:
                      MD5:AE1691F76A6D07F84BC3D03FF70E37BF
                      SHA1:898D340FD580E50845B8F3CE57DD5FEE4F083D69
                      SHA-256:ADCD505F400295B3193ABF566BE144918456FE3D121F467B1FC798C68ED0E637
                      SHA-512:2D7962AABA86867A24D694E4EE59C3E2956D638FFC6F0BFF6E6826E7DE18812A4CD115B278824A19F70248C202145D0B6716C95E6494E9E5B7A146A256ED2496
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[19],{507:function(i,e,n

                      Chrome Cache Entry: 114

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (45797)
                      Category:downloaded
                      Size (bytes):406986
                      Entropy (8bit):5.31836569617146
                      Encrypted:false
                      SSDEEP:
                      MD5:E40761677762EAB0692F86B259C7D744
                      SHA1:34A9B50CEC6E1163CEEFCD4D394DB6524C89A854
                      SHA-256:DA4A8DF0C326292B5BEE9C732B3C962FD67AAF2F99D850F1BF65068D573C5619
                      SHA-512:04FA1D6074AD24E3ABAB53D1DE116A6B39B4BE3DFABC082427F1C5A169E50527561F160CC133C2AC4AEDC4E7AC404572F60E531A4618111EA74D138B2B0DD034
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(533).concat([f

                      Chrome Cache Entry: 117

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
                      Category:downloaded
                      Size (bytes):132
                      Entropy (8bit):4.945787382366693
                      Encrypted:false
                      SSDEEP:
                      MD5:3EDA15637AFEAC6078F56C9DCC9BBDB8
                      SHA1:97B900884183CB8CF99BA069EEDC280C599C1B74
                      SHA-256:68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
                      SHA-512:06B21827589FCAF63B085DB2D662737B24A39A697FF9138BDF188408647C3E90784B355F2B8390160CA487992C033CE735599271EE35873E1941812AB6C34B52
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/resources/images/0/sprite1.mouse.png
                      Preview:.PNG........IHDR...X..........x......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..1......Om.O ...j.a...\BW....IEND.B`.

                      Chrome Cache Entry: 119

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):662286
                      Entropy (8bit):5.315860951951661
                      Encrypted:false
                      SSDEEP:
                      MD5:12204899D75FC019689A92ED57559B94
                      SHA1:CCF6271C6565495B18C1CED2F7273D5875DBFB1F
                      SHA-256:39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
                      SHA-512:AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/scripts/boot.worldwide.2.mouse.js
                      Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.2.mouse.js'] = (new Date()).getTime();.._y.lC=function(){};_y.lC.registerInterface("_y.lC");_y.jw=function(){};_y.jw.registerInterface("_y.jw");_y.lA=function(){};_y.lA.registerInterface("_y.lA");var IDelayedSendEvent=function(){};IDelayedSendEvent.registerInterface("IDelayedSendEvent");var IIsShowingComposeInReadingPaneEvent=function(){};IIsShowingComposeInReadingPaneEvent.registerInterface("IIsShowingComposeInReadingPaneEvent");var ISendFailedO365Event=function(){};ISendFailedO365Event.registerInterface("ISendFailedO365Event");var ISendFailureRemoveO365Event=function(){};ISendFailureRemoveO365Event.registerInterface("ISendFailureRemoveO365Event");_y.gw=function(){};_y.gw.registerInterface("_y.gw");_y.iB=function(){};_y.iB.registerInterface("_y.iB");_y.ih=function(){};_y.ih.registerInterface("_y.ih");_y.jy=function(){};_y.jy.regis

                      Chrome Cache Entry: 120

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                      Category:downloaded
                      Size (bytes):987
                      Entropy (8bit):6.922003634904799
                      Encrypted:false
                      SSDEEP:
                      MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                      SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                      SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                      SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
                      Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..

                      Chrome Cache Entry: 121

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):660449
                      Entropy (8bit):5.4121922690110535
                      Encrypted:false
                      SSDEEP:
                      MD5:D9E3D2CE0228D2A5079478AAE5759698
                      SHA1:412F45951C6AEDA5F3DF2C52533171FC7BDD5961
                      SHA-256:7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
                      SHA-512:06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/scripts/boot.worldwide.3.mouse.js
                      Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.3.mouse.js'] = (new Date()).getTime();..;_n.a.jR=function(n){return n.dS()};_n.a.jZ=function(n){return n.eh()};_n.a.jP=function(n){return n.cC()};_n.a.jQ=function(n){return n.ca()};_n.a.hZ=function(n){return n.dO};_n.a.jU=function(n){return n.ed()};_n.a.jT=function(n){return n.ea()};_n.a.kb=function(n){return n.ej()};_n.a.hM=function(n){return 300};_n.a.fh=function(n){return n.V};_n.a.jV=function(n){return n.bI()};_n.a.ie=function(n){return n.mh()};_n.a.km=function(n){return n.bl()};_n.a.ka=function(n){return n.ei()};_n.a.ko=function(n){return n.cV()};_n.a.eX=function(n){return _y.E.isInstanceOfType(n)?n.y:null};_n.a.jN=function(n){return n.c()};_n.a.gm=function(n){return n.b()};_n.a.jM=function(n){return n.b()};_n.a.ib=function(n){return n.jM()};_n.a.iq=function(n){return n.bG};_n.a.iX=function(n){return _n.V.isInstanceOfType(n)?n

                      Chrome Cache Entry: 123

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                      Category:dropped
                      Size (bytes):17453
                      Entropy (8bit):3.890509953257612
                      Encrypted:false
                      SSDEEP:
                      MD5:7916A894EBDE7D29C2CC29B267F1299F
                      SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                      SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                      SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                      Malicious:false
                      Reputation:unknown
                      Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

                      Chrome Cache Entry: 125

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:downloaded
                      Size (bytes):1378
                      Entropy (8bit):4.316299265862323
                      Encrypted:false
                      SSDEEP:
                      MD5:F83EBFF69A4A1685E4DC9650CDAB8886
                      SHA1:FD21658884945B00157557AE06803DAA6A9F10C6
                      SHA-256:7B1669DA90261CDB1483950BB480AD96875F84B09BC48D1055303CE94821BF64
                      SHA-512:AA21A03AB84FA0129AFCED8A56E499757A6625C9B24A81EE08F5775B9B542F71BA67EAE817D633CB4E4533A8CF6A0DDA80BD7EE8A90E95AB3D39A77F88073F23
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:#e6e6e6;}.b{fill:#404040;}</style></defs><circle class="a" cx="24" cy="24" r="24"/><path class="b" d="M32.5,14A1.492,1.492,0,0,1,34,15.5V38.5A1.494,1.494,0,0,1,32.5,40h-17A1.494,1.494,0,0,1,14,38.5v-23A1.494,1.494,0,0,1,15.5,14h4.873l-3-6h2.25l3,6h2.751l3-6h2.25l-3,6ZM32,16H23.623l1.266,2.546A1.13,1.13,0,0,1,25,19a1.009,1.009,0,0,1-1,1,1,1,0,0,1-.534-.149.974.974,0,0,1-.368-.4L21.375,16H16v22H32ZM20,26a3.92,3.92,0,0,1,.312-1.555,4.023,4.023,0,0,1,2.133-2.133,4.041,4.041,0,0,1,3.109,0,4.014,4.014,0,0,1,2.133,2.133A3.886,3.886,0,0,1,28,26a3.937,3.937,0,0,1-.288,1.485,3.987,3.987,0,0,1-.8,1.266A5.7,5.7,0,0,1,28.2,29.7a5.907,5.907,0,0,1,.968,1.251,6.388,6.388,0,0,1,.616,1.461A5.786,5.786,0,0,1,30,34H28a3.877,3.877,0,0,0-.312-1.554,4,4,0,0,0-2.133-2.133,4.011,4.011,0,0,0-3.109,0,4.023,4.023,0,0,0-2.133,2.133A3.912,3.912,0,0,0,20,33.995H18a5.786,5.786,0,0,1,.218-1.586,6.388,6.388,0,0,1,.61

                      Chrome Cache Entry: 126

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (32009)
                      Category:downloaded
                      Size (bytes):57443
                      Entropy (8bit):5.372940573746363
                      Encrypted:false
                      SSDEEP:
                      MD5:D580777BB3A28B94F6F1D18EE17AEDA3
                      SHA1:E78833A2DB1AA97DA3F4A1994E6AF1F0D74D7CC7
                      SHA-256:81188E8A76162C79DB4A5C10AC933C9E874C5B9EAE10E47956AD9DF704E01B28
                      SHA-512:E3F5FFE3E7E54A7D640DF3BC06D336C9F936635D2594159B3EA5EDAEFBA6D6774060A532E0CBE0664FDC65806BD53E9BFC19C11F7946A5E157A9EC935C564378
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
                      Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                      Chrome Cache Entry: 84

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):5139
                      Entropy (8bit):7.865234009830226
                      Encrypted:false
                      SSDEEP:
                      MD5:8B36337037CFF88C3DF203BB73D58E41
                      SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                      SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                      SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

                      Chrome Cache Entry: 85

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:downloaded
                      Size (bytes):232394
                      Entropy (8bit):5.54543362321178
                      Encrypted:false
                      SSDEEP:
                      MD5:AF8D946B64D139A380CF3A1C27BDBEB0
                      SHA1:C76845B6FFEAF14450795C550260EB618ABD60AB
                      SHA-256:37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
                      SHA-512:C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9
                      Malicious:false
                      Reputation:unknown
                      URL:https://r4.res.office365.com/owa/prem/15.20.8093.20/resources/styles/0/boot.worldwide.mouse.css
                      Preview:.feedbackList{-webkit-animation-duration:.17s;-moz-animation-duration:.17s;animation-duration:.17s;-webkit-animation-name:feedbackListFrames;-moz-animation-name:feedbackListFrames;animation-name:feedbackListFrames;-webkit-animation-fill-mode:both;-moz-animation-fill-mode:both;animation-fill-mode:both}@-webkit-keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-webkit-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@-moz-keyframes feedbackListFrames{from{-moz-transform:scale(1,1);transform:scale(1,1);-moz-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-moz-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);-moz-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,

                      Chrome Cache Entry: 86

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):3452
                      Entropy (8bit):5.117912766689607
                      Encrypted:false
                      SSDEEP:
                      MD5:CB06E9A552B197D5C0EA600B431A3407
                      SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                      SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                      SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                      Malicious:false
                      Reputation:unknown
                      URL:https://login.live.com/Me.htm?v=3
                      Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                      Chrome Cache Entry: 87

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):379
                      Entropy (8bit):4.942805876241154
                      Encrypted:false
                      SSDEEP:
                      MD5:2D8F86059BE176833897099EE6DDEDEB
                      SHA1:93A2E327027DEED53076E86BFA7D9EEBBF0CC4B9
                      SHA-256:34D8DA073F47030EE94B99D84FBE68E3345BD8AAA37EA909FF2DA00238447486
                      SHA-512:64D75B1F35180FF61F5BF11D21544454DF016D0854573D75D277FCB933CE845D1436BDC822445B78C627A1FF730B39FC34B72C27D45A39E237F2CCF0876FCA4E
                      Malicious:false
                      Reputation:unknown
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M13.44,36h1.92a8.64,8.64,0,1,1,17.28,0h1.92a10.573,10.573,0,0,0-6.569-9.771,7.68,7.68,0,1,0-7.982,0A10.573,10.573,0,0,0,13.44,36Zm4.8-16.32A5.76,5.76,0,1,1,24,25.44,5.766,5.766,0,0,1,18.24,19.68Z" fill="#404040"/></svg>

                      Chrome Cache Entry: 90

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (25695)
                      Category:downloaded
                      Size (bytes):26668
                      Entropy (8bit):5.187975659586246
                      Encrypted:false
                      SSDEEP:
                      MD5:23FC7EC7A5AEF418D4A703034E6F3F83
                      SHA1:A36BB28ACC4F8943189AB4A7436B9C4716D48EED
                      SHA-256:D53D9957A7073B965147291AE6F4D812DF1CC06DA4D2BB3E98622FEDC5809265
                      SHA-512:0C387D5B621EF6A6B8053DEC083FECB8F7C7823755C85505A5CF0B20267AAD5805BBDCD20FCC465C3B7FD24280C6459BCC3D5E991D571DBBF8BEE12275146A81
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[26],{496:function(e,n,t

                      Chrome Cache Entry: 91

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (61177)
                      Category:downloaded
                      Size (bytes):113378
                      Entropy (8bit):5.285066693137765
                      Encrypted:false
                      SSDEEP:
                      MD5:9C837C2B6C9C441656C3C64BE6FC6401
                      SHA1:D44AA83093C4109DDD8FFAEA60755F05D1BFE7D3
                      SHA-256:68C2994E21A564345EB3B4091DD2334C9CBDDB0AECDA45EE963C6DE2E1629B93
                      SHA-512:AF04835BCC621FE1793C4661FDB03EDEA16219BAA77F1198AA419F771B6B3DCDAC3DA92676568C207022251483AB79C75AB6DF2CE94924748FF9CEBF64AFF5A2
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                      Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                      Chrome Cache Entry: 92

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:downloaded
                      Size (bytes):3651
                      Entropy (8bit):4.094801914706141
                      Encrypted:false
                      SSDEEP:
                      MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                      SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                      SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                      SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                      Chrome Cache Entry: 93

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (34709)
                      Category:dropped
                      Size (bytes):35682
                      Entropy (8bit):5.429779959587236
                      Encrypted:false
                      SSDEEP:
                      MD5:E03F39DA9D4FB60AF1E5228819152F88
                      SHA1:85B2C67DFE66487DBA70F8B966ED382E14251BCD
                      SHA-256:B71E3CE58CB2A4B58D6379A0CAED17B03738E5ACC7544DC37BAE772C9B8DDB71
                      SHA-512:C0DE5E7A5C2FA01433CFA400B9587F527F095D64E0E0945CB70308FFF4355B80999612EF85B409578228B503F2CD833F61E3C8BACF9EAD2A43295D46ABB6756B
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[7],{511:function(e,t,n)

                      Chrome Cache Entry: 95

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:GIF image data, version 89a, 352 x 3
                      Category:downloaded
                      Size (bytes):3620
                      Entropy (8bit):6.867828878374734
                      Encrypted:false
                      SSDEEP:
                      MD5:B540A8E518037192E32C4FE58BF2DBAB
                      SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                      SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                      SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                      Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                      Static File Info

                      No static file info