Edit tour

Windows Analysis Report
https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8

Overview

General Information

Sample URL:	https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8
Analysis ID:	1417007

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1944,i,17392115233112207964,15943187408854648262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: 1drv.ms

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@15/30@10/32

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1944,i,17392115233112207964,15943187408854648262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1944,i,17392115233112207964,15943187408854648262,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8	0%	Avira URL Cloud	safe
https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
dual-spov-0006.spov-msedge.net	0%	Virustotal	Browse
sni1gl.wpc.sigmacdn.net	0%	Virustotal	Browse
wac-0003.wac-msedge.net	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dual-spov-0006.spov-msedge.net	13.107.139.11	true	false	0%, Virustotal, Browse	unknown
wac-0003.wac-msedge.net	52.108.9.12	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.253.122.103	true	false		high
1drv.ms	13.107.42.12	true	false		high
sni1gl.wpc.sigmacdn.net	152.195.19.97	true	false	0%, Virustotal, Browse	unknown
common.online.office.com	unknown	unknown	false		high
onedrive.live.com	unknown	unknown	false		high
m365cdn.nel.measure.office.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://onedrive.live.com/view.aspx?resid=D49A0E318B9FFBD4%211934&authkey=!AJbUxsj65nq4LGE	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.139.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.111.84	unknown	United States	15169	GOOGLEUS	false
20.189.173.6	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	sni1gl.wpc.sigmacdn.net	United States	15133	EDGECASTUS	false
20.42.65.93	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.48.203.201	unknown	United States	24319	AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG	false
142.251.167.139	unknown	United States	15169	GOOGLEUS	false
172.253.122.103	www.google.com	United States	15169	GOOGLEUS	false
52.108.8.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.9.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
13.107.42.12	1drv.ms	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.93.4	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.108.78.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.53.35.72	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417007
Start date and time:	2024-03-28 13:42:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@15/30@10/32

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.167.94, 142.251.167.139, 142.251.167.100, 142.251.167.102, 142.251.167.138, 142.251.167.101, 142.251.167.113, 142.251.111.84, 34.104.35.123
Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, clients2.google.com, accounts.google.com, odc-web-geo.onedrive.akadns.net, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:43:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.978699949537265
Encrypted:	false
SSDEEP:
MD5:	95F1E65F3BA77D84FF279B6777FA8FCC
SHA1:	457CBF5B5B4D0F2F012C08C7285C6FF8C1FDC16C
SHA-256:	1302F562B5B234744DAF2E09A0366905A1A51AC1E009BA21329A4563D9A6042D
SHA-512:	23F362956DFD5A585FA3621A15DE17B50D4E7B4E468916B4889AB2730FCC632CEFFE6C2DDD584FC0FA6C5B63151105461D64B17ACC01AEE0D9DCCAECB2697069
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......\|....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|Xee...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:43:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.990815866929556
Encrypted:	false
SSDEEP:
MD5:	9FB4BDD10C6F65EBEBE64F57DDA7ACB8
SHA1:	0B188AFE43150DE02EBDCE8E4599905DB2A1D04C
SHA-256:	8BFD1E7587AA6B5C92B9A39809FFD1A6D4E99AB438E749B89794628C3453FAE4
SHA-512:	D8F28623AAA01B496BD775D98CC5CDD7F282A4A1206029254AE2D526B3E2566923DE3B2F21C2F1C5296B90D330E3A8B841A9F24CC41725BDDA5DDEE70DF833F3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....\.\|....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|Xee...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.001992650486474
Encrypted:	false
SSDEEP:
MD5:	705B0C97064DB9BB5F116B1781E18A84
SHA1:	9FF8AFDA4BE27A592FC1E5841B74554B8E1805FC
SHA-256:	D4457A6F28C021BF4A908210684D8733CC055E391E2C26013277663FCB92C01A
SHA-512:	916C1246C185BF1DA2B801C4F6E9FBF8DFFEB4D23DEE236C813743FD92D66230D0ED67B5F338A5D0A63103DBB36F1E8297F2B447E72E12BA5C536278A461EF50
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:43:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9926574461378594
Encrypted:	false
SSDEEP:
MD5:	A90B01C9B3E39C72A79696A72D819E28
SHA1:	CF537E4C76CE7BC2D41E84F6FD7FFC0A0B9B853C
SHA-256:	268BF5073766A6128CB25E5BFAA0AE817CB6CD15D8A78098ECC5F0CF073468E3
SHA-512:	ED1836AFAD92BDA18E1749415BD4479471CEA3F1D8AC2C209A738ED6C642C1CE5D8C2F1F842414329ECD1FF04778C4ACB0BC68707C9D90BE4B8457BD8077642F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....,z\|....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|Xee...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:43:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9816245194704933
Encrypted:	false
SSDEEP:
MD5:	99544F6AB2E273F43B86833A312E81F3
SHA1:	6715D4AF885321370A73DC68CD37F75964ED8BDF
SHA-256:	B827739ADB53DDBB52BDEF22ABE1CFC211398067570FDA9E30EE355FA5E4E453
SHA-512:	6649A29AB9FAB68B3C1B9FF287F36359D61FCB8AB7B4C184DF1DA97631EEA9C184AE0E61095881BEE3304E96AA89F7866D49A441B19F8051F16FB113FF65EE9A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......\|....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|Xee...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 11:43:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.989049353893339
Encrypted:	false
SSDEEP:
MD5:	E7F99B717902BED4075DF3A008D30FAA
SHA1:	81D6ABC4DD2F1326CB3D944DF43EB94745DC906B
SHA-256:	A1A2326F59C7E953337BC6656FEB6A7AB6595C438DF8C39EBC2EFEE6BC2264D1
SHA-512:	E4296DE5FE3D50541AB5C2F718C97E080A9E3EFEDF34E1FD2374545FF44ABD27316EFB15CC72EB042504F8F55155B79BA102F1C2A065155C8D950B330ECAFB70
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....+q\|....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XYe....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|Xce....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|Xce....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|Xce..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|Xee...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	3.2776134368191165
Encrypted:	false
SSDEEP:
MD5:	825644F747BAAB2C00E420DBBC39E4B3
SHA1:	10588307553E766AB3C7D328D948DC6754893CEF
SHA-256:	7C41B898C5DA0CFA4AA049B65EF50248BCE9A72D24BEF4C723786431921B75AA
SHA-512:	BFE6E8DF36C78CBFD17BA9270C86860EE9B051B82594FB8F34A0ADF6A14E1596D2A9DCDC7EB6857101E1502AFF6FF515A36E8BA6C80DA327BC11831624A5DAEA
Malicious:	false
Reputation:	unknown
Preview:	Bad Request

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Java source, Unicode text, UTF-8 text, with very long lines (62392)
Category:	downloaded
Size (bytes):	62399
Entropy (8bit):	5.360400354554924
Encrypted:	false
SSDEEP:
MD5:	125326F9BF793A698B55E511C8E3B15A
SHA1:	4F7F25B412B467FE16D286D1B01ADA9F9DA1D3BD
SHA-256:	28D97C7A1D0E034940F6DB0AA0B80372AF9F646AF73B10680DA87F62DE8B1A71
SHA-512:	91B6896766BF5BF4FD092CA10F3FC5DF930E2D7127A2D5D5B0711233956E646010D79FEB997DB5F97CB600A0C8B166185EBE3E38AF411E9073246537F4431085
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-03-15.006/wacodcowlhostwebpack.manifest/637.js
Preview:	"use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([[637],{2107:(e,t,n)=>{n.r(t),n.d(t,{_InMemoryPropertyStorage:()=>zt,_OneDSLogger:()=>Vt});var a,i=n(7420),r=n(394),o=n(6282),s=n(3245),c=n(3385),d=n(5973),l=n(1089),u=n(7491),f=n(1899),p="locale",m="ver",_="name",h=(n(998).sB,(0,f.nc)({UserExt:[0,"user"],DeviceExt:[1,"device"],TraceExt:[2,"trace"],WebExt:[3,"web"],AppExt:[4,"app"],OSExt:[5,"os"],SdkExt:[6,"sdk"],IntWebExt:[7,"intweb"],UtcExt:[8,"utc"],LocExt:[9,"loc"],CloudExt:[10,"cloud"],DtExt:[11,"dt"]})),b=(0,f.nc)({id:[0,"id"],ver:[1,m],appName:[2,_],locale:[3,p],expId:[4,"expId"],env:[5,"env"]}),g=(0,f.nc)({domain:[0,"domain"],browser:[1,"browser"],browserVer:[2,"browserVer"],screenRes:[3,"screenRes"],userConsent:[4,"userConsent"],consentDetails:[5,"consentDetails"]}),v=(0,f.nc)({locale:[0,p],louserd:[1,"louserd"],id:[2,"id"]}),y=(0,f.nc)({osName:[0,_],ver:[1,m]}),S=(0,f.nc)({ver:[0,m],seq:[1,"seq"],installId:[2,"installId"],epoch:[3,"epoch"]}),D=(0,f.nc

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (35371)
Category:	downloaded
Size (bytes):	35429
Entropy (8bit):	5.296457486761157
Encrypted:	false
SSDEEP:
MD5:	BE73523C970F0BFA1C8F0A8C51F80BFC
SHA1:	B3BC3FD464E0A5766F27F84CA8D0C30993A26275
SHA-256:	494AE42932343D70F747F5937271E4BC7B020D53A1A2973876B15AF26DB7B1DC
SHA-512:	2069733C8CF8963223B4AA7945F9C21E6025113D8F7972605D92C4D67F0B3C909FE78DC75E0207E4DFBC9022E404B8363BF7C495C44FA4487F98B87FB3105E22
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h494AE42932343D70_App_Scripts/healthSmallOffline.worker.min.js
Preview:	!function(e){var t={};function i(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,i),o.l=!0,o.exports}i.m=e,i.c=t,i.d=function(e,t,r){i.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(i.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)i.d(r,o,function(t){return e[t]}.bind(null,o));return r},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i(i.s=0)}([function(e,t,i){"use strict";i.r(t);var r=function(){return(r=Object.assign\|\|function(e)

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	276545
Entropy (8bit):	5.210169676015203
Encrypted:	false
SSDEEP:
MD5:	D430811B564774189EAD799B71097A73
SHA1:	5D8ABE2E3C6AF89E8975660A3BF7F89A7B47D3B0
SHA-256:	1B95F583AD90711A65C18572F9E592981C23D9FE423F87E83AE10C363FA06C77
SHA-512:	F3A605CCB7CD81F322B2EA8A1C3793C9CC895D620F65FA16E9E99ADFD51FFFA13FAAC2425786B82B03C937B8D37626FC5225AD60C0C69824FDE7C231C3BB2DB4
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h1B95F583AD90711A_resources/1033/WordViewer.css
Preview:	.headBrand {. cursor: default;. line-height: 48px;. font-size: 22px;. margin-left: 20px;. margin-right: 20px;. font-family: 'SegoeUI-SemiLight-final', 'Segoe UI SemiLight', 'Segoe UI WPC Semilight', 'Segoe UI', Segoe, Tahoma, Helvetica, Arial, sans-serif;.}..cui-topBar1-transistionalHeaderUI .headBrand {. width: auto !important;. height: 24px !important;. line-height: normal !important;. padding-bottom: 12px;. padding-top: 12px;. display: inline-block;. font-size: 17px;. font-family: inherit;. margin-left: 17px;. margin-right: 17px;. font-family: 'Segoe UI', 'Segoe UI Web', Arial, Verdana, sans-serif;.}..cui-topBar1-transitionalReactHeaderUI .headBrand {. width: auto !important;. line-height: 48px !important;. padding: 0 6px;. display: inline-block;. font-size: 16px;. font-weight: 600;. font-family: "Segoe UI", "Segoe UI Web (West European)", "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;.}.@font-face {. font-family: "Segoe

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (396), with no line terminators
Category:	dropped
Size (bytes):	399
Entropy (8bit):	5.129908454352444
Encrypted:	false
SSDEEP:
MD5:	E25E8FAA8476126311D86535FD414584
SHA1:	942230C06874D8E8B3891463F9E789693FAAC8EA
SHA-256:	445998AD4E9D6692510AFB85EE4B37E51C27605DD125420366C9C6838A4D2C8E
SHA-512:	6F13204DE4886BEFE8B818F356899BCB1E3C5EDC44E223C721881B1407FC0BECC436C119ECFC69E45B17DC8DD682FA6D2D1D3CBA5733B2AC0C9EDFDDBFD5DB84
Malicious:	false
Reputation:	unknown
Preview:	.<?xml version="1.0" encoding="utf-8"?><docdata><status>CantFindSourceDocument</status><dialog><title>{webappfull}</title><description>Sorry, {webappshort} ran into a problem opening this {doctype} in a browser. To view this {doctype} please open it in the desktop version of {richclientfull}.</description><errorId>3e09715b-0d71-4387-b9c0-d4f8e4016899, 20240328054324</errorId></dialog></docdata>

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33338)
Category:	downloaded
Size (bytes):	2738072
Entropy (8bit):	5.369904215516929
Encrypted:	false
SSDEEP:
MD5:	699FCA76D222A6D58671BA8936498596
SHA1:	227ACD90F7107BE4955B78344C07946029714C89
SHA-256:	92FAE43049AD2703F68FD22DE4D2A643DCCE54DF2137DBF789EF44F3C4ED5F91
SHA-512:	48A4508FD3D2DD66ABE605FD72BCC227F04AFCD9C9E45F28F1924E54EBD3A28DEC8FE607F2FA540C696844F61F5A6A1AFFB5EDF2CB7554B350ACB57FD46409BF
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h92FAE43049AD2703_App_Scripts/WordViewerDS.js
Preview:	(function(){var __webpack_modules__={3567:function(e,t,n){"use strict";n.d(t,{a:function(){return d},b:function(){return p},c:function(){return l},d:function(){return u}});var a=n(6072);function i(e,t){return e?e+"."+t:t}function o(e,t,n,o,r){void 0===r&&(r=4),o&&e.push((0,a.d)("".concat(i(t,n)),o,r))}function r(e,t,n,o){"boolean"==typeof o&&e.push((0,a.a)("".concat(i(t,n)),o))}function s(e,t,n,o){"number"==typeof o&&e.push((0,a.c)("".concat(i(t,n)),o))}var l,c=function(e){var t="Activity.Result",n=[];return s(n,t,"Code",e.code),o(n,t,"Type",e.type),s(n,t,"Tag",e.tag),r(n,t,"IsExpected",e.isExpected),n.push((0,a.d)("zC.Activity.Result","Office.System.Result")),n},d={contractName:"Office.System.Activity",getFields:function(e){var t="Activity",n=[];return o(n,t,"CV",e.cV),s(n,t,"Duration",e.duration),s(n,t,"Count",e.count),s(n,t,"AggMode",e.aggMode),r(n,t,"Success",e.success),e.result&&n.push.apply(n,c(e.result)),n.push((0,a.d)("zC.Activity",this.contractName)),n}},u={getFields:function(

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (56772)
Category:	downloaded
Size (bytes):	194309
Entropy (8bit):	5.090257169638345
Encrypted:	false
SSDEEP:
MD5:	2ABB478A57BB8C4A9647E55DF2E1F67B
SHA1:	DBB4069927D215D346A9EBC6238ADDBCC77EBD5F
SHA-256:	93B44F1DDB6CB2E36FDE3018E77296A9BCD5AD9FE4031E5CB655BD68E0F43C85
SHA-512:	865F3A79A979FBFC52A3E63A95239B7FB8A6604A69F4D6205F0624576A16AED3DDD6AF3A366156D1A72A026850FDEFFE7FF8689DDB4E2F2DB941C7AED3B6D0FD
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h93B44F1DDB6CB2E3_App_Scripts/1033/common-intl.min.js
Preview:	var CommonStrings={qpsPloc_Name:"Pseudo",qpsPloca_Name:"Pseudo (Pseudo Asia)",qpsPlocm_Name:"Pseudo (Pseudo Mirrored)",afrikaans:"Afrikaans",albanian:"Albanian",alsatian:"Alsatian",amharic:"Amharic",arabic:"Arabic",arabic_Algeria:"Arabic (Algeria)",arabic_Bahrain:"Arabic (Bahrain)",arabic_Egypt:"Arabic (Egypt)",arabic_Iraq:"Arabic (Iraq)",arabic_Jordan:"Arabic (Jordan)",arabic_Kuwait:"Arabic (Kuwait)",arabic_Lebanon:"Arabic (Lebanon)",arabic_Libya:"Arabic (Libya)",arabic_Morocco:"Arabic (Morocco)",arabic_Oman:"Arabic (Oman)",arabic_Qatar:"Arabic (Qatar)",arabic_Saudi_Arabia:"Arabic (Saudi Arabia)",arabic_Syria:"Arabic (Syria)",arabic_Tunisia:"Arabic (Tunisia)",arabic_UAE:"Arabic (U.A.E.)",arabic_Yemen:"Arabic (Yemen)",armenian:"Armenian",assamese:"Assamese",azerbaijani:"Azerbaijani",azerbaijani_Cyrillic:"Azerbaijani (Cyrillic)",azerbaijani_Latin:"Azerbaijani (Latin)",bangla_Bangladesh:"Bangla (Bangladesh)",bangla_India:"Bangla (India)",bashkir:"Bashkir",basque:"Basque",belarusian:"Bela

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65514), with no line terminators
Category:	downloaded
Size (bytes):	642741
Entropy (8bit):	4.989257195099606
Encrypted:	false
SSDEEP:
MD5:	5EAE1DFD59B90A563D2F539B28252957
SHA1:	EAAE1962EA1728C1F6B65B25F25D339AD7C80203
SHA-256:	8918E9EDA2E2D69FF7205E6371BFC9532F4660C34BEA72C04578A8C9BF85A8E1
SHA-512:	C8BF4A3E706A768BA689052B1021B6F31428D537CFBCE34E66971CA0A483D56EF0558B3E70251E869CCCF48B1A74A83A073D7841E20BCAAE594575D78407A615
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h8918E9EDA2E2D69F_App_Scripts/1033/word-app-intl.min.js
Preview:	var WordRibbonStrings={About:"About",AboutFollowUps:"about Follow-ups",AboutFollowUpsLearnMore:"Learn more",AboutKeytip:"D",Above:"Above",AcceptAllChanges:"Accept All Changes",AcceptAllChangesKeytip:"B",AcceptChange:"Accept",AcceptChangeKeytip:"A2",AcceptChangeAndMoveToNext:"Accept And Move To Next",AcceptChangeAndMoveToNextKeytip:"A",Accessibility:"Accessibility",AccessibilityHelp:"Accessibility Help (Alt+Shift+A)",AccessibilityHelpDescription:"Find out about accessibility features in Word Online.",AccessibilityHelpKeytip:"A",AccessibilityMode:"Accessibility Mode",AccessibilityTab:"Accessibility",AccessibilityTabKeyTip:"A",Acronyms:"Acronyms",AcronymsKeytip:"AC",AppHomeButtonAriaLabel:"Word, click to open Word home page",AppHomeButtonTooltip:"Word home",Citation:"Citations",CitationAndBibliography:"Citation & Bibliography",CitationKeytip:"C",Activity:"Edit Activity",ActivityContextMenuLabel:"Show new changes",AdaptiveGroupTitle:"Current Selection",AddCentreTabStop:"Add centre tab stop

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 2944, version 4.30147
Category:	downloaded
Size (bytes):	2944
Entropy (8bit):	7.701609844461153
Encrypted:	false
SSDEEP:
MD5:	569A610DF4FD269FAA528A2197DFAA9A
SHA1:	CFC7596B939A341C5DDFFC53CFD607745AF18E8F
SHA-256:	09A1411BF361D3D649F4FF5098E0197510232477BF099872F58F5D1EC483E9AF
SHA-512:	EBD67AFCF7779E4700A5441548E3090FF2B17D4D6176160A21C0BB7F72605B6C082294A2A4CED484945685EBF33210FC883AF2AFC18948F7A8C2E62C1A53E242
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h09A1411BF361D3D6_App_Scripts/fonts/sharedheaderplaceholder-icons.woff
Preview:	wOFF..................u.....................OS/2...D...H...`1Y{.cmap.......N...j.F.@cvt ....... .......fpgm...........Y...gasp................glyf.......]...0\.+Hhead...X...2...6.c..hhea...........$....hmtx..............Eloca................maxp........... .%..name...............Spost........... .Q.~prep............x...x.c`a..8.....u..1...4.f...$..........@ ...........<...!$.X............x.c```f.`..F..H....\|... ........\......./..<....../.N..z.....jPs..#.......L....x.c.b.e(`h`X.......x............x.]..N.@..s$..'@:!.uC....K$.%%...J.......n..b.........\|.s...\|v..G)V.7........!O.6eaL.yV.e.j..kN..M.h....Lm....-b....p.N.m.v.....U<..#...O.}.K..,V..&...^...L.c.x.....?ug..l9e..Ns.D....D...K........m..A.M....a.....g.P..`....d.............x..SML.Q...?..,.P-..I..=...4.R....`j4-Q.F...5...h.?$......z.Gc.h.r3.D=..n\|.RR..a....L.{.f..I...w......iu;..I2.}.<.......[l.......(,..g`...`u....q..."G.yW.."nQ.P(...[....p@..P...-b.CA.z8.zD..CW=/x..... U...F.$..%"...(aURI.UNE

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1245
Entropy (8bit):	5.462849750105637
Encrypted:	false
SSDEEP:
MD5:	5343C1A8B203C162A3BF3870D9F50FD4
SHA1:	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
SHA-256:	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
SHA-512:	E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
Malicious:	false
Reputation:	unknown
URL:	https://word-view.officeapps.live.com/wv/ResReader.ashx?n=p1.img&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2FD49A0E318B9FFBD4%211934&access_token=4wmvh%2DIIGioExMjkzzWPCwQye8cZvs6hkgdziDuQeD%2DOg7w9ArZRC%5F0TIBb3xTJ7qBV9MMrJvwqVMAdj00PFEsOQaK9ypbvLOi8LNSV%2DF6MAUysA6g35Kffpuy7o%2DtWTIboD%5FD5TUhyQyPgia1XGNERQ&access_token_ttl=1713444192812&z=aRDQ5QTBFMzE4QjlGRkJENCExOTM0LjI5&v=00000000-0000-0000-0000-000000000802&usid=b2d8eb11-a25f-4216-875b-fbe6f9a7eed2&splashscreen=1&build=16.0.17527.41003&waccluster=SUS1
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31533)
Category:	downloaded
Size (bytes):	31583
Entropy (8bit):	5.317311913281239
Encrypted:	false
SSDEEP:
MD5:	4BB463474EC115E3347AF547B6494A41
SHA1:	6ABACE9F7ACE8B41E04BEF1466ED216AFF5B70D4
SHA-256:	7DDEB206B915ED1B3B879BC09765705C9ABAC62C38767EBED8297715DD03A73C
SHA-512:	6F49441DD9DFE4A4FD065ECF545A917D01694FA0C161A8393306254412C363B24ADDD0D06BB95479F164B3A5DDFD96E84E11B53445E73FA835E421E46AAD9A99
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h7DDEB206B915ED1B_App_Scripts/wp5/appResourceLoader.min.js
Preview:	var appResourceLoader;!function(){"use strict";var o,i,t,n,a={41259:function(o,i,t){i.wI=i.BD=i.S1=void 0;var n,a,l=t(37832),s=!1;i.S1=function(o,i,l){n=o,a=l,t.p=i,s=!0},i.BD=function(o,i){var t=n(o,i);return(0,l.loadScript)(o,t,"anonymous",5)};var c=new Map;i.wI=function(o,i){return function t(n){if(!s)throw new Error("appResourceLoader not initialized");if(c.has(n))return c.get(n);var l,e=Date.now(),r=-1,g=[];if(o[n]&&o[n].dependencies)for(var p=0,z=o[n].dependencies;p<z.length;p++){var u=z[p];g.push(t(u))}return l=(l=0===g.length?i(n):Promise.all(g).then((function(){return r=Date.now()-e,i(n)}))).then((function(o){if(a){var i="Chunk ".concat(n," loaded in ").concat(Date.now()-e," ms");-1!==r&&(i+=" (".concat(r," ms for extra ").concat(g.length," deps)")),a(512235483,306,50,i)}return o})).catch((function(o){throw a&&a(512235482,306,10,o),o})),c.set(n,l),l}}},37832:function(o,i){function t(o,i,n,a,l,s,c){return new Promise((function(e,r){var g=document.createElement("script");g.async

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5962)
Category:	downloaded
Size (bytes):	6092
Entropy (8bit):	5.032264743816216
Encrypted:	false
SSDEEP:
MD5:	DE83A7B3BC0A43A5F4E6BF8E71F5413C
SHA1:	BC3274E5C413EDFA65FB6333E63D7FBEFE1A12A8
SHA-256:	A5E36060F6EAB9C2B23DC2724F3758EDC2D38A7336A619BDB463C3B3A81077CF
SHA-512:	23EE201ED9392B9A846992DC3E9E071F219E75641DC907946CB7A5DEDF01F7AD6CCF9A5CA5ABD7B33C5CC77B408BDCEB2C74D3BBBD4F1B70B41183A280C38155
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/hA5E36060F6EAB9C2_App_Scripts/CompatParentElementFix.js
Preview:	//! Script# Mozilla Compat Layer.//! Copyright (c) 2006, Nikhil Kothari. All Rights Reserved..//! http://projects.nikhilk.net.//!.var selectNodes=function(e,t,n){n=n\|\|e;for(var o=(new XPathEvaluator).evaluate(t,n,e.createNSResolver(e.documentElement),XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,null),r=new Array(o.snapshotLength),i=0;i<o.snapshotLength;i++)r[i]=o.snapshotItem(i);return r},selectSingleNode=function(e,t,n){var o=selectNodes(e,t+="[1]",n);if(0!=o.length)for(var r=0;r<o.length;r++)if(o[r])return o[r];return null};function __loadCompat(e){e.Debug=function(){},e.Debug._fail=function(e){throw new Error(e)},e.Debug.writeln=function(e){window.console&&window.console.debug(e)},e.__getNonTextNode=function(e){try{for(;e&&1!=e.nodeType;)e=e.parentNode}catch(t){e=null}return e}}function _loadSafariCompat(e){Node.prototype.__defineGetter__("text",(function(){return this.textContent})),Node.prototype.__defineSetter__("text",(function(e){this.textContent=e})),Node.prototype.selectNodes=funct

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	158255
Entropy (8bit):	5.3449856586027895
Encrypted:	false
SSDEEP:
MD5:	F419DD51C7626C65C4C2915722AEF709
SHA1:	C9A8BE067764D3C0F8308CC4284A2A93849F6686
SHA-256:	301FFC8299A7DFE474EB6A88AF6B8D1B020FA35BC1B5BA21DB8C45BBCFA31241
SHA-512:	A62D430DD7D9CFF5FF7BF08ADA6497C80ADA36EFD58F514344B5172BD5D5B2A5231E54A9F594C2774EDF5F0CBDE513218929F3A3FD3E1E464A3F2F58012C6D04
Malicious:	false
Reputation:	unknown
URL:	https://wise.public.cdn.office.net/wise/owl/word.boot.4bda7072c239642f4416.js
Preview:	var Microsoft="object"==typeof Microsoft?Microsoft:{};Microsoft.Office=Microsoft.Office\|\|{},Microsoft.Office.Word=function(e){var t={};function n(i){if(t[i])return t[i].exports;var o=t[i]={i:i,l:!1,exports:{}};return e[i].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:i})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(i,o,function(t){return e[t]}.bind(null,o));return i},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProper

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Category:	downloaded
Size (bytes):	124426
Entropy (8bit):	5.305133634377139
Encrypted:	false
SSDEEP:
MD5:	9ABDF1AF6CECCDC2ABBF114766B1FC12
SHA1:	DB73D1174C47C9BCA61F14007DCA32D0B167215F
SHA-256:	892E3D437217BF722C9BCC7C7BDEBEDFB4A367815D885C88E0F581D056869F3B
SHA-512:	A420273E8D84EA3835A18BA992E5216A75C97B90EE0E71665430C63D8322F9EBC58FD13845B984D40A2E15EFD888CA530C89FE665FFDE36269250B3DFD1ED86E
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h892E3D437217BF72_App_Scripts/MicrosoftAjaxDS.js
Preview:	(function(){function getAugmentedNamespace(e){if(e.__esModule)return e;var t=e.default;if("function"==typeof t){var r=function e(){if(this instanceof e){var r=[null];return r.push.apply(r,arguments),new(Function.bind.apply(t,r))}return t.apply(this,arguments)};r.prototype=t.prototype}else r={};return Object.defineProperty(r,"__esModule",{value:!0}),Object.keys(e).forEach((function(t){var n=Object.getOwnPropertyDescriptor(e,t);Object.defineProperty(r,t,n.get?n:{enumerable:!0,get:function(){return e[t]}})})),r}var lib={},extendStatics=function(e,t){return extendStatics=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},extendStatics(e,t)};function __extends(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function r(){this.constructor=e}extendStatics(e,t),e.prototype=null===t?Object.create(t):(r.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (396), with no line terminators
Category:	downloaded
Size (bytes):	399
Entropy (8bit):	5.0887549569246815
Encrypted:	false
SSDEEP:
MD5:	A31A3018973D87FC999E83223DF8319C
SHA1:	9E67326C27502C39592F995C46C063F4FD844D0D
SHA-256:	3DFECA41BFEA1B865C48CCE2CD0F71EAB4536CCB0993175A14D4D8418D03E0A1
SHA-512:	31CBA139059728859999C37ABCC5545B3CFB3E2EEAEC904FDAC54B94BFC9628B28FC8519A4A06A71CFE7250152439ECAF0563931EFFA52BED327D066E40AF6AF
Malicious:	false
Reputation:	unknown
URL:	https://word-view.officeapps.live.com/wv/docdatahandler.ashx?WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2FD49A0E318B9FFBD4%211934&access_token=4wmvh%2DIIGioExMjkzzWPCwQye8cZvs6hkgdziDuQeD%2DOg7w9ArZRC%5F0TIBb3xTJ7qBV9MMrJvwqVMAdj00PFEsOQaK9ypbvLOi8LNSV%2DF6MAUysA6g35Kffpuy7o%2DtWTIboD%5FD5TUhyQyPgia1XGNERQ&access_token_ttl=1713444192812&z=aRDQ5QTBFMzE4QjlGRkJENCExOTM0LjI5&type=png&o15=1&ui=en-US
Preview:	.<?xml version="1.0" encoding="utf-8"?><docdata><status>CantFindSourceDocument</status><dialog><title>{webappfull}</title><description>Sorry, {webappshort} ran into a problem opening this {doctype} in a browser. To view this {doctype} please open it in the desktop version of {richclientfull}.</description><errorId>c3bb143b-b0ac-408f-bfc3-46180b242a83, 20240328054323</errorId></dialog></docdata>

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65449)
Category:	downloaded
Size (bytes):	189062
Entropy (8bit):	5.494841365645434
Encrypted:	false
SSDEEP:
MD5:	1C92CA609EDCAF459D5D303D18D5E01F
SHA1:	70CCFD76663AAD640420AC2641CE8118EB3E7C1F
SHA-256:	6B5D0217A768E65A1A185FF11BCE46D35DED75870F2AD0E824F9207C9ED125D7
SHA-512:	74A6B3C4A834F4898254D1BE2D496CE9F6CE40876A8D96B29373591E3FD7332AA5B596F87032E80780DBA5FC85DF7696CACC0E4AFCD158653235EC192E5778C2
Malicious:	false
Reputation:	unknown
URL:	https://wise.public.cdn.office.net/wise/owl/owl.slim.9f599d8496d4ee492e83.js
Preview:	/! For license information please see owl.slim.9f599d8496d4ee492e83.js.LICENSE.txt /.var Microsoft;!function(){"use strict";var n,t,e,o,i={9323:function(n,t,e){e.d(t,{X:function(){return u}});var o=e(4401),i=e(857),r=e(765),u=function(n){function t(t){var e=n.call(this)\|\|this;return e.H=t,e}return o.ZT(t,n),Object.defineProperty(t.prototype,"value",{get:function(){return this.getValue()},enumerable:!0,configurable:!0}),t.prototype.A=function(t){var e=n.prototype.A.call(this,t);return e&&!e.closed&&t.next(this.H),e},t.prototype.getValue=function(){if(this.hasError)throw this.thrownError;if(this.closed)throw new r.N;return this.H},t.prototype.next=function(t){n.prototype.next.call(this,this.H=t)},t}(i.xQ)},4813:function(n,t,e){e.d(t,{y:function(){return l}});var o=e(7191),i=e(3066),r=e(2055),u=e(3140);function s(n){return n}var a=e(4505),l=function(){function n(n){this.F=!1,n&&(this.A=n)}return n.prototype.lift=function(t){var e=new n;return e.source=this,e.operator=t,e},n.prototype.su

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	158237
Entropy (8bit):	5.344818143951061
Encrypted:	false
SSDEEP:
MD5:	CC8A4EF6016221EC13A9B2FDF17AC66D
SHA1:	3349028E0961B16E7DC4FDB40D61886EA04E70E5
SHA-256:	751BF82C6F339F07D131A90030FB1C6AB02032CF58D99A7E1EDFB26696FA313B
SHA-512:	5E02EBE33A594A5EF805A328A71D32EF0D50C4FF2920E4D8FEB351395439B77F0BE4A8517AA80360B8FE36D9E04EE7781BF1855390A1CBB80899BB47192A2895
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h751BF82C6F339F07_App_Scripts/word.boot.js
Preview:	var Microsoft="object"==typeof Microsoft?Microsoft:{};Microsoft.Office=Microsoft.Office\|\|{},Microsoft.Office.Word=function(e){var t={};function n(i){if(t[i])return t[i].exports;var o=t[i]={i:i,l:!1,exports:{}};return e[i].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:i})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(i,o,function(t){return e[t]}.bind(null,o));return i},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProper

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12986), with no line terminators
Category:	downloaded
Size (bytes):	12986
Entropy (8bit):	5.886084539301408
Encrypted:	false
SSDEEP:
MD5:	974C06FAF026A4AD6CC2B05335528716
SHA1:	C0AE80B977DF743813215AAE3701C354E141ACF7
SHA-256:	058ABF23B6CDA41733853DEF2C69074BBC3C1358D82C10F285E268B35D5E5852
SHA-512:	0C5DEA223D633C48654A1C33EC1837CCBC849A8EF5D19A10E2B6E23840AD9017BE691EDCAB82E948FB776ED47AD08BD1EDC2156DB354B006C11A31EE14F7FC46
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h058ABF23B6CDA417_resources/en-US/clientManifest.exp.js
Preview:	var ResourceHashJson={'app_scripts/1033/common-intl.min.js':'k7RPHdtssuNv3jAY53KWqbzVrZ/kAx5ctlW9aOD0PIU=','app_scripts/1033/common-strings.min.js':'Ijxm4qLs3Ig6U8d/SyxtT2Jq9AbmoSszMMABcSccCls=','app_scripts/1033/common-ui-strings.min.js':'+msHDinNqjgLmK40rH2FcLLcKnA7LtXQe00lGkD7eJU=','app_scripts/1033/commonintl.js':'cvHtEYp+ZeEoiYgMj+NmVkcUKU2bK911fPJpGYN+kDI=','app_scripts/1033/emoji-strings.min.js':'gasCqEh6a2ULhUyIOVfLmE//EIiXX1YCVKSOHXkIEQQ=','app_scripts/1033/mworda-string.min.js':'2eEJdijP4gqTitPF0yjSytAYrdx1vrkqERisUhrkJfI=','app_scripts/1033/wac-wordviewer-strings.min.js':'QWxqIw6r9fEvEDZ4u1KwPeoLnA/FnBedxpXqow1X3jg=','app_scripts/1033/word-app-intl-lazy.min.js':'syBCFs9fEwHJn5gViWp7z1fSQw7+wZskiAJrU0IA4vw=','app_scripts/1033/word-app-intl.min.js':'iRjp7aLi1p/3IF5jcb/JUy9GYMNL6nLARXioyb+FqOE=','app_scripts/compat.js':'peNgYPbqucKyPcJyTzdY7cLTinM2phm9tGPDs6gQd88=','app_scripts/compatparentelementfix.js':'peNgYPbqucKyPcJyTzdY7cLTinM2phm9tGPDs6gQd88=','app_scripts/es6-promise.au

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2242)
Category:	downloaded
Size (bytes):	3159
Entropy (8bit):	5.135757899968084
Encrypted:	false
SSDEEP:
MD5:	C4C364A3750E2848013E4D45D1A26710
SHA1:	099A7AE0C7D986A27E0952E17E4AE47AB3D98066
SHA-256:	8BF7EA6B1A31D3518D97CB5CC117ECF193FD1795BAD92AEC52BBBCA8693C9753
SHA-512:	280E083756D307C6C9EACCE7C780E01D086A2FCFBEBA094694CB4102FEEEF190456B19D8C3793DFECE34D0984A545B94C0C3DAC20E41E5639A27A781E9094FEE
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-03-15.006/wacodcowlhostwebpack.manifest/en-us/initial.resx.js
Preview:	"use strict";(self.odspNextWebpackJsonp=self.odspNextWebpackJsonp\|\|[]).push([["initial.resx"],{186:e=>{e.exports=JSON.parse('{"VZ":"My files"}')}.,6526:e=>{e.exports=JSON.parse('{"I8P":"Close","eIm":"Open in Word","nBJ":"Open in Project","z43":"Open in Excel","BCU":"Open in PowerPoint","VfQ":"Open in OneNote","zZq":"Open in Visio","Mjb":"Open in Publisher","$Nl":"Open in InfoPath","s$z":"Open in Word Online","vrY":"Open in PowerPoint Online","$bJ":"Open in Excel Online","K1z":"Open in OneNote Online","c3l":"Open in Visio Online"}')}.,2841:e=>{e.exports=JSON.parse('{"wv":"Still here?","o5":"For your security, Personal Vault will automatically lock in 1 minute.","Fx":"Keep unlocked","b9":"Personal Vault didn\\u0027t lock","xL":"There was a problem locking your Personal Vault. If this happens again, you can sign out of OneDrive to lock your Personal Vault","Eu":"Retry"}')}.,6604:e=>{e.exports=JSON.parse('{"fileTypeDoc":"Microsoft Word Document","fileTypeExe":"Application","fileTypeLib":"L

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	unknown
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14064), with no line terminators
Category:	downloaded
Size (bytes):	14064
Entropy (8bit):	4.9348534528543455
Encrypted:	false
SSDEEP:
MD5:	1521E7461CD93D530811D643EE387E94
SHA1:	9DBCFD942F62467E137B074BE195C2F53902DE04
SHA-256:	416C6A230EABF5F12F103678BB52B03DEA0B9C0FC59C179DC695EAA30D57DE38
SHA-512:	7721E4B4240B9E437A45B7B1A676F5C5CE41857310B82FF79DEDD9C5580F2964D582E30D820482A8FD675FCA1076AFDF61A9CB32775DC325397B9D92EBEA9336
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/officeonline/wv/s/h416C6A230EABF5F1_App_Scripts/1033/wac-wordviewer-strings.min.js
Preview:	var WacWordviewerStrings={HeaderText:"Find",NumberOfSearchedPages:"(in {0} of {1} pages)",ProgressTextManyResults:"{0} matches",ProgressTextNoResults:"No matches",ProgressTextOneResult:"1 match",ProgressTextSearching:"Searching...",ResultsInfoText:"(in 0 of {0} pages)",ResultToolTip:"[Page {0}]",SearchBoxValue:"Search for...",SearchButtonTitleBegin:"Search options",SearchButtonTitleEnd:"Clear search and other search options",NextButtonTitle:"Next Search Result",PrevButtonTitle:"Previous Search Result",SearchText:"Use the search box above to find text in your document.",SearchTextV2:"Search for a word or phrase in your document.",ReplaceText:"Search for a term in your document and enter the term that you would like to replace it with.",FindFilterLabelText:"({0})",FindMultipleFiltersLabelText:"({0}, {1})",SelectedSearchOption:"Selected search option: {0}",SelectedSearchOptions:"Selected search options: {0} and {1}",FindPlaceholderTooltip:"Search the {doctype} for...",MatchCase:"Match cas

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11123)
Category:	downloaded
Size (bytes):	932863
Entropy (8bit):	5.392995843050695
Encrypted:	false
SSDEEP:
MD5:	36CCD431A267CFBF667D5D644D37C3B1
SHA1:	4D278C893F07DE6A6E11622FA2C9B5933098249D
SHA-256:	AA6C27F34BFB8C38D95411C30EEF93D6FB0840DBAB8621BB9B9C7824748AD965
SHA-512:	BB818A73A94709A310C00B06BAE36384AD84572FFA753C122F7BA33C14C6875D33A9632E5570E2511493892E75D77A6B04C5663803B53C6851E61C03376944DD
Malicious:	false
Reputation:	unknown
URL:	https://res-1.cdn.office.net/files/odsp-web-prod_2024-03-15.006/wacodcowlhostwebpack.manifest/wacodcowlhostwebpack.js
Preview:	/! For license information please see wacodcowlhostwebpack.js.LICENSE.txt /.var __webpack_result__;(()=>{var e={2785:(e,t,n)=>{"use strict";function a(e){r!==e&&(r=e)}function i(){return void 0===r&&(r="undefined"!=typeof document&&!!document.documentElement&&"rtl"===document.documentElement.getAttribute("dir")),r}var r;function o(){return{rtl:i()}}n.d(t,{Lo:()=>o,mk:()=>a}),r=i()}.,2480:(e,t,n)=>{"use strict";n.d(t,{Y:()=>s});var a,i=n(7420),r="undefined"!=typeof navigator&&/rv:11.0/.test(navigator.userAgent),o={};try{o=window\|\|{}}catch(e){}var s=function(){function e(e,t){var n,a,r,o,s,c;this._rules=[],this._preservedRules=[],this._counter=0,this._keyToClassName={},this._onInsertRuleCallbacks=[],this._onResetCallbacks=[],this._classNameToArgs={},this._config=(0,i._i)({injectionMode:"undefined"==typeof document?0:1,defaultPrefix:"css",namespace:void 0,cspSettings:void 0},e),this._classNameToArgs=null!==(n=null==t?void 0:t.classNameToArgs)&&void 0!==n?n:this._classNameToArgs,this._co

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1208
Entropy (8bit):	5.4647615085670616
Encrypted:	false
SSDEEP:
MD5:	D29FA9F2AB3A72F2608E8E82C8C3D1C6
SHA1:	8B21CC06752837B4B6B8FEF8D54F50EB2C7CCA8F
SHA-256:	E1B0A10649C4B92F828523EFC2EBE135EA9488179A2816888D1E84F786202DBF
SHA-512:	824A207E3F5AF4934B7B50FE5E3F8585FAECA571C3C39E510C06DC8FBDF3E64B07811CAAE06239936BDDDDFA4C90E534F03C0DA8147AF9294042DEA6B0FBCB94
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>500 - Internal server error.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="content-

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5825)
Category:	downloaded
Size (bytes):	5826
Entropy (8bit):	5.916118037208907
Encrypted:	false
SSDEEP:
MD5:	D3121DEDC203091BE359BED7F3ED0EE3
SHA1:	76B7CBE13565BA9F3364BD6A7C084E8B40330F48
SHA-256:	CB733BFAD70A18BE777D66F3C50D96E47DCD01ABECBF103B6220337A3054768F
SHA-512:	94B97788651D391E25AC1B7C9AE2D00CB345BDE638D5B1F051474ED89484CADC14E0493C3E3466E110EA5CE630C44E6F4573A73ED287F199132F162F41E81652
Malicious:	false
Reputation:	unknown
URL:	https://wise-m.public.cdn.office.net/wise-m/owl/5mttl/production/50/manifest.js
Preview:	(()=>{var f={clientVersion:"20240326.8",files:{"owl.js":["owl.a44b9fc0ff36c8ba958c.js","sha384-bl/xr9VhdaX5EAIKNCMueTOv6lWZFl7Rvbg2eHEmSHRFA0KjMtmPGWBZMBMDJRmM"],"owl.slim.js":["owl.slim.9f599d8496d4ee492e83.js","sha384-jZbQA5TzuwpQgxruFWxI8COgAZsg/YDNicm9oNX9xBAowXrSbSvc9N7ymkPuiu7o"],"owlnest.js":["owlnest.8c724c00281567e9b60f.js","sha384-rD1EJW66KGjPx3ftnRaJQh6iKNBIGufaParAGeomqylLWccgPOi8LPEQChv6kFVH"],"authwebworker.js":["authwebworker.2f4b7efdc6e2f6d4e6d3.js","sha384-v9+nDRwhHbnovycDcmhSpKM8z90ZsTF693enOAycUE6GrvlYhupFCdtkb7Uqi3vh"],"sharedauthclient.js":["sharedauthclient.b39688d8bb142145880c.js","sha384-JsilRXC26IAm6lj3WGpsZIcVXTuhtclEmTkybPI6E2qIul74EaVMKaQowVwrgUGQ"],"sharedauthclientinteractive.js":["sharedauthclientinteractive.d7713dd2e5dac868e4df.js","sha384-sXLTSxP9wV7XiYocwfsehJKAtTRpEeTWH40Ee1Al8x6MtYm1/62aSSA7NPGMtg7K"],"sharedauthclientmsal.js":["sharedauthclientmsal.062627ecd737270a1c02.js","sha384-P5mY4zo49GVN/ZV69Cf2kzNAFbUgLNsE6oMtRigkNPYjDgo4q1zlWnam0oT5cu3Q"],"s

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Static File Info

Windows Analysis Report
https://1drv.ms/w/s!AtT7n4sxDprUjw6W1MbI-uZ6uCxh?e=cSk7V8