Edit tour

Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Sample URL:	https://gcv.microsoft.us/kgRWagmalJ
Analysis ID:	1417073

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcv.microsoft.us/kgRWagmalJ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,15349419578848157663,12396089134542083967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90

Source: unknown

DNS traffic detected: queries for: gcv.microsoft.us

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49756 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/30@12/136

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcv.microsoft.us/kgRWagmalJ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,15349419578848157663,12396089134542083967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1980,i,15349419578848157663,12396089134542083967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://gcv.microsoft.us/kgRWagmalJ	0%	Avira URL Cloud	safe
https://gcv.microsoft.us/kgRWagmalJ	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
eafd-3p-profile.usgovtrafficmanager.net	0%	Virustotal	Browse
customervoice.microsoft.us	0%	Virustotal	Browse
gcv.microsoft.us	0%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
eafd-3p-profile.usgovtrafficmanager.net	20.141.12.34	true	false	0%, Virustotal, Browse	unknown
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net	52.127.240.65	true	false		high
www.google.com	142.251.167.104	true	false		high
customervoice.microsoft.us	unknown	unknown	false	0%, Virustotal, Browse	unknown
lists.gcc.osi.office365.us	unknown	unknown	false		high
gcv.microsoft.us	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
20.189.173.8	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.16.100	unknown	United States	15169	GOOGLEUS	false
20.141.12.34	eafd-3p-profile.usgovtrafficmanager.net	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.182.143.213	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.111.94	unknown	United States	15169	GOOGLEUS	false
142.251.167.104	www.google.com	United States	15169	GOOGLEUS	false
142.251.163.113	unknown	United States	15169	GOOGLEUS	false
52.127.240.65	osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.127.240.59	unknown	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.16.94	unknown	United States	15169	GOOGLEUS	false
172.253.115.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417073
Start date and time:	2024-03-28 15:25:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://gcv.microsoft.us/kgRWagmalJ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/30@12/136

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.16.100, 142.251.16.139, 142.251.16.101, 142.251.16.138, 142.251.16.102, 142.251.16.113, 172.253.115.84, 142.251.111.94, 34.104.35.123, 52.127.240.59, 20.189.173.8, 52.182.143.213
Excluded domains from analysis (whitelisted): browser.events.data.microsoft.com, onedscolprdwus07.westus.cloudapp.azure.com, clients2.google.com, onedscolprdcus16.centralus.cloudapp.azure.com, accounts.google.com, edgedl.me.gvt1.com, gcc.lists.osi.office365.us.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:26:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9827603721574087
Encrypted:	false
SSDEEP:
MD5:	AB117E091586732C86AECE1EB1ED9157
SHA1:	924BBF11C31C68BA64266CD2D6769FC7E6AB7944
SHA-256:	E7A4B8884C03722394162A5D731DCF3EFA42F4EC46F1B903A532C944A342C390
SHA-512:	D47F462FAD20B6A2897D745776D1FD95EA3F2BCA0CDBCDEC18974A4AEA079C805BE425490B2E9568312C8AA9785AC453C4A133C48F6DC3E0B90846A0A3082D1A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....nm.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|XLs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:26:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.999626245218753
Encrypted:	false
SSDEEP:
MD5:	882AE387AE3E808E374B1961DBA888A8
SHA1:	452F9F3A62A3EF9549C466A496BF1C03FCDDB99F
SHA-256:	AE3427668FD6EBA340D37682E2FC1424218180699768B9A4A4E14A313CAE374F
SHA-512:	8D841848EF931F7D19732D2A29D1341B541F3A9EE975938E72FCC70ABEC1A0BDE099DEA9322B0FF87D8277F6BD7A83C8F336B0ED088535C3F7970F26C22CC1B2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....8.b.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|XLs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008022202313745
Encrypted:	false
SSDEEP:
MD5:	2EF72EBB6F39982CFEF7CF9673555280
SHA1:	DA57451E88EEA4FD0D6524833D650A999782EC01
SHA-256:	5E297A3540181F785D695252CF107B554BFBB7F924B6AB60C31B77F565FEB8FC
SHA-512:	65CE336B76C62E5AC3DB969B88F1C0354048146002165193D63559DAB62496C6C427AD9D0F95F6498D087A3B34AD78ADC0462C2F7F5F3517D05C828B9FD69E06
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:26:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998469907220674
Encrypted:	false
SSDEEP:
MD5:	9F3659A175F0A2960BC007E6E3EE556C
SHA1:	489A1759AD602DDE0AB097418300E82B7C88E60E
SHA-256:	215F4CA23166248D5C83D27409F7F1751BE3DE77DBB4DFF2C50E2113AEEA85F9
SHA-512:	2134C9761C5FB7AB3E1F34FE34DF834F0A6C014B763BD220B7B98E307CC5922A2D6376D27613783C8D5C531A31844306F8A44A6554D4A0E1497830B6BE9F3200
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....A].....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|XLs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:26:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988067919020201
Encrypted:	false
SSDEEP:
MD5:	27EC0CBDFFBA85B1B6E4AF157D11B9A7
SHA1:	707618105326448B3EAE99197D4B06E1D6982D2A
SHA-256:	01211EDAD081CF18F754AFDD88045A3E4863CC144D684DF2B19DF054BB028397
SHA-512:	69EDA40972D0B54E37B2680F616154210C635236546CC6312387ED4F48F7AE2299772036E143653636940915F1E4CBC92699807750130A007471DBFB2E9EA26E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......h.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|XLs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:26:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.999133654748524
Encrypted:	false
SSDEEP:
MD5:	07B67B9735DFD5C8001E51C6CAD56709
SHA1:	D2B413C4ECA2BF9B1A1978109DD8F43B8D2512BD
SHA-256:	D210E882EE8BB77EAC46D8520A3DAFC477731D12F02B4DC04F42323E82160760
SHA-512:	B0E08B77DDE14385978CBDF51BC3B81D4EBD55108475A7EF7F6A82ACD3B2756659708C17ECD6089C9B4995C3AB708C391AA6CC5E6CAAA6B604CF7877C02636BB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......T.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|XAs....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|XJs....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|XJs....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|XJs..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|XLs...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............jj.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	5.790142327810594
Encrypted:	false
SSDEEP:
MD5:	EE2B357FA5FBA69AF238168E3A1A27E1
SHA1:	B5DD4606BEDBF1D705A01F833802248E03D01518
SHA-256:	0FD813BAE48835570858A2508D9C29900B8A4CDDEBFF4A250E79AD12F8ACBDCB
SHA-512:	EC00810F1DAD54D6036359386C7A205953CF1E8F81909471376EA7F77786BAABCF2EBB37A68CEB63531147A92080195EF64D93FE750380038E0AA00797DFCBDA
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/FormsPro/Images/CustomerVoice/CustomerVoice.ico
Preview:	...... .... .........(... ...@..... .......................................................................................................................................................................................................p...{@..\|o..x...x...w...wo..s@..........................................................................................`..}...}...\|...{...{...y...x...x...v...w ........]e.`\d..[b..Ze.`......................................................`...........~...~...}...p...^...R...W...]...V.^f..^f..\e..]e..\d..[d..Zd............................................ ....................[...1...!... ...!...!...!.]f.._h..^g..^g..]e..]e..\e..\d..\d....................................0.................\|...E...!...!..."...!..."..."... .Zb.._h..^g..^g..^g..^g..]f..]e..\e..\f.P..........................0.....................3...#...#...#...#...#...#...$.x...`i..`i..`i..`i.._h.._h.._h..^g..]f..^g..`h .................. ....................G...

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2530)
Category:	downloaded
Size (bytes):	2764
Entropy (8bit):	5.353085253295088
Encrypted:	false
SSDEEP:
MD5:	1D91B187A32745D330A2077FDADD872B
SHA1:	055D7BB0CF69E295C06346221B784359FA9199E2
SHA-256:	2453F3D239A982DCF75B5DFA55261BC8BF77D04591F331847784AC4982E62F7E
SHA-512:	D05DB41A901DA52397F7EC77E72B5D68697F45DA6505A29EFE26443DB299FFE5F29EB4C9E8FF4F67E327A8EEB385B83D0BB94BE3F28CFC78BD0F4A770CB0307E
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[541],{85451:function(e,t,r){r.r(t),r.d(t,{createResultContainerInternal:function(){return a},validateQuizPoint:function(){return u}});var o=r(87363),n=r(7645),i=r(65863);function a(e){var t=function(e){if(e.state.IsStudentViewMode){var t=e.props.Response.Feedback;if(t){var r=(0,n.pm)().RuntimeView_FormComment.format(t),a=(0,i.q)({Text:r,ContainsHtml:!0,RenderMode:"RichText"});return o.createElement("div",{className:"office-form-formcomment-container"},o.createElement("div",{className:"office-form-formcomment office-form-theme-primary-foreground"},a))}return}}(e),r=function(e){var t=0,r=0,i=0,a=0,s=!1;(4===e.state.SubmitState\|\|e.state.IsStudentViewMode)&&e.formRuntimeMaster.TopQuestionRuntimeMasters().forEach((function(o){var n=o.Question.Model,m=o.Question;if(n.IsQuiz)if(m.hasCorrectAnswers(o.Model.QuizResult)&&++i,r+=n.Point\|\|0,a+=o.Model.QuizResult&&o.Model.QuizResult.IsAnswerCorrect?1:0,4===e.state.SubmitState)t+=o.Model.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	unknown
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64954), with CRLF line terminators
Category:	downloaded
Size (bytes):	213684
Entropy (8bit):	5.088778087762516
Encrypted:	false
SSDEEP:
MD5:	416B512C6FF81B7E3BD675E455905146
SHA1:	9F96EE2E55FDBED40B31BE7C24A97008A044404B
SHA-256:	C400728CA705268C42BAFCADB6FD5E3AEA844F950E145C6F7E835D08E4C22259
SHA-512:	4875EEE2972328A6653F3A83AB354647B74FA445E4E075C3D2651E453DDEC2967737626CD0E0BCC5D39A116F4C31AC20E5A58E03196382DB43B8E6269D3BF1A8
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction
Preview:	@charset 'UTF-8';/!.. Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/).. //!.. * Bootstrap v3.4.1 (https://getbootstrap.com/).. * Copyright 2011-2019 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.4992275471326932
Encrypted:	false
SSDEEP:
MD5:	AF469AC6ABAAF7DA1ACC59F7292E6671
SHA1:	75ACAD50ED8287D26D5EA2C7380B09B6095DA453
SHA-256:	AC8EA734A33366EF42F62398D95B4A9D912043522CF945405FD691F7AA342FED
SHA-512:	7422A346D1B74D672EB6DBEC85D63F3A6D8C394FA8318F128E9594469DFC4FDEAA190DE5426224BDB1B77C53E73CD29BA8A42780683B6B586C717F4AB3D8CE02
Malicious:	false
Reputation:	unknown
Preview:	{"privacyUrl":""}

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9175
Entropy (8bit):	5.3778692100555245
Encrypted:	false
SSDEEP:
MD5:	9F55861B9708E3CF188D3E5F7BF794B1
SHA1:	15AB48D729C9BCEE6E6FACD0D72893349549234B
SHA-256:	1769634A0DB9D0C9411EC0974DBF7F42BDE8C4AD538BCFEDFBB03DB48F89EF57
SHA-512:	599FC9340FE2A43FF9425ED15F883CD57A66E3E2088BF5748AFC0822328F7BB19707BC371F76B96AB56AEFF597CB96B44117C86F74678186DB12D814CF8C18EF
Malicious:	false
Reputation:	unknown
Preview:	{"description":null,"onlineSafetyLevel":0,"reputationTier":1,"background":{"altText":null,"contentType":"image/jpeg","fileIdentifier":"02b744e6-d92e-45cf-9ae5-9fecbeb50914","originalFileName":"47494f20-d03a-49e4-a394-b4a40de41b5d","resourceId":"6685daff-ccf3-485c-b628-8e1f6f534e44","resourceUrl":"https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44","height":null,"width":null,"size":null},"header":{"altText":null,"contentType":"image/jpeg","fileIdentifier":"6056f839-2737-4a53-9b72-bb7cf1d3aa87","originalFileName":"2ec7c477-1653-40ce-a26d-d1dd9b655047","resourceId":"e88bc255-d6b4-4f67-8eee-0315d61af2d3","resourceUrl":"https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/e88bc255-d6b4-4f67-8eee-0315d61af2d3","height":null,"width":null,"size":null},"logo":{"altText":"Burwood

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14182)
Category:	downloaded
Size (bytes):	14434
Entropy (8bit):	5.41253474392622
Encrypted:	false
SSDEEP:
MD5:	39FE53EB9274BE422813B6756D3951E8
SHA1:	5E7E1AA6347DD66A7B52BB3AC94EC50BB0BEC9E5
SHA-256:	E91EBC90763C7B778FC6FD26FC0524D9D8584DE71A1A6E2ABB6D54492D3472D8
SHA-512:	AFD23FA265FBE11DFF9750901524E272E6261AFBDE6B680C005F67BCBBBF8F3D96E594D4C7381C6652BF1E70871AE37C5D0D9B4F084AAAD0E5D377645CC12227
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[581],{22184:function(e,o,t){t.d(o,{D4:function(){return c},K9:function(){return r},O8:function(){return m},YR:function(){return i},cL:function(){return u},el:function(){return l},f8:function(){return p},pP:function(){return a},t3:function(){return n}});var r=.5,i=1.5,a=4.5,n=3,l=1.5,s=[{BackgroundColor:"#eee6f2",BackgroundImage:null,Name:"CV_HBG_Professional",PrimaryColor:"#21052e",SecondaryColor:"#0f0214",Thumbnail:null},{BackgroundColor:"#e6eff2",BackgroundImage:null,Name:"CV_HBG_Friendly",PrimaryColor:"#185b75",SecondaryColor:"#13475b",Thumbnail:null},{BackgroundColor:"#e6f2eb",BackgroundImage:null,Name:"CV_HBG_Playful",PrimaryColor:"#237547",SecondaryColor:"#1b5b38",Thumbnail:null},{BackgroundColor:"#f2ece6",BackgroundImage:null,Name:"CV_HBG_Relaxed",PrimaryColor:"#68503c",SecondaryColor:"#4f3c2d",Thumbnail:null},{BackgroundColor:"#e6ecf2",BackgroundImage:null,Name:"CV_HBG_3DMolecules",PrimaryColor:"#416083",SecondaryCol

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, progressive, precision 8, 1920x1080, components 3
Category:	downloaded
Size (bytes):	159491
Entropy (8bit):	7.972237230603438
Encrypted:	false
SSDEEP:
MD5:	3ED3B2FB3E64AFC87CF38EE4BB74A415
SHA1:	488783638E3D903C1B890876AF57264036B85D22
SHA-256:	39E9110E7481C09A6C3DD85AC244848BE1517E17BC109852C12B062BA8F0C881
SHA-512:	A723182EBD451E7091216DCD64B269305CF5F2C447464F90A7C989A3DD345FA5EF6AD590439CF3E92B4923118FAEB4C589B9E1908834924FA2B2424796CA20B4
Malicious:	false
Reputation:	unknown
URL:	https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44
Preview:	......JFIF.............C.............................................$ $.5--5@99@QMQjj....C.............................................$ $.5--5@99@QMQjj.......8...."................................................. ...h.D......................h.................................$.................................. ...................................@................D...........*.....(....... ...5.s@....5..(...........4.....P...................".....".......... ..........4................@..................@h.... .......#...(.4...DDDD...........'G...........................".4........U...\..+.QE.P.... ..............u..........5.\...........T...........E@..EU...D...UE....TEh5..kQ..........'P...k............T.................. ...TP.9@.T.@..PQA.."5.j...........,........p........................QP....W=..........(...T...kZ................EPD. ..\..4..................................p.".E......Z.Q.................+..F...........4......". .... .......\...p..........h. . .4...8

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (63096)
Category:	downloaded
Size (bytes):	63334
Entropy (8bit):	5.118629744435472
Encrypted:	false
SSDEEP:
MD5:	2F2B6883DF506FA11029D1E46167C453
SHA1:	B0F9C2613CC01C3EE9B10F12E298CC815D149A05
SHA-256:	9FFB74A4DFB18D0DD5132133F104C008A15540DA87EF94A41F7B4C542D7F03C5
SHA-512:	9E03ADD5BDE740B30434CC44F0A120E5D7B8AFF97CC9CF464FC3122CA5502DE2E36CC46113D2E9F11A6FE65283A0E0461F57393DC3346AF06C4427EBF88956D2
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[527],{41293:function(n,t,r){function i(n,t){n\|\|(console.assert(n,"Nerve - "+t),s("assert failed: ".concat(t)))}function e(n){return s("TODO: ".concat(n))}function u(){return s("to be overridden.")}function o(n){if(n="Nerve - warning: ".concat(n),console.warn(n),c){var t=new Error(n).stack;c(t)}}r.d(t,{ZK:function(){return o},_y:function(){return s},ct:function(){return u},hu:function(){return i},ys:function(){return e}});var c=null;function s(n){throw Error("Nerve - "+n)}},42874:function(n,t,r){r.d(t,{k:function(){return e},s:function(){return u}});var i=r(36630),e=function(){return function(n){void 0===n&&(n={}),u(this,n)}}();function u(n,t,r){void 0===r&&(r=!1),(0,i.zO)(n,"__nerve__",t,r)}},39923:function(n,t,r){r.d(t,{J4:function(){return w},bn:function(){return a},f4:function(){return h},u9:function(){return l}});var i=r(26203),e=r(41293),u=r(42874),o=r(36630),c="Spec",s=Object.freeze({IsKeyField:!1,IsLocalField:!1,IsNum

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47337)
Category:	downloaded
Size (bytes):	106570
Entropy (8bit):	5.4234875389706785
Encrypted:	false
SSDEEP:
MD5:	0627D9EF086A17447095E99090FD9AFA
SHA1:	584B355FA3F176BF0658A87C6267D0B95F3CA34A
SHA-256:	B2A2FBED29B3EE7A0BE695ADC0A7C45C7EFAE9F958030D77E0944A9C9C7672D2
SHA-512:	AF41386B0CF7ED67C7FAF0D9A96C8C6DAEF83EEE8337DEBCABC1FCBC17A26E80E142E1BF5D55A8163BF1B187B429810AB9AA2F3F02CEA3FC2BD781E6A3589E4E
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[641],{43626:function(n,e,t){t.d(e,{Z:function(){return D}});var r=t(49577),i=t(71106),o=t(55028),u=t(14270),a=t(96933),c=t(28185),s=t(70390),f=t(52863),l=t(60503),d=t(51616),v=t(79498),p=500;function h(n,e,t){e&&(0,a.kJ)(e)&&e[s.R5]>0&&(e=e.sort((function(n,e){return n[l.yi]-e[l.yi]})),(0,a.tO)(e,(function(n){n[l.yi]<p&&(0,a._y)("Channel has invalid priority - "+n[s.pZ])})),n[s.MW]({queue:(0,a.FL)(e),chain:(0,d.jV)(e,t[s.TC],t)}))}var g=t(10015),m=t(68886),y=t(51108),C=function(n){function e(){var t,r,u=n.call(this)\|\|this;function f(){t=0,r=[]}return u.identifier="TelemetryInitializerPlugin",u.priority=199,f(),(0,i.Z)(e,u,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[s.MW](e),{remove:function(){(0,a.tO)(r,(function(n,t){if(n.id===e.id)return r[s.cb](t,1),-1}))}}},n[l.hL]=function(e,t){for(var i=!1,u=r[s.R5],f=0;f<u;++f){var l=r[f];if(l)try{if(!1===l.fn[s.ZV](null,[e])){i=!0;break}}catch(n)

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (379), with CRLF line terminators
Category:	downloaded
Size (bytes):	3420
Entropy (8bit):	4.770180438067068
Encrypted:	false
SSDEEP:
MD5:	0F7CCE9368A5285559D7EF3E641F18A4
SHA1:	0E25DA9ABEC63112710CAEB14123215D24A84876
SHA-256:	BC1832CD33B67E74FE000BDBCADB002EB3B6D47F403CD56972545898474EAF0F
SHA-512:	7602E887F299D9A5CC35844755AB7F2012CA782B2ADCC489DB28CF3B9F7540D6D800139B92CCC3475933890CD36F1BB576B5CAE5E5437C99D8B16DCDD15B1F30
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction
Preview:	<!DOCTYPE html>..<html>.. <head>.. <title>Runtime Error</title>.. <meta name="viewport" content="width=device-width" />.. <style>.. body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} .. p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}.. b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}.. H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }.. H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }.. pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}.. .marker {font-weight: bold; color: black;text-decoration: none;}.. .version {color: gray;}.. .error {margin-bottom: 10px;}.. .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }.. @media screen and (max-width: 639px) {..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	9227
Entropy (8bit):	5.377630791385411
Encrypted:	false
SSDEEP:
MD5:	36E785EAB8C0489434AD4391C962B03B
SHA1:	A99D3AE16972DBCDB95B56DD858E258EA01A63F1
SHA-256:	2F48A1A0FEDEDC88FA71774F4F7D6C05A3E082F5892143BAB490C2E4BE9B6A95
SHA-512:	7A2CDC124912A3F1F85CEFB2F97DF3FEDD3B3751DDF4B9A40E6343DFEE59CEE77B1760CF9AD2F2631FBD97DBD2842F93B8F71FBAA13FADD08169D19DDA540CDE
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices)
Preview:	{"description":null,"onlineSafetyLevel":0,"reputationTier":1,"background":{"altText":null,"contentType":"image/jpeg","fileIdentifier":"02b744e6-d92e-45cf-9ae5-9fecbeb50914","originalFileName":"47494f20-d03a-49e4-a394-b4a40de41b5d","resourceId":"6685daff-ccf3-485c-b628-8e1f6f534e44","resourceUrl":"https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44","height":null,"width":null,"size":null},"header":{"altText":null,"contentType":"image/jpeg","fileIdentifier":"6056f839-2737-4a53-9b72-bb7cf1d3aa87","originalFileName":"2ec7c477-1653-40ce-a26d-d1dd9b655047","resourceId":"e88bc255-d6b4-4f67-8eee-0315d61af2d3","resourceUrl":"https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/e88bc255-d6b4-4f67-8eee-0315d61af2d3","height":null,"width":null,"size":null},"logo":{"altText":"Burwood

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47421), with CRLF line terminators
Category:	downloaded
Size (bytes):	369103
Entropy (8bit):	5.381338995618774
Encrypted:	false
SSDEEP:
MD5:	6E9386843C22345A256F324692D627F2
SHA1:	FEF7FADB3A27032695AAB726682A340D583BFC51
SHA-256:	D40E9F33813211AA5DFABEEBF4A1571D488E56878954DE4D513A25B3525B3988
SHA-512:	C90E8A26A10AFA84C74C1D4828466E75D0FB24E826BB984EE0C50C96E44488031D4F43068614559A77967BE58E63E5BB12D3BF0999F763725BC7E1C0BF75C6BB
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction
Preview:	!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var i=t();for(var n in i)("object"==typeof exports?exports:e)[n]=i[n]}}(this,function(){return function(e){function t(n){if(i[n])return i[n].exports;var r=i[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,t),r.l=!0,r.exports}var i={};return t.m=e,t.c=i,t.i=function(e){return e},t.d=function(e,i,n){t.o(e,i)\|\|Object.defineProperty(e,i,{configurable:!1,enumerable:!0,get:n})},t.n=function(e){var i=e&&e.e?function(){return e.default}:function(){return e};return t.d(i,"a",i),i},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=30)}([function(e,t,i){"use strict";Object.defineProperty(t,"__esModule",{value:!0});!function(e){e[e.Unspecified=0]="Unspecified",e[e.String=1]="String",e[e.Int64=2]="Int64",e[e.Double=3]="Double",e[e.Boolean=4]="Boolean",e[e.Date=5]="Date"}(t.AWTPropertyType\|\|(t.AWTProperty

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	106748
Entropy (8bit):	5.6788269547528785
Encrypted:	false
SSDEEP:
MD5:	4D5CEEE45615E16FF9E5B59F07F06782
SHA1:	0117F6F4AAE69E34983830D95B99D240778EE2F0
SHA-256:	6FADE40437BEBEE439457D5683A1F6EAD708562697E7AD2F0C7A2148BC73F34E
SHA-512:	C74EBAEA4F1D9F8575E3931DBFCE3D427B07D265A772C8B1E986A1A07759CB30F516280EE018BEC2E126F4DD027BE47C121004267BAE903F8EC57CCBCA92D812
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction
Preview:	(self.webpackChunk=self.webpackChunk\|\|[]).push([[216],{47119:function(e,t,r){var n={version:{major:4,minor:0,build:1}};n.utils=r(93784),n.xml=r(95650),n.oData=r(33518),n.utils.inBrowser()&&(window.odatajs=n),n.node="node",e.exports=n},33518:function(e,t,r){"use strict";var n=r(93784),a=t.utils=r(35),o=t.handler=r(70701),i=t.metadata=r(29044),l=r(89412),s=t.net=n.inBrowser()?l:r(6126),u=t.json=r(20945);t.batch=r(97510);var c=n.assigned,d=(n.defined,n.throwErrorCallback),p=(a.invokeRequest,o.MAX_DATA_SERVICE_VERSION),f=(a.prepareRequest,i.metadataParser),m=[u.jsonHandler,o.textHandler];function h(e,t,r){var n,a;for(n=0,a=m.length;n<a&&!m[n][e](t,r);n++);if(n===a)throw{message:"no handler for data"}}t.defaultSuccess=function(e){window.alert(window.JSON.stringify(e))},t.defaultError=d,t.defaultHandler={read:function(e,t){e&&c(e.body)&&e.headers["Content-Type"]&&h("read",e,t)},write:function(e,t){h("write",e,t)},maxDataServiceVersion:p,accept:"application/json;q=0.9, /;q=0.1"},t.defaultMe

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (58457)
Category:	downloaded
Size (bytes):	102484
Entropy (8bit):	5.3424671715330785
Encrypted:	false
SSDEEP:
MD5:	62D1545FCE12E0397582E4D900A89EFD
SHA1:	D4B3BE160044C01E25B12F76973760386CEE2CA2
SHA-256:	8C677EE4A629FA0473A019BBA10B46E8BE2FD926705E2649BC743BD97839C57C
SHA-512:	E9DAC464E3678527ECFBEF8496BDA12C0F8FB34F055414C53B49D484DB734C81D74743838FD9D16BC7B6BE117E24F861F58E0970E00E8FDA4EAAD77A25A457BD
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/cdn/scripts/dists/telemetry-worker.1.js
Preview:	!function(){"use strict";var n={};n.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(n){if("object"==typeof window)return window}}();var t="function",r="object",e="undefined",i=Object,u=i.prototype,o=i.assign,a=i.create,f=i.defineProperty,c=u.hasOwnProperty,v=null;function s(t){void 0===t&&(t=!0);var r=!1===t?null:v;return r\|\|(typeof globalThis!==e&&(r=globalThis),r\|\|typeof self===e\|\|(r=self),r\|\|typeof window===e\|\|(r=window),r\|\|typeof n.g===e\|\|(r=n.g),v=r),r}function l(n){throw new TypeError(n)}function d(n){if(a)return a(n);if(null==n)return{};var e=typeof n;function i(){}return e!==r&&e!==t&&l("Object prototype may only be an Object:"+n),i.prototype=n,new i}(s()\|\|{}).Symbol,(s()\|\|{}).Reflect;var h,p=function(n,t){return p=i.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(n,t){n.__proto__=t}\|\|function(n,t){for(var r in t)t.hasOwnProperty(r)&&(n[r]=t[r])},p(n,t)};function y(n,r){function e(){this.constructor=n}t

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	108465
Entropy (8bit):	5.40389353056747
Encrypted:	false
SSDEEP:
MD5:	DA69DB81907CC110600C8989D38BB9D5
SHA1:	1CA81D11BCF858BC2774FD6C5414D83F06618406
SHA-256:	1D95A437A2BF9545D8B862A9C7CF8E8B9A38D6520258BCBED8BE63EB54455689
SHA-512:	BEF9FBCA4CB8F05615E8BDE3AE20BEE9F052129BF62FB82A5ED7C289ECB04704754A5A32E481DC4343FF276228CC0FCC683CF817D948B9BDF85C50A006ADBA72
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[653],{65690:function(e,t,r){function n(e){i!==e&&(i=e)}function o(){return void 0===i&&(i="undefined"!=typeof document&&!!document.documentElement&&"rtl"===document.documentElement.getAttribute("dir")),i}var i;function a(){return{rtl:o()}}r.d(t,{Eo:function(){return a},ok:function(){return n}}),i=o()},36178:function(e,t,r){r.d(t,{Y:function(){return c},q:function(){return i}});var n,o=r(59312),i={none:0,insertNode:1,appendChild:2},a="undefined"!=typeof navigator&&/rv:11.0/.test(navigator.userAgent),s={};try{s=window\|\|{}}catch(e){}var c=function(){function e(e,t){var r,n,a,s,c,u;this._rules=[],this._preservedRules=[],this._counter=0,this._keyToClassName={},this._onInsertRuleCallbacks=[],this._onResetCallbacks=[],this._classNameToArgs={},this._config=(0,o.pi)({injectionMode:"undefined"==typeof document?i.none:i.insertNode,defaultPrefix:"css",namespace:void 0,cspSettings:void 0},e),this._classNameToArgs=null!==(r=null==t?void 0

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3
Category:	downloaded
Size (bytes):	39813
Entropy (8bit):	7.6964344998051875
Encrypted:	false
SSDEEP:
MD5:	E71534E10B1241216874F6C9FAEAD237
SHA1:	55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD
SHA-256:	D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003
SHA-512:	757FE3CD0810AD020227C42A8D1603185A677C92E5231E4E2B8A3E3E4DB64607AEAA0A76417447CD4E6D808C138D1CE448750CC990C85CB586CF5DD0D1F38176
Malicious:	false
Reputation:	unknown
URL:	https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/e88bc255-d6b4-4f67-8eee-0315d61af2d3
Preview:	......JFIF.....`.`....."Exif..MM..........................C....................................................................C.........................................................................<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..w.Gk\|...'.I.....Vc^..........o...c......W.<5e..T...2....[.'...a..pq..}...\|..s....,~1].-"..yI.....[l...w.7..o.,..e.`4.e....zo.._k..._....m\|F?...}9......P.......O..F.a..........8...k......z_.p....K.~......y......6+.........+

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	89
Entropy (8bit):	5.252206992881218
Encrypted:	false
SSDEEP:
MD5:	2544E12C996BF24471362B93F0DA41F3
SHA1:	A86BF135AB32EFD7D71F9D608A6ADF970446E945
SHA-256:	5066B03C47885E634492DD13D9D4CD86EBB62D4B6603FA5DD249E0DA603B4F76
SHA-512:	996BD40F9124BAAF345E0F63C5FF9525FE577207B0D505AEB8F602CBB1AF522F5434A92B40B80DB2AAEAE39E44EE9370BDFB2C52DCF68E6532553C7265270D9D
Malicious:	false
Reputation:	unknown
URL:	"https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText"
Preview:	{"id":"-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u"}

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (19569), with CRLF line terminators
Category:	downloaded
Size (bytes):	52547
Entropy (8bit):	5.360332468600038
Encrypted:	false
SSDEEP:
MD5:	162890ADA98A5DEF6640BBE57DA52EB9
SHA1:	06A3D551F9718164171E7517F18577B73F13B390
SHA-256:	DA599489D3F86D69769A1D310A5E59838D7E72EAD0BCFE94851D0084318FCDC2
SHA-512:	DDA7B8F4C63FABFCA8646CC059E6B3D50298985AFEE866680106B4610ADAFA58D078AF31EA8F81C2AE9FB2AD8BC579E64B7F4EC3B23987F278ADB410E24DBBBA
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction
Preview:	/!.. linkify.js v2.1.8.. * https://github.com/SoapBox/linkifyjs.. * Copyright (c) 2014 SoapBox Innovations Inc... * Licensed under the MIT license.. */..!function(){"use strict";var n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n};!function(e){function a(n,e){var a=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},t=Object.create(n.prototype);for(var o in a)t[o]=a[o];return t.constructor=e,e.prototype=t,e}function t(n){n=n\|\|{},this.defaultProtocol=n.hasOwnProperty("defaultProtocol")?n.defaultProtocol:h.defaultProtocol,this.events=n.hasOwnProperty("events")?n.events:h.events,this.format=n.hasOwnProperty("format")?n.format:h.format,this.formatHref=n.hasOwnProperty("formatHref")?n.formatHref:h.formatHref,this.nl2br=n.hasOwnProperty("nl2br")?n.nl2br:h.nl2br,this.tagName=n.hasOwnProperty("tagName")?n.tagName:h.tagName,this.targ

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (40515)
Category:	downloaded
Size (bytes):	782465
Entropy (8bit):	5.372785999511648
Encrypted:	false
SSDEEP:
MD5:	0C6F020C2EAAA68CA998AA158720EDFD
SHA1:	C5582182A53E63DD95F2B3AA2BE10D37F86078A7
SHA-256:	A61962B6B38FBF8A4806E6F476F800520C2D0D184983D226511D180E173FBDEF
SHA-512:	CFF8CB5FF82260512A11213BDE5A538CFEF0CA428FAC1C04FD0BB3D4D366CA7F1F615DCAE553292D032C7A0A10FFBED9F021126F583B2285874CCCA47E0B5889
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction
Preview:	(function(){var __webpack_modules__={26261:function(n,t,e){"use strict";e.d(t,{Vw:function(){return h},cS:function(){return c},cl:function(){return p},gV:function(){return d},iH:function(){return v},n5:function(){return f},oe:function(){return l},z_:function(){return m}});var r=e(63061);function i(n,t){return n?n+"."+t:t}function o(n,t,e,o,u){void 0===u&&(u=4),o&&n.push((0,r.dt)("".concat(i(t,e)),o,u))}function u(n,t,e,o){"boolean"==typeof o&&n.push((0,r.UL)("".concat(i(t,e)),o))}function s(n,t,e,o){"number"==typeof o&&n.push((0,r.Kq)("".concat(i(t,e)),o))}var a=function(n){var t="Activity.Result",e=[];return s(e,t,"Code",n.code),o(e,t,"Type",n.type),s(e,t,"Tag",n.tag),u(e,t,"IsExpected",n.isExpected),e.push((0,r.dt)("zC.Activity.Result","Office.System.Result")),e},c={contractName:"Office.System.Activity",getFields:function(n){var t="Activity",e=[];return o(e,t,"CV",n.cV),s(e,t,"Duration",n.duration),s(e,t,"Count",n.count),s(e,t,"AggMode",n.aggMode),u(e,t,"Success",n.success),n.result&

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 222x125, components 3
Category:	downloaded
Size (bytes):	5725
Entropy (8bit):	7.92620627627236
Encrypted:	false
SSDEEP:
MD5:	EBF3D590FAEEE30CDF81929303672548
SHA1:	30BB5C412260A896CFE7E66FB33878452C3ACEC4
SHA-256:	868D4ADAD4D4283F069E47683B80FF579F3B00941739820B74CAF999991FCA6E
SHA-512:	C5D2F4E8D72719B30F704137E74D41C8D847126D551795B9720A627C70BC30CACBF446724290A1D958A6B06BDF116D037DFAC5C6BECA0CC7A0D53CCBBE1EBFC9
Malicious:	false
Reputation:	unknown
URL:	https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44_mo
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......}...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Z).b..Xn(.YH......SK....S. ...M..N.i\|.E..(.<.zw.G0r..*c...M>d.VEIS.M..z9.r..J..zp.})s!....9..Uh......9\..Y..c<g..E......O...........Y....Q....JBq ..q.L..6.(.....#.4..U.d.Ni.F.8..1.)......y..=..8\.jg.s..as.....9d.4....4...ir).......Z........@.d..I@.7Rn.f..~.L.(..=h...<M...P....$dF....k.5.GU.Suq,...[.?.V.K.o.:...4..p.............Z.\|.M...(....W.j.;3..

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (60976)
Category:	downloaded
Size (bytes):	91082
Entropy (8bit):	5.304507031022989
Encrypted:	false
SSDEEP:
MD5:	2F5D48A71CBEE9ABABF1C9B78B8FD892
SHA1:	65141885EE4988A9006E2D8583DBE2EB7DA2AC84
SHA-256:	629F4CC6CEA0E185B7315CDAAF59192A34C2F4AC122396C3CCAAC6A2B6A9E0E0
SHA-512:	F35147554C83DD7D9E16EF80CA414B295BE95A7C9C088B5D2D5859A678073BB2FED517BACBE76D1905D4B197592545B99569E2F53B7116AD660E195D3EFA6B61
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction
Preview:	(self.webpackChunk=self.webpackChunk\|\|[]).push([[638],{65638:function(e,t){var n;./!. jQuery JavaScript Library v3.6.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright OpenJS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2022-08-26T17:52Z. */!function(t,n){"use strict";"object"==typeof e.exports?e.exports=t.document?n(t,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return n(e)}:n(t)}("undefined"!=typeof window?window:this,(function(r,i){"use strict";var o,a=[],s=Object.getPrototypeOf,u=a.slice,l=a.flat?function(e){return a.flat.call(e)}:function(e){return a.concat.apply([],e)},c=a.push,f=a.indexOf,p={},d=p.toString,h=p.hasOwnProperty,g=h.toString,v=g.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},b=r.document;function w(e){re

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23932)
Category:	downloaded
Size (bytes):	24184
Entropy (8bit):	5.318925777353684
Encrypted:	false
SSDEEP:
MD5:	955B3780D94E04954A81D2BACA687D35
SHA1:	B3F3234B6BEB96B1B5E1AD69FA22CE398220D715
SHA-256:	9382E22FD7683906612A6416A12ECB81B1318B03CBB3A3E009A5A49687155B81
SHA-512:	1A8A349812A2EDA14636414A13F30A687FEF3F76B256EC3B361911992562F260B89C2E0E6E4FCA16EC5126A74792148B86E9C09AF000E294660E3361FC601E07
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[264],{22184:function(o,e,r){r.d(e,{D4:function(){return m},K9:function(){return t},O8:function(){return d},YR:function(){return i},cL:function(){return l},el:function(){return f},f8:function(){return p},pP:function(){return c},t3:function(){return n}});var t=.5,i=1.5,c=4.5,n=3,f=1.5,a=[{BackgroundColor:"#eee6f2",BackgroundImage:null,Name:"CV_HBG_Professional",PrimaryColor:"#21052e",SecondaryColor:"#0f0214",Thumbnail:null},{BackgroundColor:"#e6eff2",BackgroundImage:null,Name:"CV_HBG_Friendly",PrimaryColor:"#185b75",SecondaryColor:"#13475b",Thumbnail:null},{BackgroundColor:"#e6f2eb",BackgroundImage:null,Name:"CV_HBG_Playful",PrimaryColor:"#237547",SecondaryColor:"#1b5b38",Thumbnail:null},{BackgroundColor:"#f2ece6",BackgroundImage:null,Name:"CV_HBG_Relaxed",PrimaryColor:"#68503c",SecondaryColor:"#4f3c2d",Thumbnail:null},{BackgroundColor:"#e6ecf2",BackgroundImage:null,Name:"CV_HBG_3DMolecules",PrimaryColor:"#416083",SecondaryCol

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29782)
Category:	downloaded
Size (bytes):	30016
Entropy (8bit):	5.358356223830344
Encrypted:	false
SSDEEP:
MD5:	C84F161AC3232BC00553A19A9043D7A2
SHA1:	7487D80415B1E1EBE3B1454CE6B8EAC1701E4550
SHA-256:	E0362CF9EE3665EA471A69CF31D723630899D6CF8F0A907655B32578C690262D
SHA-512:	7CC9856D975B55E24B984CC3C63D5FC4BBCDA3AF0DC695CDDB79B8AC6D51582A60552EE766B380C1730C4D789FCA1554548C3532174989AA231879ED379CFFEF
Malicious:	false
Reputation:	unknown
URL:	https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction
Preview:	"use strict";(self.webpackChunk=self.webpackChunk\|\|[]).push([[824],{7728:function(e,t,n){n.r(t),n.d(t,{initializeTelemetryLogger:function(){return $e}});var i,a=n(92560),s=n(63061),o=n(60211),r=n(5809),u=function(e){for(var t=[],n=1;n<arguments.length;n++)t[n-1]=arguments[n]},c=n(10836),l=n(5699),d=n(59312),p=n(26261);!function(e){e.DataClassification={EssentialServiceMetadata:1,AccountData:2,SystemMetadata:4,OrganizationIdentifiableInformation:8,EndUserIdentifiableInformation:16,CustomerContent:32,AccessControl:64,PublicNonPersonalData:128,EndUserPseudonymousInformation:256,PublicPersonalData:512,SupportData:1024,DirectMeasurementData:2048,Everything:65535},e.DataFieldType={String:0,Boolean:1,Int64:2,Double:3,Guid:4},e.SamplingPolicy={NotSet:0,Measure:1,Diagnostics:2,CriticalBusinessImpact:191,CriticalCensus:192,CriticalExperimentation:193,CriticalUsage:194},e.PersistencePriority={NotSet:0,Normal:1,High:2},e.CostPriority={NotSet:0,Normal:1,High:2},e.DataCategories={NotSet:0,SoftwareSe

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 101

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ