Windows
Analysis Report
https://gcv.microsoft.us/kgRWagmalJ
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 2728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// gcv.micros oft.us/kgR WagmalJ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6148 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2156 --fi eld-trial- handle=198 0,i,153494 1957884815 7663,12396 0891345420 83967,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
eafd-3p-profile.usgovtrafficmanager.net | 20.141.12.34 | true | false |
| unknown |
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net | 52.127.240.65 | true | false | high | |
www.google.com | 142.251.167.104 | true | false | high | |
customervoice.microsoft.us | unknown | unknown | false |
| unknown |
lists.gcc.osi.office365.us | unknown | unknown | false | high | |
gcv.microsoft.us | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
20.189.173.8 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.16.100 | unknown | United States | 15169 | GOOGLEUS | false | |
20.141.12.34 | eafd-3p-profile.usgovtrafficmanager.net | United States | 8070 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.182.143.213 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.111.94 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.167.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.163.113 | unknown | United States | 15169 | GOOGLEUS | false | |
52.127.240.65 | osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net | United States | 8070 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
52.127.240.59 | unknown | United States | 8070 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.16.94 | unknown | United States | 15169 | GOOGLEUS | false | |
172.253.115.84 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.17 |
192.168.2.16 |
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417073 |
Start date and time: | 2024-03-28 15:25:53 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://gcv.microsoft.us/kgRWagmalJ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@14/30@12/136 |
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.16.100, 142.251.16.139, 142.251.16.101, 142.251.16.138, 142.251.16.102, 142.251.16.113, 172.253.115.84, 142.251.111.94, 34.104.35.123, 52.127.240.59, 20.189.173.8, 52.182.143.213
- Excluded domains from analysis (whitelisted): browser.events.data.microsoft.com, onedscolprdwus07.westus.cloudapp.azure.com, clients2.google.com, onedscolprdcus16.centralus.cloudapp.azure.com, accounts.google.com, edgedl.me.gvt1.com, gcc.lists.osi.office365.us.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9827603721574087 |
Encrypted: | false |
SSDEEP: | |
MD5: | AB117E091586732C86AECE1EB1ED9157 |
SHA1: | 924BBF11C31C68BA64266CD2D6769FC7E6AB7944 |
SHA-256: | E7A4B8884C03722394162A5D731DCF3EFA42F4EC46F1B903A532C944A342C390 |
SHA-512: | D47F462FAD20B6A2897D745776D1FD95EA3F2BCA0CDBCDEC18974A4AEA079C805BE425490B2E9568312C8AA9785AC453C4A133C48F6DC3E0B90846A0A3082D1A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.999626245218753 |
Encrypted: | false |
SSDEEP: | |
MD5: | 882AE387AE3E808E374B1961DBA888A8 |
SHA1: | 452F9F3A62A3EF9549C466A496BF1C03FCDDB99F |
SHA-256: | AE3427668FD6EBA340D37682E2FC1424218180699768B9A4A4E14A313CAE374F |
SHA-512: | 8D841848EF931F7D19732D2A29D1341B541F3A9EE975938E72FCC70ABEC1A0BDE099DEA9322B0FF87D8277F6BD7A83C8F336B0ED088535C3F7970F26C22CC1B2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.008022202313745 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2EF72EBB6F39982CFEF7CF9673555280 |
SHA1: | DA57451E88EEA4FD0D6524833D650A999782EC01 |
SHA-256: | 5E297A3540181F785D695252CF107B554BFBB7F924B6AB60C31B77F565FEB8FC |
SHA-512: | 65CE336B76C62E5AC3DB969B88F1C0354048146002165193D63559DAB62496C6C427AD9D0F95F6498D087A3B34AD78ADC0462C2F7F5F3517D05C828B9FD69E06 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.998469907220674 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9F3659A175F0A2960BC007E6E3EE556C |
SHA1: | 489A1759AD602DDE0AB097418300E82B7C88E60E |
SHA-256: | 215F4CA23166248D5C83D27409F7F1751BE3DE77DBB4DFF2C50E2113AEEA85F9 |
SHA-512: | 2134C9761C5FB7AB3E1F34FE34DF834F0A6C014B763BD220B7B98E307CC5922A2D6376D27613783C8D5C531A31844306F8A44A6554D4A0E1497830B6BE9F3200 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.988067919020201 |
Encrypted: | false |
SSDEEP: | |
MD5: | 27EC0CBDFFBA85B1B6E4AF157D11B9A7 |
SHA1: | 707618105326448B3EAE99197D4B06E1D6982D2A |
SHA-256: | 01211EDAD081CF18F754AFDD88045A3E4863CC144D684DF2B19DF054BB028397 |
SHA-512: | 69EDA40972D0B54E37B2680F616154210C635236546CC6312387ED4F48F7AE2299772036E143653636940915F1E4CBC92699807750130A007471DBFB2E9EA26E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.999133654748524 |
Encrypted: | false |
SSDEEP: | |
MD5: | 07B67B9735DFD5C8001E51C6CAD56709 |
SHA1: | D2B413C4ECA2BF9B1A1978109DD8F43B8D2512BD |
SHA-256: | D210E882EE8BB77EAC46D8520A3DAFC477731D12F02B4DC04F42323E82160760 |
SHA-512: | B0E08B77DDE14385978CBDF51BC3B81D4EBD55108475A7EF7F6A82ACD3B2756659708C17ECD6089C9B4995C3AB708C391AA6CC5E6CAAA6B604CF7877C02636BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4286 |
Entropy (8bit): | 5.790142327810594 |
Encrypted: | false |
SSDEEP: | |
MD5: | EE2B357FA5FBA69AF238168E3A1A27E1 |
SHA1: | B5DD4606BEDBF1D705A01F833802248E03D01518 |
SHA-256: | 0FD813BAE48835570858A2508D9C29900B8A4CDDEBFF4A250E79AD12F8ACBDCB |
SHA-512: | EC00810F1DAD54D6036359386C7A205953CF1E8F81909471376EA7F77786BAABCF2EBB37A68CEB63531147A92080195EF64D93FE750380038E0AA00797DFCBDA |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/FormsPro/Images/CustomerVoice/CustomerVoice.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2764 |
Entropy (8bit): | 5.353085253295088 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D91B187A32745D330A2077FDADD872B |
SHA1: | 055D7BB0CF69E295C06346221B784359FA9199E2 |
SHA-256: | 2453F3D239A982DCF75B5DFA55261BC8BF77D04591F331847784AC4982E62F7E |
SHA-512: | D05DB41A901DA52397F7EC77E72B5D68697F45DA6505A29EFE26443DB299FFE5F29EB4C9E8FF4F67E327A8EEB385B83D0BB94BE3F28CFC78BD0F4A770CB0307E |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 213684 |
Entropy (8bit): | 5.088778087762516 |
Encrypted: | false |
SSDEEP: | |
MD5: | 416B512C6FF81B7E3BD675E455905146 |
SHA1: | 9F96EE2E55FDBED40B31BE7C24A97008A044404B |
SHA-256: | C400728CA705268C42BAFCADB6FD5E3AEA844F950E145C6F7E835D08E4C22259 |
SHA-512: | 4875EEE2972328A6653F3A83AB354647B74FA445E4E075C3D2651E453DDEC2967737626CD0E0BCC5D39A116F4C31AC20E5A58E03196382DB43B8E6269D3BF1A8 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17 |
Entropy (8bit): | 3.4992275471326932 |
Encrypted: | false |
SSDEEP: | |
MD5: | AF469AC6ABAAF7DA1ACC59F7292E6671 |
SHA1: | 75ACAD50ED8287D26D5EA2C7380B09B6095DA453 |
SHA-256: | AC8EA734A33366EF42F62398D95B4A9D912043522CF945405FD691F7AA342FED |
SHA-512: | 7422A346D1B74D672EB6DBEC85D63F3A6D8C394FA8318F128E9594469DFC4FDEAA190DE5426224BDB1B77C53E73CD29BA8A42780683B6B586C717F4AB3D8CE02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9175 |
Entropy (8bit): | 5.3778692100555245 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9F55861B9708E3CF188D3E5F7BF794B1 |
SHA1: | 15AB48D729C9BCEE6E6FACD0D72893349549234B |
SHA-256: | 1769634A0DB9D0C9411EC0974DBF7F42BDE8C4AD538BCFEDFBB03DB48F89EF57 |
SHA-512: | 599FC9340FE2A43FF9425ED15F883CD57A66E3E2088BF5748AFC0822328F7BB19707BC371F76B96AB56AEFF597CB96B44117C86F74678186DB12D814CF8C18EF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 14434 |
Entropy (8bit): | 5.41253474392622 |
Encrypted: | false |
SSDEEP: | |
MD5: | 39FE53EB9274BE422813B6756D3951E8 |
SHA1: | 5E7E1AA6347DD66A7B52BB3AC94EC50BB0BEC9E5 |
SHA-256: | E91EBC90763C7B778FC6FD26FC0524D9D8584DE71A1A6E2ABB6D54492D3472D8 |
SHA-512: | AFD23FA265FBE11DFF9750901524E272E6261AFBDE6B680C005F67BCBBBF8F3D96E594D4C7381C6652BF1E70871AE37C5D0D9B4F084AAAD0E5D377645CC12227 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 159491 |
Entropy (8bit): | 7.972237230603438 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3ED3B2FB3E64AFC87CF38EE4BB74A415 |
SHA1: | 488783638E3D903C1B890876AF57264036B85D22 |
SHA-256: | 39E9110E7481C09A6C3DD85AC244848BE1517E17BC109852C12B062BA8F0C881 |
SHA-512: | A723182EBD451E7091216DCD64B269305CF5F2C447464F90A7C989A3DD345FA5EF6AD590439CF3E92B4923118FAEB4C589B9E1908834924FA2B2424796CA20B4 |
Malicious: | false |
Reputation: | unknown |
URL: | https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 63334 |
Entropy (8bit): | 5.118629744435472 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F2B6883DF506FA11029D1E46167C453 |
SHA1: | B0F9C2613CC01C3EE9B10F12E298CC815D149A05 |
SHA-256: | 9FFB74A4DFB18D0DD5132133F104C008A15540DA87EF94A41F7B4C542D7F03C5 |
SHA-512: | 9E03ADD5BDE740B30434CC44F0A120E5D7B8AFF97CC9CF464FC3122CA5502DE2E36CC46113D2E9F11A6FE65283A0E0461F57393DC3346AF06C4427EBF88956D2 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 106570 |
Entropy (8bit): | 5.4234875389706785 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0627D9EF086A17447095E99090FD9AFA |
SHA1: | 584B355FA3F176BF0658A87C6267D0B95F3CA34A |
SHA-256: | B2A2FBED29B3EE7A0BE695ADC0A7C45C7EFAE9F958030D77E0944A9C9C7672D2 |
SHA-512: | AF41386B0CF7ED67C7FAF0D9A96C8C6DAEF83EEE8337DEBCABC1FCBC17A26E80E142E1BF5D55A8163BF1B187B429810AB9AA2F3F02CEA3FC2BD781E6A3589E4E |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3420 |
Entropy (8bit): | 4.770180438067068 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0F7CCE9368A5285559D7EF3E641F18A4 |
SHA1: | 0E25DA9ABEC63112710CAEB14123215D24A84876 |
SHA-256: | BC1832CD33B67E74FE000BDBCADB002EB3B6D47F403CD56972545898474EAF0F |
SHA-512: | 7602E887F299D9A5CC35844755AB7F2012CA782B2ADCC489DB28CF3B9F7540D6D800139B92CCC3475933890CD36F1BB576B5CAE5E5437C99D8B16DCDD15B1F30 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9227 |
Entropy (8bit): | 5.377630791385411 |
Encrypted: | false |
SSDEEP: | |
MD5: | 36E785EAB8C0489434AD4391C962B03B |
SHA1: | A99D3AE16972DBCDB95B56DD858E258EA01A63F1 |
SHA-256: | 2F48A1A0FEDEDC88FA71774F4F7D6C05A3E082F5892143BAB490C2E4BE9B6A95 |
SHA-512: | 7A2CDC124912A3F1F85CEFB2F97DF3FEDD3B3751DDF4B9A40E6343DFEE59CEE77B1760CF9AD2F2631FBD97DBD2842F93B8F71FBAA13FADD08169D19DDA540CDE |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 369103 |
Entropy (8bit): | 5.381338995618774 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6E9386843C22345A256F324692D627F2 |
SHA1: | FEF7FADB3A27032695AAB726682A340D583BFC51 |
SHA-256: | D40E9F33813211AA5DFABEEBF4A1571D488E56878954DE4D513A25B3525B3988 |
SHA-512: | C90E8A26A10AFA84C74C1D4828466E75D0FB24E826BB984EE0C50C96E44488031D4F43068614559A77967BE58E63E5BB12D3BF0999F763725BC7E1C0BF75C6BB |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 106748 |
Entropy (8bit): | 5.6788269547528785 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4D5CEEE45615E16FF9E5B59F07F06782 |
SHA1: | 0117F6F4AAE69E34983830D95B99D240778EE2F0 |
SHA-256: | 6FADE40437BEBEE439457D5683A1F6EAD708562697E7AD2F0C7A2148BC73F34E |
SHA-512: | C74EBAEA4F1D9F8575E3931DBFCE3D427B07D265A772C8B1E986A1A07759CB30F516280EE018BEC2E126F4DD027BE47C121004267BAE903F8EC57CCBCA92D812 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 102484 |
Entropy (8bit): | 5.3424671715330785 |
Encrypted: | false |
SSDEEP: | |
MD5: | 62D1545FCE12E0397582E4D900A89EFD |
SHA1: | D4B3BE160044C01E25B12F76973760386CEE2CA2 |
SHA-256: | 8C677EE4A629FA0473A019BBA10B46E8BE2FD926705E2649BC743BD97839C57C |
SHA-512: | E9DAC464E3678527ECFBEF8496BDA12C0F8FB34F055414C53B49D484DB734C81D74743838FD9D16BC7B6BE117E24F861F58E0970E00E8FDA4EAAD77A25A457BD |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/cdn/scripts/dists/telemetry-worker.1.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 108465 |
Entropy (8bit): | 5.40389353056747 |
Encrypted: | false |
SSDEEP: | |
MD5: | DA69DB81907CC110600C8989D38BB9D5 |
SHA1: | 1CA81D11BCF858BC2774FD6C5414D83F06618406 |
SHA-256: | 1D95A437A2BF9545D8B862A9C7CF8E8B9A38D6520258BCBED8BE63EB54455689 |
SHA-512: | BEF9FBCA4CB8F05615E8BDE3AE20BEE9F052129BF62FB82A5ED7C289ECB04704754A5A32E481DC4343FF276228CC0FCC683CF817D948B9BDF85C50A006ADBA72 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 39813 |
Entropy (8bit): | 7.6964344998051875 |
Encrypted: | false |
SSDEEP: | |
MD5: | E71534E10B1241216874F6C9FAEAD237 |
SHA1: | 55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD |
SHA-256: | D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003 |
SHA-512: | 757FE3CD0810AD020227C42A8D1603185A677C92E5231E4E2B8A3E3E4DB64607AEAA0A76417447CD4E6D808C138D1CE448750CC990C85CB586CF5DD0D1F38176 |
Malicious: | false |
Reputation: | unknown |
URL: | https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/e88bc255-d6b4-4f67-8eee-0315d61af2d3 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 89 |
Entropy (8bit): | 5.252206992881218 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2544E12C996BF24471362B93F0DA41F3 |
SHA1: | A86BF135AB32EFD7D71F9D608A6ADF970446E945 |
SHA-256: | 5066B03C47885E634492DD13D9D4CD86EBB62D4B6603FA5DD249E0DA603B4F76 |
SHA-512: | 996BD40F9124BAAF345E0F63C5FF9525FE577207B0D505AEB8F602CBB1AF522F5434A92B40B80DB2AAEAE39E44EE9370BDFB2C52DCF68E6532553C7265270D9D |
Malicious: | false |
Reputation: | unknown |
URL: | "https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52547 |
Entropy (8bit): | 5.360332468600038 |
Encrypted: | false |
SSDEEP: | |
MD5: | 162890ADA98A5DEF6640BBE57DA52EB9 |
SHA1: | 06A3D551F9718164171E7517F18577B73F13B390 |
SHA-256: | DA599489D3F86D69769A1D310A5E59838D7E72EAD0BCFE94851D0084318FCDC2 |
SHA-512: | DDA7B8F4C63FABFCA8646CC059E6B3D50298985AFEE866680106B4610ADAFA58D078AF31EA8F81C2AE9FB2AD8BC579E64B7F4EC3B23987F278ADB410E24DBBBA |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 782465 |
Entropy (8bit): | 5.372785999511648 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0C6F020C2EAAA68CA998AA158720EDFD |
SHA1: | C5582182A53E63DD95F2B3AA2BE10D37F86078A7 |
SHA-256: | A61962B6B38FBF8A4806E6F476F800520C2D0D184983D226511D180E173FBDEF |
SHA-512: | CFF8CB5FF82260512A11213BDE5A538CFEF0CA428FAC1C04FD0BB3D4D366CA7F1F615DCAE553292D032C7A0A10FFBED9F021126F583B2285874CCCA47E0B5889 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5725 |
Entropy (8bit): | 7.92620627627236 |
Encrypted: | false |
SSDEEP: | |
MD5: | EBF3D590FAEEE30CDF81929303672548 |
SHA1: | 30BB5C412260A896CFE7E66FB33878452C3ACEC4 |
SHA-256: | 868D4ADAD4D4283F069E47683B80FF579F3B00941739820B74CAF999991FCA6E |
SHA-512: | C5D2F4E8D72719B30F704137E74D41C8D847126D551795B9720A627C70BC30CACBF446724290A1D958A6B06BDF116D037DFAC5C6BECA0CC7A0D53CCBBE1EBFC9 |
Malicious: | false |
Reputation: | unknown |
URL: | https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/TA6WWQ8PGWAHV6JWR9SX5GB2A4/6685daff-ccf3-485c-b628-8e1f6f534e44_mo |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 91082 |
Entropy (8bit): | 5.304507031022989 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F5D48A71CBEE9ABABF1C9B78B8FD892 |
SHA1: | 65141885EE4988A9006E2D8583DBE2EB7DA2AC84 |
SHA-256: | 629F4CC6CEA0E185B7315CDAAF59192A34C2F4AC122396C3CCAAC6A2B6A9E0E0 |
SHA-512: | F35147554C83DD7D9E16EF80CA414B295BE95A7C9C088B5D2D5859A678073BB2FED517BACBE76D1905D4B197592545B99569E2F53B7116AD660E195D3EFA6B61 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 24184 |
Entropy (8bit): | 5.318925777353684 |
Encrypted: | false |
SSDEEP: | |
MD5: | 955B3780D94E04954A81D2BACA687D35 |
SHA1: | B3F3234B6BEB96B1B5E1AD69FA22CE398220D715 |
SHA-256: | 9382E22FD7683906612A6416A12ECB81B1318B03CBB3A3E009A5A49687155B81 |
SHA-512: | 1A8A349812A2EDA14636414A13F30A687FEF3F76B256EC3B361911992562F260B89C2E0E6E4FCA16EC5126A74792148B86E9C09AF000E294660E3361FC601E07 |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 30016 |
Entropy (8bit): | 5.358356223830344 |
Encrypted: | false |
SSDEEP: | |
MD5: | C84F161AC3232BC00553A19A9043D7A2 |
SHA1: | 7487D80415B1E1EBE3B1454CE6B8EAC1701E4550 |
SHA-256: | E0362CF9EE3665EA471A69CF31D723630899D6CF8F0A907655B32578C690262D |
SHA-512: | 7CC9856D975B55E24B984CC3C63D5FC4BBCDA3AF0DC695CDDB79B8AC6D51582A60552EE766B380C1730C4D789FCA1554548C3532174989AA231879ED379CFFEF |
Malicious: | false |
Reputation: | unknown |
URL: | https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction |
Preview: |