Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview

Overview

General Information

Sample URL:https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview
Analysis ID:1541389

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1976,i,13637372914846483907,475314134523752596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: Title: Sign In does not match URL
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1HTTP Parser: No favicon
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: No favicon
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: No favicon
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLzHTTP Parser: No <meta name="author".. found
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLzHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: No <meta name="copyright".. found
Source: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLz...HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: global trafficDNS traffic detected: DNS query: sconnect.schaeffler.com
Source: global trafficDNS traffic detected: DNS query: ds-aksb-a.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: worksite.sharepoint.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauthimages.net
Source: global trafficDNS traffic detected: DNS query: fsp.gs.schaeffler.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: classification engineClassification label: clean1.win@23/31@50/227
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1976,i,13637372914846483907,475314134523752596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1976,i,13637372914846483907,475314134523752596,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dual-spo-0005.spo-msedge.net
13.107.136.10
truefalse
    		unknown
    s-part-0044.t-0009.fb-t-msedge.net
    		13.107.253.72
    		truefalse
      		unknown
      sni1gl.wpc.upsiloncdn.net
      		152.199.21.175
      		truefalse
        		unknown
        s-part-0017.t-0009.fb-t-msedge.net
        		13.107.253.45
        		truefalse
          		unknown
          sni1gl.wpc.omegacdn.net
          		152.199.21.175
          		truefalse
            		unknown
            fsp.gs.schaeffler.com
            		159.51.234.114
            		truefalse
              		unknown
              www.google.com
              		142.250.185.100
              		truefalse
                		unknown
                worksite.sharepoint.com
                		unknown
                		unknownfalse
                  		unknown
                  aadcdn.msauthimages.net
                  		unknown
                  		unknownfalse
                    		unknown
                    sconnect.schaeffler.com
                    		unknown
                    		unknownfalse
                      		unknown
                      identity.nel.measure.office.net
                      		unknown
                      		unknownfalse
                        		unknown
                        aadcdn.msftauth.net
                        		unknown
                        		unknownfalse
                          		unknown
                          login.microsoftonline.com
                          		unknown
                          		unknownfalse
                            		unknown
                            ds-aksb-a.akamaihd.net
                            		unknown
                            		unknownfalse
                              		unknown
                              aadcdn.msftauthimages.net
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://sconnect.schaeffler.com/___sbsstatic___/maintenance.htmlfalse
                                  		unknown
                                  https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1&sso_reload=truefalse
                                    		unknown
                                    https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=2D8E714A0D9845F96F30DB80F60E2F8B61030D9E988518F7%2D59179D3F3C5B6D0156ED7B6AE2E46408F01BF3681084E7162FC19BE09D90E829&redirect%5Furi=https%3A%2F%2Fworksite%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=091b5da1%2D9048%2Da000%2D4d3d%2D52a8fc571cf1false
                                      		unknown
                                      https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4KXi6J1UP7B62KlCN_vjTx_iQmqa0tXQRBt85O_lmkkzioFIRuQqdzcbhJXJQOUp06OHini2Px8ePx-A2Px3uTHCzC8gT4C0noswA8DwoO7at_EI_lC8-Wz-Rmt5mnV2YWX_66cfbHDiv5aRol5VJpLYwbSZDSYuJbMY3CoJ0WnbBVqnth3EpKLvWs1WZatJJo_R3Ldlj2G8vuDNwVdWIoEFWArhKETVU2JaBrBJgyMESTaDIEvYdqqIRgSExFwCpUVF0ypSrWZB1ALBu6oskVQzSQjAAxAdRMSSYQENRzlkWzClXNAKquAoOIandgdK6ymvpin8I42KA_B3L9jPUoTNInXGZOB2s73LEqec1NyAqCsgyQIGOgCghAJKgE9xSmClA9LLmSt89lw4i2A_cLN24l7p-zLiSOb1HPa9K431Mnwx5khgFXHhrKF5hx5jxzlGGfD_Y63_t0eupD_tzFt87HN9OdgNkfLGkLVTvyK9Wb0bUoad0J5-K2KS7OI_m63tZuxYqD0f10KVxZ8IwZtQy3s-x2NrubzQ1xBYbnqvPwMMs-OsHs5v5nvc5JtjsM8zkntGOr7Qbu2ASEtksAkQSiUCAgaGPBthUiANtBkkMsQonVHUb5rNO0glYyNrnJB249DRu0zZc3-fVWUnecvrpnNVdpwpdv872Q_PLW1taDkWO5740wR6e-dh--OHz8_vvswei0NNXwHKjZK_5KAGtY0mqNJVOpKda8dxkvUs13cO0qUTYarUszrwrM5wLzGw2&cbcxt=&username=asdasdasa%40schaeffler.com&mkt=&lc=false
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        13.107.138.10
                                        		unknownUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        142.250.185.78
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        13.107.136.10
                                        		dual-spo-0005.spo-msedge.netUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        216.58.206.78
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        20.190.155.1
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        142.250.185.100
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        142.250.185.227
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        159.51.234.114
                                        		fsp.gs.schaeffler.comGermany
                                        		20561AS20561-INADEfalse
                                        2.19.126.146
                                        		unknownEuropean Union
                                        		16625AKAMAI-ASUSfalse
                                        20.190.160.14
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        95.101.54.113
                                        		unknownEuropean Union
                                        		34164AKAMAI-LONGBfalse
                                        23.215.16.94
                                        		unknownUnited States
                                        		20940AKAMAI-ASN1EUfalse
                                        1.1.1.1
                                        		unknownAustralia
                                        		13335CLOUDFLARENETUSfalse
                                        74.125.71.84
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        13.107.253.45
                                        		s-part-0017.t-0009.fb-t-msedge.netUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        172.217.18.3
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        13.107.253.72
                                        		s-part-0044.t-0009.fb-t-msedge.netUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        40.126.31.73
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        239.255.255.250
                                        		unknownReserved
                                        		unknownunknownfalse
                                        20.190.159.0
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        152.199.21.175
                                        		sni1gl.wpc.upsiloncdn.netUnited States
                                        		15133EDGECASTUSfalse
                                        142.250.184.234
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.2.16
                                        192.168.2.4
                                        192.168.2.23

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1541389
                                        Start date and time:2024-10-24 19:11:33 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Sample URL:https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:13
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        Analysis Mode:stream
                                        Analysis stop reason:Timeout
                                        Detection:CLEAN
                                        Classification:clean1.win@23/31@50/227

                                        Warnings

                                        • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 93.184.221.240, 142.250.185.227, 142.250.185.78, 74.125.71.84, 23.215.16.94, 34.104.35.123, 95.101.54.113, 95.101.54.114
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, a1910.dscq.akamai.net, accounts.google.com, edgedl.me.gvt1.com, e2556.a.akamaiedge.net, sconnect.schaeffler.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, ds-aksb-a.akamaihd.net.edgesuite.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • VT rate limit hit for: https://sconnect.schaeffler.com/community/industrial-global/rd-mechanical-products-industrial/development-ball-bearings/overview

                                        LLM Input / Output

                                        InputOutput
                                        URL: https://sconnect.schaeffler.com/___sbsstatic___/maintenance.html Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Click on the picture to open the new Intranet MySchaeffler",
  "prominent_button_name": "Click on the picture to open the new Intranet MySchaeffler",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://sconnect.schaeffler.com/___sbsstatic___/maintenance.html Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "Schaeffler CONNECT"
  ]
}
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "SCHAEFFLER"
  ]
}
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "Schaeffler"
  ]
}
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in with your organizational account",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "asdasdassa@schaeffler.com",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "SCHAEFFLER"
  ]
}
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in with your organizational account",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Incorrect user ID or password. Type the correct user ID and password, and try again.",
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "SCHAEFFLER"
  ]
}
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: gpt-4o
                                        ```json{  "legit_domain": "schaeffler.com",  "classification": "known",  "reasons": [    "The brand 'SCHAEFFLER' is a known brand associated with the domain 'schaeffler.com'.",    "The URL 'fsp.gs.schaeffler.com' is a subdomain of 'schaeffler.com', which is the legitimate domain for the brand.",    "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.",    "The presence of a subdomain 'fsp.gs' is not inherently suspicious and could be a legitimate part of the company's web infrastructure."  ],  "riskscore": 2}
                                        URL: fsp.gs.schaeffler.com
            Brands: SCHAEFFLER
            Input Fields: asdasdassa@schaeffler.com, Password
                                        URL: https://fsp.gs.schaeffler.com/adfs/ls/?client-request-id=091b5da1-9048-a000-4d3d-52a8fc571cf1&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAnVE_aNRgHE2a69k7W3t0saCghE5tc_d9yfclXw4 Model: gpt-4o
                                        ```json{  "legit_domain": "schaeffler.com",  "classification": "known",  "reasons": [    "The domain 'schaeffler.com' matches the brand 'SCHAEFFLER', which is a known brand.",    "The URL 'fsp.gs.schaeffler.com' is a subdomain of 'schaeffler.com', which is a legitimate domain for the brand.",    "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.",    "The presence of input fields for user ID and password is typical for login pages, which is consistent with a legitimate site."  ],  "riskscore": 2}
                                        URL: fsp.gs.schaeffler.com
            Brands: SCHAEFFLER
            Input Fields: Incorrect user ID or password. Type the correct user ID and password, and try again., Password
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Sign-in options",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://login.microsoftonline.com/67416604-6509-4014-9859-45e709f53d3f/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "Schaeffler"
  ]
}

                                        Created / dropped Files

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 16:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2673
                                        Entropy (8bit):3.9852779731689525
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:461031888A9788A16CA6EE20668FDE55
                                        SHA1:8E78E270BAC1BF834D8574984FC667C61D66EF25
                                        SHA-256:C40B1512EC06BCFFBD3EC9386C908A2C3D8B4021D913CCC4F6A71BB572948B34
                                        SHA-512:445C710B68FF1F12CF6BA55E05AA85BDA2E77376125B8435A5F965B030D0F6E4DED5484748154D4C2855329C75726199579C719A5E0FB04E860CBBCBBCF0A804
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....C...7&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 16:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2675
                                        Entropy (8bit):4.003232306019479
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:96C92D6202E84F0A929D09FFA889A3DC
                                        SHA1:DD51A053D782CEF8BC9CBAF7D9F0E3A119F749F6
                                        SHA-256:3286CE05D631364AA00929586F3CD5EF820FA096FEF396246E222B3ED8F34C24
                                        SHA-512:6D235A53ED0733E3591C14BE235CF0E0FE24DC1088603C79169243C1AF5AA8C066153DE4CBAD4BA9FF49D95776949A1B6AA9E97A628707CD776F36E42FBA32AE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....v...7&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2689
                                        Entropy (8bit):4.011270622639257
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5B7994BE4E9B3D7C9372156BA85505F2
                                        SHA1:B03DBC2770AEAC88681A571A57017494EFB06B37
                                        SHA-256:47634CA44FA66C28C9194DA128DDE77AD02EF1ECA9845F00F154BD208FDED3CB
                                        SHA-512:D4E86A64202152D6DEB8FB61E832AE02A4E23CF04E4D3FCC125FC08E7910F963AB4C75E34A10565DD59FAF59CCC00CDC6E45CD2FF61E7C5340FEC59B02448D46
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 16:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):4.00087932006382
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A6B0807CFCACF4C27C3C72608A349650
                                        SHA1:C43C61981F6F2DAE56AA7A7E00BB72952931F5EB
                                        SHA-256:77F890A25F29AF8EC4306AA4313AEB05B0E24332823ED04299DFDA4EA4436A4D
                                        SHA-512:4703955CD360916BAF3FB0B7D6A3A2237B4B738CF3395BFDA7E6B89F630F45A776FD0FCA0097C2802620385884CD095F378FD5F4EC28E5FD9440DE80ABC0C929
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,........7&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 16:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):3.9900184057981885
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9E9B9DAA81E5C0EAB5F1B8C2E531EF31
                                        SHA1:3B3D6A5E55509B841D5D24D0C5A77D7ED01F358A
                                        SHA-256:1DB9504B9DAAA2166A17BA294B5D3A30EB1705D96E1B8B6F4298AA139B4C24EC
                                        SHA-512:11E19339E5E9B34C6DC2B1A19C1A3A6C9545D16ED923D151B59B386B236D4894D72AFABDE0F241222D4E04EA758ED9DE4F355CECBD98CB5C0DC7CBD82E4C9528
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,.....{..7&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 16:12:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2679
                                        Entropy (8bit):3.997303114837033
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:67F07506D72A09874B566D4EC97BF2E3
                                        SHA1:9CCDC437969B1922C304C97A1BCC40A267D2CDD8
                                        SHA-256:AB091297E39E509C8EABC4FD6EC007537FA57448039B5DE8D1990DC014FAB5F5
                                        SHA-512:684855DB7C5E7AC77EBA4713DCD596127FF8AE516B8B050E624E98BF843D9AE8D29224E0B77AB7B00D3B16D669A4D11C6AE8975EC7002B83066A254CAEF1BCE2
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....h...7&..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IXYx.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VXY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VXY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VXY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............K.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        Chrome Cache Entry: 104

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
                                        Category:dropped
                                        Size (bytes):16326
                                        Entropy (8bit):7.987374325584103
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C217AE35B8592DC9F1E680487DAD094F
                                        SHA1:2E642562C2BFD8968629317FF212684C7EB59193
                                        SHA-256:D41992E79D7BCFCC1F32597208DD99033D99C04882EAFCC8508F2FA0EE728C6B
                                        SHA-512:EAF3BF49BCF58A7F7C39CBF35FD75862FEE98F611536080DFC794D288274CB9D67E95D0299679F7981E110B2577A47579D3623C7F11A6AC2A0CFA56AAEA2CAB0
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...........}Ms#.......\.@..'F.........C)$....`.......Q.x7...}..'.}..?e#...QU]....Vo.................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.>............4....F,&c.)n.[.pcQp...4...6...i.............CkL=....'.\..L......2.A..o.u..."*p.. Xx.......'l.[w..'c/^.FP.....q.h4.R+X.x...d..M.}.Z,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j.7.....?.)..t.z.-..m.]..3y...3@.3YO.KSz]...4.b........V..+.%.[.&........l.H>G.^<..{.$"..-.i.........`qcw...`.[....as[.+.X...n..X..%,:......am."a....^o@@.`].....( (b...k..B.0.....AX.D.?...,..-<@k.;..(*..C.]...:.nn..8..s...."4.. ...J...P.n....F.3G..u..;9&.{.2.80.XB.....@.qw.:../.`.P?.+t..w6.a~..7...8k..U._......k,..o.....yQ..r.....}.E...B.r......?{...\fB....-.).Fb.;.p.N?(..P.?..p....F........)p..,`l...o@.;.x.....:..f.E....<0..#K\...K(?K/OX

                                        Chrome Cache Entry: 105

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                        Category:dropped
                                        Size (bytes):35168
                                        Entropy (8bit):7.99275807202193
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:D3B6AE9986DF244AB03412CC700335D0
                                        SHA1:BAAA1F9899178938F3881F09B18265E47DA806E3
                                        SHA-256:CA50059111D30C2E212C90805792EB543548AEF0D4941E886A778E3DCE0B9066
                                        SHA-512:755C57FBC9BECE435A477F76C5E8198CA8942C23BE667ACAB83A00E5CD4F54075B10AA07C7FDC10C38FC3D5C0C406C9132FEB5B67BA5BCCC57EF796054A84E7C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........:..z.>.y..u.....N...^..S.......z~@..;...n...K........x..A]....F.8X&Em..P.s.....a.g.|.d......._..C`.xQ...\..'...QP....?.R.{?....|.>........E4.GRz...z.k.z.}....h..>.{[E.:.....Pu. ..e6_.o.p*.w...>...:...o.k~...~..&E._..}}.}%[. ..#......z.5M.b.....z..k.H.4...l..D.o...z..M.+../..`....?y.J4.=....u.....Z.....E.d.....{0H^...8.....9..h......d..6j......../..z..V<.`.F.xm.y..yt.J....

                                        Chrome Cache Entry: 106

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2976
                                        Category:downloaded
                                        Size (bytes):1408
                                        Entropy (8bit):7.839078644153948
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CAD2983C576872EAA56B67B110C6DD2A
                                        SHA1:0C94C865CA5EE05C8BC89852070E8D1414FF98C5
                                        SHA-256:7EDBD3F7D9D83CEB1D6BF769B4B665ADF53B3C1A263F37CC2986A717FBF058A2
                                        SHA-512:8F5120AD984D336C9F1BCD78AAF2033EDDA039F4410DAC3F09F36500DBD067212C42690AE7C2EC3B7B934C68BFC620A5F5E03AB3031001A488D1016B17B32AAF
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpredirect_e74b7f721910c56d695c.js
                                        Preview:...........VmO.H..._1...{..hi.I]....%.N.E..$^pv..uB...o.C...!...g.g.x...^A..?..........g.#.......vx.|......a`,R.:G.`.J.. $W:S.Y40...,..VS..B...rk ....S5...t......:~H.Hhb"$Is.-...TVp.&..-..i.r...y"x...ke..F.bFJLN.m..0.`..Xi..v..s.+TS.)5...........$..r&f99.d.L...k0g..`.,T.....!'@q..B..?..q.m..A=s&.)(b.P..8...2b0..&.I..J.%.M4....(xX... ...Rx......S...|...U....%.....~s.m.yPo...UbmfZ..D.$..\M...')3d:.%........)...X......8RS&d........w.._R.+._.?......p..x......8....J..'h..W.~..&......A...8...a`......3...H:.~.....E.......>.#.v....t..3H...nW...J...Kx..j.D.aQJ..Y.hz.q..XP'..:%..H.e,.3...i.f.,......3.........aI.".i>r.|EPj..#tK...8R...H.i...6..%.Oi...........F....7..6....j... Z'._...m..M.F.k....].h....q&9....T.\<E..b.*.^........3.r./..1.D.4ePRY..?<...{..p.....6...H..mH.*#-.....A...D.VB..E..*3Y....T...S...S.l.TUS.u..T.-..STq.%..x.A.,"jV..4.._..>......n.eJ.5T....WK.5h.j..W...e....B..L`..0.QKx.....B.D+I.o..n.P\.;.7~{....&+Y.....?<.....u(L........u

                                        Chrome Cache Entry: 107

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 260 x 35, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):3443
                                        Entropy (8bit):7.741069926398627
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:50CEDFA81E50F4E35D3DC9F786E5461B
                                        SHA1:4683B23DEFACFE6A4ABA7F9E3149D260562D8A7A
                                        SHA-256:376C24EC9469580276AD06195399EFC4ECDC8C1E35E7564DC49E02FC4C0292E3
                                        SHA-512:53524CFF8914C22D73C18AE3131D5D439A052FB1A9F14763F3DDC69C454F49CEF1A8A62627D5D55FB8767AB2ACF9804E8873D2548664552D6AE988F0B1DA6DB1
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fsp.gs.schaeffler.com/adfs/portal/logo/logo.png?id=376C24EC9469580276AD06195399EFC4ECDC8C1E35E7564DC49E02FC4C0292E3
                                        Preview:.PNG........IHDR.......#.....r.t0....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:6c3b25c7-af6d-584d-aed3-f9f465577bd3" xmpMM:DocumentID="xmp.did:D6761B17921611E7A5AD842BA56495C9" xmpMM:InstanceID="xmp.iid:D6761B16921611E7A5AD842BA56495C9" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6c3b25c7-af6d-584d-aed3-f9f465577bd3" stRef:documentID="xmp.did:6c3b25c7-af6d-584d-aed3-f9f465577bd3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.......IDATx..].l.E..B!.O..R.'..1

                                        Chrome Cache Entry: 108

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 119648
                                        Category:downloaded
                                        Size (bytes):40454
                                        Entropy (8bit):7.992737010031678
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:1D65BDDAE4EAEEFC77CB9CFECC565B5D
                                        SHA1:A7D87150DA1DF6AE6DB87D98760DB7D753DBF6B9
                                        SHA-256:B98D5BA052230DB0ABC1B0E7B09D814114F6B7C316836BEB88E7B49057DAFEC0
                                        SHA-512:F2CF9D120D7E18AE3FD77CD85176401A3EB7DB4AF10E16D58C21D86F738FC74525A21E3A319197435E43E50E61DFA8CB2F7207962105360E7BE5652A28165944
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js
                                        Preview:............{{..7..y...D4e.sH.v.w......m.r.....&..b.`.P."r...~k..\(...=n#.2..5.N..N~.v'....g..G......N.~q.i.KWq.d.I..N..Z.'.,-........>.e...&Y..'ON......K|.KQ.........^..WI.QT.oe.>..V........w.,/.Y.6..U.......Lo..U..C..{U......T....,.==.\..KrY..'wI..2wIyMw.K/.........B..{45r..r..Lw..3....I!l..lL.m....|!..k...J...Y.......Q.I.Wt...........-....Y..mI...vs.S.TP.....]P..;j3..."..Q.]P?.+qK7.q..]J}....qt[..D.j\."....&j..3.......72.fQ..l%_..A...$.m6..>.QD@... ^F.v..2z@uao,.|....@../....05.....4x...".I..(.._..e..R..HT.{.2O.....lT.we. _.P.'Iz..|..y...yM..j.P...~...~6*j.D.Li.e..z.tu~.lV~...qN...fg...V.7.;...<..........}...yf...`>.....g.y.*<q..7.i....h..\%%.q.z.>*.......^...M..u.n..1...z7t.......y..S..Bc.).....X.~.|F.....B0..E....d.B_.Z.....[.Z./..B8.e..-U....P..]N....k.%p...l<..\......A`W^...m.J5c...._I.j.t.......Q...1.*.B...>^...+d.p.o.bi.D..O...~... @..m*.4.z..uLd..Bc).:.x?..`..Ey....?.2...".....2}.?.FW.|d.~9...~.C.V..y.'..M..........`...E.77>..~?=+gs..t

                                        Chrome Cache Entry: 109

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 11970
                                        Category:downloaded
                                        Size (bytes):4880
                                        Entropy (8bit):7.966397036823352
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:03C76051E45F8BAFD592731BA31E82BB
                                        SHA1:58F5464CCAB2D8096ABCA4E4324DE38B7C4B829E
                                        SHA-256:F8D8EEB949623360942057B5ABDB018AC7AEDE91092961BA52A417F4C64700A7
                                        SHA-512:253A9F9D5F59AEC12DF2B69AB71414F6EA76EBD5464C66DD107347E20E303610BC371764EEFCBEC3FA031CC03A30C556486AD9DD833A2B6FAAA3714BDC2DDA95
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js
                                        Preview:...........Z{s..._..Fs.2.(9..RX..;[.m..LoWR2..JL)R....K.}...ERV...lfb.yp....'...........;..~:.8a.....=.:{}..pZ..E..(N...u....R.I...L.2.*..%..8LX$.%S..V2.$.*gI.+l..Iv....3.....s}v.....q...lu..B.4S.T.0.ih.:i.X..d7.x.`..S..Y...S...!y.......`.P,.Z.<|vI+-.\.cN..r .9..`..._..g....'K.;...........e...'N..|[........Y1U~..\..b....%....w&nWX.'wl..X^....s).R.....z}.....h.<&r..V"!.j.7q.|.j.'.S..O.O9s...^vz/:.#.&.J..~.;......;.y..@z.;.u.yy...)..?......'..l..i.........>.........s......[h...].^^.....v....NO|...._...._.._......[..)is:}{..5..{.m......n%...{......7....hw.{^@.s%c....,r.{/.*d.....x[..f..D..s.....1_..G.[.....A...E>.W.u"|.Q.A.n.....+l.>...b..S..Tt....z.,..Gb20'q",..d...>....vx..@.?]..u6............9...y.n.6..k\.U..#..)...R/.b...`...<P.M~.......K.l1...Vm.xX..A............Oa...cq.......[1....@O...Z..d....X..-Gr..UI...,KD....r.v.Yii..s..Z`vl0.F...*..Q....Gf.;.2.....\...X*#..r...*..Q.=L...D.s..d...W.@..#....I@....zmO..fA.g.v.&.......M....,N....

                                        Chrome Cache Entry: 111

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449028
                                        Category:dropped
                                        Size (bytes):122065
                                        Entropy (8bit):7.997626422878093
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:AA8BC8C5EE9148CD994872B1438C5ED6
                                        SHA1:955C9B9B66442B43A6B6290CF54E20BBCF144E18
                                        SHA-256:66C62A7D3E076AAA538C7F589BB2661726F18EF9343DF6F06A714C37A04B7A61
                                        SHA-512:288E76CC63F72885B47515716389CD03F840237C269CB03463348A576A565D12497AD2AD52430F1888FE0F2468C755DD43D08498CF11A6CB864301B7739B8569
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...........{W.H.8....F3...a,..E.Yc..i......,...Y.J2.1......R.LU....s.AY..................Oix..).NK7...KW...........`....G/..=.....3....0*y..F.0......7.l.4..i)yd.Y...$..^.@....R......%o...J..gP.7..(.7.....0..V...j..#.Yi..,*.<z.c..s.0..I)b...x...&....R..8..G.ji......-......\.pL...0@/....0h,...[U.DZ..7.R.....}6./...o.....:.;w.jn.1....._..<*..b.{.... ..J.....9.8{.16eA...........:B#.K,N...8.T.....$.R..8...?.R.^3...n...$......K...N..p>.....<...........9.Y.......pj{.l.J..Y..W.........A.......:py.m...+..B........l..uO...v.G..q..VMw........`.<..;;.....{}0.US..O..m..v<x..%3..Tu`...U...;.~{....c.?....?...v ..-E..2......{+.?.....va8...i...8)W.....X..7... EC.h..e....D,.GA..W.Na!..T..$k..[..2..ry .1,D}LdY=..a.>|k...-OE/.A...}./'V/..7%#..o(a.S....e!P8..UI.#.n.{).@.I....u.va.....$z#...[*.BX......l.|.U.Q.....&s\.nT..........Z...LK.~.|."...D;U{6......T$.C..^|%...e..!.5..T.......R........hY...~T...Z.....s...xZ|.vcO..)+k..Up.)#O..!Qr.#ty..

                                        Chrome Cache Entry: 112

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                        Category:downloaded
                                        Size (bytes):621
                                        Entropy (8bit):7.673946009263606
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4761405717E938D7E7400BB15715DB1E
                                        SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                        SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                        SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                        Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                        Chrome Cache Entry: 117

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):3519
                                        Entropy (8bit):7.762549650813448
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B07759E1CB34078FB2C32B693AD67434
                                        SHA1:E0916D4020425E8D81E1A46144E758FFA188651B
                                        SHA-256:E028133459705F6050283F1939DB6E0E521ADAB8BF3F5455482465F925996AD7
                                        SHA-512:0F8E232AA695CFD6A1A7A451953D64FFA95482BDE4DF03219C2386F7F5DEFC0273CE136E945BD3CED18197187868E65A9AA18DD847D72D92854654F3860A7F59
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.PNG........IHDR.......<............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)" xmpMM:InstanceID="xmp.iid:82171F8B921511E78C9CBE4CF24D31D5" xmpMM:DocumentID="xmp.did:82171F8C921511E78C9CBE4CF24D31D5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:82171F89921511E78C9CBE4CF24D31D5" stRef:documentID="xmp.did:82171F8A921511E78C9CBE4CF24D31D5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.J.C...-IDATx..........b.P..B.h........@....T..+....i...oM,.D,[mii.Ik..Tm./.....?...*......99......;...;.....q

                                        Chrome Cache Entry: 121

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 9285
                                        Category:dropped
                                        Size (bytes):3921
                                        Entropy (8bit):7.948633187405583
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BA9DA2AE129596B81DE1FAFFB02CD0F7
                                        SHA1:8208ED791107C4D13D2DB619560EAC4707B03074
                                        SHA-256:23DC170CF8AE0615D3E4A6F406DAE6A0FC002BB3CA385C0C2957BFE7000F147B
                                        SHA-512:068268534557DE84E01F01EE2E9D025F4651183AA7A46D67286FD2E2482FEC84C618F1559CEE8256F9FC1F5CE1F8EB6F5808A2F67E49CBAB1C05758A80A5FA19
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...........Zks.6..>..F.d2.9.f.....+;..+...V.*.EB......m]K.}O.$E..$..26.G..8}.....Q.(.z..#.E^h.>...Bj..Z.*R.r..GJ..eo.2..4UY..X....U-^..{N..3..P;:x[w...._y..[...'.....r]D..~.nr...y=..#[-.BN............~4.uV+;.m.:..\siUi...,.KW.......a&h....)...^.N....v.3.@..a.bT.....-!\.......y.WY...J?G.i.V1.T..;;n'...U..Z ..t2...5.....E2..7PoG..s.."....z...M;Ap.z.......8..}..:|.f8.......I2G....J..Q.....OS.T!c.s..*......u.....0....;.k.$............s..V..K....xa..H......h....Z.yE.s..oN.x @.gnex.}E..1;7 .A.q.f]..W.!..........7,K&2.`].Y.'..j..X.A..n.I....ZxF.W.......~6O...-..[?..~..y.M...;..=.B.^....h.k.=<...0.Z........4.......K... .1K.@.<...nY.^s..p.......J..p0..>..}5.:l..?.Y.N.Z.Bu[....GTz...`.#..d...3!...4....wzp. ..Iws...W..E.o....5{..3...I|!.]..E. o.'M..`.. ...U.(.X# .r..:..;.D....JV.Jx..4*..j....5}.B.VI....)1x5..dN...(...q.y..cF..*......$......"s$.j...M`.Bu..A2..W.....\...=+...l..6..c.E0q3....7....]....&v..]...^.....u.z.cp..4\.L,.-..(..

                                        Chrome Cache Entry: 122

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
                                        Category:downloaded
                                        Size (bytes):49804
                                        Entropy (8bit):7.994672288751266
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:6DE768A4DF1E0D0061CDB52EF06346C4
                                        SHA1:3829A667B97668008023DDA98F4C0772174C8EF6
                                        SHA-256:58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
                                        SHA-512:CC6966D2C2B43E762750102E734DA6B88D7BFB92DDB5D482EE25029337D95E997466E83001586F2B63DAEE890B5F3188E8EC0F1B084D5EB67CFEA55EDDFAD47D
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js
                                        Preview:...........m[.8.0........OL....;w..nf.0.ff.X.'V......4.r~........=........,..JU.......T~.l..?..E.....X..|t~P9...TN..G..?^.~.............Xx.0..Q..Fa4.#7.q...F.;......4...Q.W&~.@....O.*T.y.37J.+Ggf...P....Pz.N...>..a.D..<.m./A,*...Q.....WN.Q...8.Db$.G.H<...'....J,..8..{nG.2@HYkL../......=.pL....A?.&Ng.i,......2lo...$.<.3...?~pW..=...L..&x.QR.u3..#6q2....U.Y1..".M. .<W."7@......w..."H,@......0..P....p:...[...E].A..%..V.K\.......F.ir.}.Lc{s..O.g..(|.........9o..A.t.K....Wv.l6..T.......t.........+..........-w {l..g...V..\=W.j.oaT}t.J`E..$W......;.k.\.t.w~}".....jf..W..."..a..0y........@.T.1.G0.......*.Y_....../..........@.....*]+.*..*.q\.cR.....t.3S-5g....'U.j.d......y.n,:).|.?.FW...d...|.......*.`.3....kMKf...#..,DM.TY+..g.........e+.>...{y..N/..g-#FV.V.p.......Xs.(..{..}..-.O..H=."...........8M.g..!H..0.~.Tdf.;...$D%N .)..!..V...'r\.... ...&....J|."Nd%D:uw:.<W.+...H&.Z...L=..U.v....J.t.0%+...U..3M....y...L..G...p='.....pB"-..|.....j .a".i=O.R Q2..."...

                                        Chrome Cache Entry: 123

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):36
                                        Entropy (8bit):4.503258334775644
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:06B313E93DD76909460FBFC0CD98CB6B
                                        SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                                        SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                                        SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                                        Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                                        Chrome Cache Entry: 124

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):72
                                        Entropy (8bit):4.869248050168081
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6DEEB4296FBD564284B9085DF6AFA90F
                                        SHA1:0DE007F03B7FD1ED2DB2DF9B22CB7528E7FF691D
                                        SHA-256:D893C22A5425FD1DA003546226A5E5B4A4C190D37FB171FC3B43C49DAB1E43D0
                                        SHA-512:8FE440DEE88044DA6D16197C3E78BC48CDACF4437F9F5EAD16C4880BD1E0D55FC461F4AB85372836E98F80E5200E5B53EBBA7F072039D2AD063A143F65EFAA67
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlQHN9kPHAyYRIFDQGlaXISBQ1lIZnq?alt=proto
                                        Preview:CjIKCw0BpWlyGgQIVhgCCiMNZSGZ6hoECEsYAioWCApSEgoIIUAuKiQjPy0QARj/////Dw==

                                        Chrome Cache Entry: 126

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:GIF image data, version 89a, 352 x 3
                                        Category:dropped
                                        Size (bytes):3620
                                        Entropy (8bit):6.867828878374734
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B540A8E518037192E32C4FE58BF2DBAB
                                        SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                        SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                        SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                        Chrome Cache Entry: 127

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (64616)
                                        Category:downloaded
                                        Size (bytes):449028
                                        Entropy (8bit):5.448567122786254
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0D04E619F3843263D447E55E85CF14E9
                                        SHA1:2FCB499E93BCD0BE38355F6957E0FDFFF3D8B004
                                        SHA-256:A286901D020DBB97BDED75B5150D495AB28566B21735000058B598E0E6667E23
                                        SHA-512:22744EB9ECA78B4EC6086292B267F171B14AE53D14CFA449C3E565AE249ABC8EECC4750FADDFC4EAA24EA9211FB1C9DE75597DEC70832F3C2F43B9C40D46AD9B
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_DQTmGfOEMmPUR-Vehc8U6Q2.js
                                        Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                                        Chrome Cache Entry: 129

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
                                        Category:downloaded
                                        Size (bytes):20400
                                        Entropy (8bit):7.980289584022803
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F0DE9A98DBDFA8C02742CE6D92FB2524
                                        SHA1:CDEC682AEB9E39EDCCC2374DAB26F04DB754A8B5
                                        SHA-256:FAF4294F27A542B0F9EA2A7CB2711529AB027CD84A5F5BADFAE752100855E6BE
                                        SHA-512:856FC9AB199997E69A9487372BC0083564F7115B3E0678CF1D542B9864E9A88D5FFB85697FD93538DC9439071E3BCD4B8BCCBFC610E1A45DE104D6362D8ADCD9
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                                        Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                        Chrome Cache Entry: 130

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):315
                                        Entropy (8bit):5.38000372032164
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:67932D4B695E1D6B19DFC2E3610761FF
                                        SHA1:A66898B36C94C53766E66C1A7AAEB149447EC083
                                        SHA-256:CE7127C38E30E92A021ED2BD09287713C6A923DB9FFDB43F126E8965D777FBF0
                                        SHA-512:97408B30995B72417494DACA4C67488B77E3121A9DB8BB3C2F204B49944457CAA1AF4B75730511B39FC9BABCCA5E1440168C3DBF3377B072866295BD490710FE
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fsp.gs.schaeffler.com/favicon.ico
                                        Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>..<BODY><h2>Not Found</h2>..<hr><p>HTTP Error 404. The requested resource is not found.</p>..</BODY></HTML>..

                                        Chrome Cache Entry: 131

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:GIF image data, version 89a, 352 x 3
                                        Category:dropped
                                        Size (bytes):2672
                                        Entropy (8bit):6.640973516071413
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:166DE53471265253AB3A456DEFE6DA23
                                        SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                        SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                        SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                        Chrome Cache Entry: 132

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (12701)
                                        Category:downloaded
                                        Size (bytes):13363
                                        Entropy (8bit):5.38931773767702
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:15DE19F42B35806FAF815298644157E0
                                        SHA1:62315E4A2013AAEC6AF762D71FCC800136494628
                                        SHA-256:7F06DEF529E0076B37F65C60085A6B1C65F1BBAB0B1F87C72C188018B5094966
                                        SHA-512:6506BA8B6465070FEAA86BE8803F53825B9A9922D394043CC7052CD6FBEA9548C343E6EEC7137C5D3A5BA80C11A1B02C6C6B442AE59DA3D48DEC14602062B2DB
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://ds-aksb-a.akamaihd.net/aksb.min.js
                                        Preview:/*.Copyright 2010 Google Inc..Copyright 2016 Akamai Technolgies..Licensed under the Apache License, Version 2.0 (the "License");.you may not use this file except in compliance with the License..You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS,.WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..See the License for the specific language governing permissions and.limitations under the License...See the source code here:. http://code.google.com/p/episodes/.*/...!function(){function e(e,s){function u(){this.data={},this.value=[]}function d(e,t){for(var n={},r=s.getElementsByTagName(t),o=0;o<r.length;o++)e.href=r[o].src||r[o].href,e.href.match(/^https?:\/\//)&&(n[e.href]=r[o]);return n}function p(e,t){if(e&&e.hasAttribute("rel"))for(var n=e.rel.split(/[\u0009\u000A\u000C\u000D\u0020]+/),r=0;r<n.

                                        Chrome Cache Entry: 138

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1420], baseline, precision 8, 909x691, components 3
                                        Category:dropped
                                        Size (bytes):158429
                                        Entropy (8bit):7.897185926959969
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E2AEB2D86A0D0B9B87C81FB1FEC1D522
                                        SHA1:6F2D22645AC2192B669E25BD12DE8C817C03EA81
                                        SHA-256:C933F606B128606BEA40F677E68C4AED7E6E9DF8666FB86CFE9550D1DB2EDDAD
                                        SHA-512:908E34E211E2D2CB38FBFF38108FD26A27AAAF1B5927E1A567818DC14F3B7BFD88F0DB9E8672F34E16B31D682872EA5D292C50C58E8F1F9DE3CE4DFD7CEF0E5D
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:......Exif..MM.*...........................8...........................................................................(...........1.....".....2..........i.............$............'.......'.Adobe Photoshop CC 2019 (Windows).2021:02:02 12:18:28.............0231...................................................................r...........z.(.........................................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................z...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?........%...{.uz..V...C.)........f>[.Y-t.Q.J.......5.h..R.Y.....}.e.cI.-.?k.

                                        Chrome Cache Entry: 140

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                        Category:dropped
                                        Size (bytes):17174
                                        Entropy (8bit):2.9129715116732746
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:12E3DAC858061D088023B2BD48E2FA96
                                        SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                        SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                        SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                        Chrome Cache Entry: 141

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
                                        Category:downloaded
                                        Size (bytes):294277
                                        Entropy (8bit):7.97636444977484
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C58FBA7DE8ECC5575996EC42DFFFF0FA
                                        SHA1:210160427E9A2750088CC96371A6CC287CFB69E5
                                        SHA-256:C3A0FC3E5F30ADA9ACBB7722A435EE415707F2A65A2AACB7583B24882AFE5C23
                                        SHA-512:6C764B6EF8366ECBC966DDF5C86B7D98DF513C2A3716792FE03649D746ACF157ED60387DE7308A1ECBBAE8A1684BF0B19A68A60D78855025E6E57A20A8652B3C
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://aadcdn.msftauthimages.net/c1c6b6c8-iscggc-5v5yuprsodcixzmvqpeuox6mjswd5b7ur1l0/logintenantbranding/0/illustration?ts=637777441034634148
                                        Preview:......Exif..II*.................Ducky.......H......Adobe.d.................................................................................................................................................8........................................................................................!..1A.Qa..q......"R.S....2Bb..#...r.3Cc.T...$d..s4D%..t.&5uF'.......................!..1AQa...q"....2....BR.b#r3.......$.CS............?....B..+.F.....+}+.6(......Q.[...U.Z.W|".i..h...052.#n......(....kb,[M.t...1....Hb.X1D>.A.XmP.7G4...J._1....%f............8d#..Q....pw.'.jW.....&...[..m..a..T.Z...U......LR..:.-@p."9...o....8Z.J[.-u.:.. ......n...._H&[... Fq...GR.D(.j.(.....U.......U...8M.8D.D.\.b..W.(.....X*........"11;B.0\...mV%s.Z.Oj.W:.....X...[....(*.....q.Q...`.!.;...0...UZX.z..d..4.8t.../d.t.<.J.^.....Q.......;..5..1.08.e.. %... ..2...T.V...]..(p.1.r.T......Q.....!...Hb.0..d@...QU..#.....Cg.9.G.."..JynAl.!#.0.hg1#..J...2'3..a...r.|TSC..T.....%.K...)...0%..i....c#......q..

                                        Chrome Cache Entry: 143

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):8161
                                        Entropy (8bit):5.015188315690596
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:22A3502D984BA498E4C7A700E9246310
                                        SHA1:E47CB0C94F82559AD41FAB72F5C4FF6282CFF578
                                        SHA-256:ACC6D6672BE88016A7B9A9D3DD94491B72C11A343E0B246B6C73564B11944B61
                                        SHA-512:8E1CC9880FBCE7F2F243D0BD0D52B14B6A9541A90ECDF0BD53D70E90E02CBF362C40F413CEAF87C2871FB1F4FA2CFE73D6CBB930FC7DF0454E1BCFC83572CA86
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fsp.gs.schaeffler.com/adfs/portal/css/style.css?id=ACC6D6672BE88016A7B9A9D3DD94491B72C11A343E0B246B6C73564B11944B61
                                        Preview:.* {...margin:0px;...padding:0px;..}..html, body..{.. height:100%;.. width:100%;.. background-color:#ffffff;.. color:#000000;.. font-weight:normal;.. font-family:"Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;.. min-width:500px;.. -ms-overflow-style:-ms-autohiding-scrollbar;..}....body..{.. font-size:0.9em;..}....#noScript { margin:16px; color:Black; }....:lang(en-GB){quotes:'\2018' '\2019' '\201C' '\201D';}..:lang(zh){font-family:....;}....@-ms-viewport { width: device-width; }..@-moz-viewport { width: device-width; }..@-o-viewport { width: device-width; }..@-webkit-viewport { width: device-width; }..@viewport { width: device-width; }..../* Theme layout styles */....#fullPage, #brandingWrapper..{.. width:100%;.. height:100%;.. background-color:inherit;..}..#brandingWrapper..{.. background-color:#4488dd;..}..#branding..{ .. /* A background image will be added to the #branding element at run

                                        Chrome Cache Entry: 96

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                        Category:dropped
                                        Size (bytes):116365
                                        Entropy (8bit):7.997737813291819
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:2D3FBED6DDD719FCC1BFB500B612FCEC
                                        SHA1:CD91B795DDE806AC8A38E51CCB6E8BAD8E57DA1B
                                        SHA-256:B2566B646F02DF4CE30B05D8223B78130A719D4EC9E4794A0106C371ADE33CC7
                                        SHA-512:A870E514B325D6FDC4D154438A8DD333C7AB46E545C1B27AC4869D9F1D8594CA1CDC530F5E96C835220DDAD4E1CEF841673696978031B5237E783972AEE701D1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...........k[.H.(.}..[..-..c.0DFxHBz.I......O.a...#yt......k...J..&...........^.~...._..j...W;.8<.....]....m...~.}<.8~s.~=.(....qm.Oy.~....jaP......h.F^......|oZ.G.M-...,...a..~..GW|...L....N.(y...Z-..Cm......p.......?.5/.QmS..b^K...jw..8.}..Q.....!.o..8...&X.x-.Im.F.D..U;.....-.T.:...1........8Ka..M.L.ZZ'....>........x....v.S;.<...0J.I.0.G.....B.F..c.k.~....C.:...r..,.w.q~....q......#42V.q..f|.kK...1o.mP.}.......N..n.w6.%^M.d.;...~2I.Z..fs...S/......F..=?...5....s..N.+.A.mx...j.T......?..W._p6.|.}|.{O.....2..`..._......g....j..xb^^...a.y.....s......4....q.Y..^T....X,.....m..~v,.....WP.U...:O".YoRX...7..S...zI.v.......mq.....E.,z.%....L|.>.M.'i..ki3.u+.~...x.=...?6.%?.[.G.`Z=.$.w..4.."...R.1.k.|..N.`......3...7.].'.E..).az......<a....4q..6.(..=~..........frk..?M#^Q.z..A..M.f.......S....s..d.e91._,zO.[X.......4.G..!.9Vg.......j.-?~.z.w..f.M............,...Z....w5..#.^..M.P.'.X.n/..mW.|......0...w../...>\...l.......h...q>.w...FC[....7.

                                        Chrome Cache Entry: 98

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):3452
                                        Entropy (8bit):5.117912766689607
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CB06E9A552B197D5C0EA600B431A3407
                                        SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                        SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                        SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://login.live.com/Me.htm?v=3
                                        Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                        Static File Info

                                        No static file info