Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://thermal48828442111.dorik.io/

Overview

General Information

Sample URL:https://thermal48828442111.dorik.io/
Analysis ID:1426622

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
Found iframes
HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://thermal48828442111.dorik.io/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,2263491761048382112,76699249405168702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.1.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    1.1.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      2.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        2.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          1.1.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 3 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Phishing site detected (based on favicon image match)
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueMatcher: Template: microsoft matched with high similarity
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Matcher: Template: microsoft matched with high similarity
            Source: https://mu6x8jsy4tg4hyzku692gd69.from-il.comMatcher: Template: microsoft matched with high similarity
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 1.1.pages.csv, type: HTML
            Source: Yara matchFile source: 1.1.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 1.1.pages.csv, type: HTML
            Source: Yara matchFile source: 3.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Phishing site detected (based on image similarity)
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: Iframe src: https://ywnjb.mu6x8jsy4tg4hyzku692gd69.from-il.com/Me.htm?v=3
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: Number of links: 0
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: Number of links: 0
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: Title: Redirecting does not match URL
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: Title: Sign in to your account does not match URL
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: <input type="password" .../> found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No favicon
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="author".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="author".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="author".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="copyright".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488599852540419.MGRhYTE2NTYtYzRjMy00NjkzLWJhNTAtMTAwMTk0ZTBhYTZhYTRlNGZiMjktODY5NS00ZWI5LWEzMTktNzVjNDAzOGZmYjZl&ui_locales=en-US&mkt=en-US&client-request-id=f37cea0f-fed3-449a-bf09-ca927d6acd9d&state=-SxyTnloAyBMEyu7N26oe5mRmODzyUEtA88amp-S-MEDem4T9DbGQvtVBA9X5q-3UjtAwdUYL53NVzO2SCghDXP08DKfM_z8pKy2IZEOXkkM0UXTeSHzxzYauCps-MAsP6jssylY7Bh2ErwpzdFwgFQUDXeVOwjVf-rguEsnWIziio9nlgzq0SA6z0abIUu2JAhFuiYxqZUxw69ms2Oz-6-yDsguFAZ6muVNDQW2fuoeVXw_fiW-tX0dqTyRFNFGyyTzeFai8a_51GskDgAnGQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="copyright".. found
            Source: https://login.mu6x8jsy4tg4hyzku692gd69.from-il.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638488600056288867.ZGNjMTgyMzItMGM5MC00NTMwLThkMWItNzAzOWVlMGNjZGI4YmVkZWZmZjQtYzZiYi00OGMwLTk2Y2UtM2FhN2I0ODFhYTlm&ui_locales=en-US&mkt=en-US&client-request-id=dff6d2c0-6c10-4705-891e-129066e42201&state=1yZl_o9ImgqYQl5Pqic8hT6XDxwXipxarKJTfEsl0P1mZCiDZdtbbkjSYQk277kVVV_10ioqHXCBQ-1sRkD9OKizoRI--xm6SyQB2W612CUmrc3V-6wRJVSGVSg-P_MsHQIUkOApXP58EI-dzAEr0OBpClLUb1MNrk_Gz6IMk7WpXyzyV3e79Tvaox3B4Kf6XsaXqWuJVTJLJ0i9rWoKwuVbr75wtzp8nFxTb5vYXVBlNRgIlUk62c7M8ubHTimiAe4U6cgy1e8vZZZP05rYtA&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.16:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49778 version: TLS 1.2
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 23.36.68.63
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownDNS traffic detected: queries for: thermal48828442111.dorik.io
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.16:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.16:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49778 version: TLS 1.2
            Source: classification engineClassification label: mal60.phis.win@17/32@24/70
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://thermal48828442111.dorik.io/
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,2263491761048382112,76699249405168702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,2263491761048382112,76699249405168702,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://thermal48828442111.dorik.io/0%VirustotalBrowse

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            cdn.dorik.com0%VirustotalBrowse
            fonts.cmsfly.com0%VirustotalBrowse
            aadcdn.msftauth.net0%VirustotalBrowse
            cs1100.wpc.omegacdn.net0%VirustotalBrowse

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            a.nel.cloudflare.com
            		35.190.80.1
            		truefalse
              		high
              mu6x8jsy4tg4hyzku692gd69.from-il.com
              		185.108.115.39
              		truefalse
                		unknown
                cs1100.wpc.omegacdn.net
                		152.199.4.44
                		truefalseunknown
                fonts-lambda.b-cdn.net
                		185.152.66.243
                		truefalse
                  		high
                  www.google.com
                  		142.250.105.106
                  		truefalse
                    		high
                    thermal48828442111.dorik.io
                    		104.21.59.28
                    		truefalse
                      		unknown
                      part-0012.t-0009.t-msedge.net
                      		13.107.246.40
                      		truefalse
                        		unknown
                        dorikcdn.b-cdn.net
                        		185.152.66.243
                        		truefalse
                          		high
                          l.ead.me
                          		13.33.4.4
                          		truefalse
                            		high
                            ywnjb.mu6x8jsy4tg4hyzku692gd69.from-il.com
                            		unknown
                            		unknownfalse
                              		unknown
                              login.mu6x8jsy4tg4hyzku692gd69.from-il.com
                              		unknown
                              		unknownfalse
                                		unknown
                                aadcdn.msftauth.net
                                		unknown
                                		unknownfalseunknown
                                cdn.dorik.com
                                		unknown
                                		unknownfalseunknown
                                fonts.cmsfly.com
                                		unknown
                                		unknownfalseunknown
                                www.mu6x8jsy4tg4hyzku692gd69.from-il.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://thermal48828442111.dorik.io/false
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    185.152.66.243
                                    		fonts-lambda.b-cdn.netSlovakia (SLOVAK Republic)
                                    		60068CDN77GBfalse
                                    74.125.136.94
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    1.1.1.1
                                    		unknownAustralia
                                    		13335CLOUDFLARENETUSfalse
                                    74.125.138.139
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    13.33.4.4
                                    		l.ead.meUnited States
                                    		7018ATT-INTERNET4USfalse
                                    152.199.4.44
                                    		cs1100.wpc.omegacdn.netUnited States
                                    		15133EDGECASTUSfalse
                                    142.250.105.106
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    104.21.59.28
                                    		thermal48828442111.dorik.ioUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    35.190.80.1
                                    		a.nel.cloudflare.comUnited States
                                    		15169GOOGLEUSfalse
                                    74.125.138.84
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    185.108.115.39
                                    		mu6x8jsy4tg4hyzku692gd69.from-il.comNetherlands
                                    		58224TCIIRfalse
                                    172.217.215.95
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.16

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1426622
                                    Start date and time:2024-04-16 12:25:36 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Sample URL:https://thermal48828442111.dorik.io/
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:12
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal60.phis.win@17/32@24/70

                                    Warnings

                                    • Exclude process from analysis (whitelisted): svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 74.125.136.94, 74.125.138.84, 74.125.138.139, 74.125.138.113, 74.125.138.101, 74.125.138.102, 74.125.138.138, 74.125.138.100, 34.104.35.123
                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                    • Not all processes where analyzed, report is missing behavior information

                                    Created / dropped Files

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 09:26:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2673
                                    Entropy (8bit):3.9788777493722587
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5ACF7ECD1AD83799752A5353486F82F8
                                    SHA1:97A581A3138722054AD35152AF6EDB6826ED4E1A
                                    SHA-256:8CD33654BFB2C1F75EEA82B3F5C6DD246E4DE73992E1C21558EAF9FDB8F613D5
                                    SHA-512:096AC9C5A1382506BCF0A29FC64D0F60AD682FC89C09AD215BCF00210D0BAF3579957D2049B82396F7328FEB834FD3E79EEDA1365B3D168E62D68DBA6A1F00B0
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....?.~...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XDS...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 09:26:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2675
                                    Entropy (8bit):3.996369532927388
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:80C29FABFEDF7BCEF28B94D2C5FCC691
                                    SHA1:1DA77CB3A883F8D258868C71C56546781B90021E
                                    SHA-256:D82F3B510919459ADDCF752106967883A0562262C4893FC2A131A28F87D32AA1
                                    SHA-512:6DD9ED161BAC4CB58A12B8702F46DAEE954AE775C46623CB3195EBBEE492CD9ABA58A634FE9A2665DC549FDDD37CCB05CB1FBC2CE552F1F7CBD299CC09C1CDCF
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.......~...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XDS...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2689
                                    Entropy (8bit):4.002151704249708
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:ECAE4A2605192F89E318BA938F2757FC
                                    SHA1:98D86D53BA517ECF34D5745A7607E37F8FA57B0A
                                    SHA-256:4D9172CD09D256B7B25F66FA3C0B3E532A5A172CE9D5231FC4D753927E80E6BB
                                    SHA-512:2285DA65A4FC81B1766F254A8212926829FB4EFDF9782A57E4F64E18C25CD40228265A31AF39CB97E8537BAB331815D6541E7BCB9FB95700ED2E4A0E4D4BDBC1
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 09:26:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.994317577632476
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A862F68419D108A8424C77DA79BC31DD
                                    SHA1:72D7BCA21D67A44D266D1AC3F4FC7CCEC46A0253
                                    SHA-256:AF813F6726108F51818F84C2FF1B527133478FB756753DDE2B23259715A3E16A
                                    SHA-512:1BEAF11F5F44B3AF2D5E3E1FD093C6FE6BD59DC5F42DA5EA9721F81BB76F1081622F77FE84A4D09C619A05585E476C0A01006E28B7AE6FFD2A63B521FB5A3ABE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....zv.~...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XDS...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 09:26:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.9807341494117967
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F29EAFD45D26FD9EF7555B4D95071265
                                    SHA1:25078AE8AB03DEBD027261CB62D1A0041A7209AD
                                    SHA-256:2F72011A1C6ED058C6B65FC4034E800E197313862C96B5B1DDB1D8DECEAED7CB
                                    SHA-512:1715EB66687599DD66F88D0FCD5FA592131CCFD9EEAF030462FA22A94EA9E24FB82FE4290356D03E58FD45EB7F874C39DEB3CA2BDA2387BF7D4ED4B22CB29B92
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.......~...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XDS...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 09:26:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2679
                                    Entropy (8bit):3.9896899161250703
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0255DBA5272E047F46ED2EC06B7FEEB6
                                    SHA1:2BD7AEBA4288D184CEB866BC843B08D2F6D1484D
                                    SHA-256:0937E0E386B58FBD6157495AA9F2495A914AE925CF4D6BDA75D729616E5EFC00
                                    SHA-512:6CD4F3C5A464537F6D08796AF1B73FFC850B9D88009EB11C25B3BE6D1706259EBE9CB65D06A1263E5A09E7A888E61A717AB381D39558E46A6BCD68453358A856
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....td.~...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X8S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XCS....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XCS....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XCS..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XDS...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.o.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    Chrome Cache Entry: 102

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (64616)
                                    Category:downloaded
                                    Size (bytes):443943
                                    Entropy (8bit):5.4497506035235626
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C6D3D10C4CB71219407698EEF8087BAB
                                    SHA1:3240590749D7276B00DCF485B72FA78F4F7F3D2E
                                    SHA-256:F142A844212962C2D1A2CE2ED38B74D60063B52FBF92BAC48FA3C8979E2E6052
                                    SHA-512:C06F649CED30739E23DD7A0ABAF27521BF7ADD6F6C3332515BA361BCC6761676EC0E165D1081075C35842F7C45FE08D58318A5CF116ACD6F98D5DB0DF7324A74
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_xtPRDEy3EhlAdpju-Ah7qw2.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                                    Chrome Cache Entry: 103

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 75532, version 1.0
                                    Category:downloaded
                                    Size (bytes):75532
                                    Entropy (8bit):7.996551944824285
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:0BEF0D43A3921B965A2F986950F8112B
                                    SHA1:169E84402D3DE4640F8B77F9A80F226426CC36FC
                                    SHA-256:FD8DE0D24780F0FEA766715F9BF54EE68D929DED62493DEFF71CF87C1A377F03
                                    SHA-512:5377A7B6EF9A78C683A8B4FBD277B3DBBBB2C14325577B968FCEB8876899A3E0EA62BA07DF0E07019DED7613F095CCD50519DC3CBBED41DF807C4B84C4F0A0A9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://fonts.cmsfly.com/file/s/notosans/v36/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5aPdu3mhPy1Fig.woff2
                                    Preview:wOF2......'.......0X..&...........................P..n.`?HVAR.8?MVARP.`?STAT.N'..../l........&....0..@.6.$.... ..J..2[..r&. v...~.6.x]qS3_W.a.v.]..<d...+.1.p;@.b........IC.2.j..m. ..{.....s.s .C..@A..HS.....%..}..UV..I.EnJ...*n8..B...ev..."L.b.....Z..I..D.rZ.i...q.S.....M.w.Y.{.mv\.#C.....6....r.g.z..Oi.........GI.#NP8.?..._..E...7Y...8:.#.....z......C....w.*.D...<.X....4......s.]..R../S....Rm..K5..^... 7.u...:......).G..W...Nm`O..j.c..XP..p.y.....S.<....(.4b...>iB..?...!.4b.W..r....z.......E.d.....F..H..uw.Ux..u6.u..}x.g.Ez..l.#.".6b7.Fb .CE...@.1....V.....X.o.._......_..}....=&30.?k....NlR...r..b.....N.r......z7.g....kf.T>...(....W.k.u[S.....c.|YD54..C...P.]..*.8l@.,n...Fu..Hb[8......_..=@.g...C.o.oKm|EvC.J...?..")wR.I.}....d...g'.....V....7W.w..,.T....9."?...g.....:..s'.t.>.v.........][...^h..IG..@E.J......4l....Z...n.?0-?..=.(,..!..y..;.......>...{.....+g...P..U.4..g..$....' . j......#..p.].. ......8....J.PRk......g....%.T@..5..T....eO

                                    Chrome Cache Entry: 104

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 23564, version 1.0
                                    Category:downloaded
                                    Size (bytes):23564
                                    Entropy (8bit):7.991511594538588
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:EC7AA7073A767F310A406F4B770915EC
                                    SHA1:697254718422A3040F31EB998BFEF0A91C0AC4F3
                                    SHA-256:80303D7FBA1A41C684F1E6D5DCB015BF6E087DFBE45F8D9D8F38972E84ADC174
                                    SHA-512:E134589E97813649664D5D55E6889D03BA25376341B60F4445B03A066ED2D90A3248C972397D82EFD1C0ED12FB9B851C7CF8799C4D192F9B34113FCCCD2A0DA9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://fonts.cmsfly.com/file/s/notosans/v36/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a3du3mhPy1Fig.woff2
                                    Preview:wOF2......\...........[..........................(..r...?HVAR.g?MVARP.`?STAT.N'...~/l......_..@.0..P.6.$..|. ..J..b.q...g..PO..{.m..".C..m.(.Y&........{P....d.P.1.Zv..S.^#..Ur.9.....++..7."...&..B?.h...m.".G0.#l.R.R..........}<k...7...g....w.+..].c.....:..v....u..8g..$m.....t.-.....&.'..\....21d..B3D..@.@.(1.j.@.e.....a!b..Ij...jg......~N....@g.y6|n..*.k.........+......d.u"J....bF. Z..;..w..J....T.........f.Y...Y...<..1.?.....VeQ8...Y.U..........{..k.I........y..{. ...2M.=5/.......S..:.W..@.j...#.....9...({J..{..6k...g\[Sh;.....`.;...a..l.c..E~....~]..GDH.XU.....B.l.`.I`..mK..%...n.N/.G..2.Z....T.;.wM....><.$y........|.$.0..'...B...1....n&.l...q^>A.> ."+d...FW.JI$...........?.i.-...0.c........<K...J.4.AR.O..p$.\.....c-...2.v.BQ..h.?..x....1f.d....t..0>BdL.,...{..*.4.)A.+......q...r|.i..!.....@.HQ..-)..._...sl..a...D..6..s.qr...,..h..d.q."U..Z,h6$..f..*ws..S...@}9oQ.X....F{.Ui.E...4yfyn...Y8..<7.....ln...y......./.9.-......YQ`R..i..j.[J.<..R.dE2..K..

                                    Chrome Cache Entry: 105

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:SVG Scalable Vector Graphics image
                                    Category:dropped
                                    Size (bytes):1864
                                    Entropy (8bit):5.222032823730197
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:BC3D32A696895F78C19DF6C717586A5D
                                    SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                    SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                    SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                    Chrome Cache Entry: 107

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:RIFF (little-endian) data, Web/P image
                                    Category:dropped
                                    Size (bytes):635270
                                    Entropy (8bit):7.979363045841664
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:20DC17476D860F6BDEF713067C13A773
                                    SHA1:BD39BC6C879F88A684690AE5095A9179CDC83769
                                    SHA-256:43565271496786AF88857D689237246A79ED7ECE0A1E94F7B730F122A42BD5CB
                                    SHA-512:24227FB0A0440E256F56E8DDC41EC731731EC7DE57E0B592A5A985C6FF431F807AEC076A26CD3127C359AF7293592FBC6A71E686D00B50F30BC8C483E0F543D1
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:RIFF~...WEBPVP8Lq.../.....u!...R.....Q.!"&.-...d......?I........s8.(.{{..m.m..zfv.*#+......|].._d...$.l.n$..... 50.S.i....$...^.m...m..>..~..*8..W.%..E..I.....{.,.v...e."A......a..H.[{..,h.Z...-.b[......133333\f..f.%Y,mI.....23.......l.vm7..1.........#Rk.?[..Y.-.S..nF#..w..kN..$I.mK....9........^..2.'.)d.[7..:.@..!.-..?...Vm.....1&,.|Xl.......Wu1....23333~..T]]U..0.....M...c\.}.w>O.d.%I......ET.*.( .?..F.Un.*"..w.^.[.$G.m.b5.......9.b|..G........k.1..]......H.$I.L..S.. ........$G......)(..T%.V..afz..g..........=|.gwg..z..[.n1.Sr....~O.{d.4s..(I.$.$....{.9..df.2......{Oge.{..%..ME..m.%I.5.Z..{..(.:.%C.cf......eqBDx......{..k...j.&..F.%.................`........Q..........Y...........Y..........Ld1..{..Xe.<.YN.g.C.....z7..:4.]~.@{.......k...G..?.W......@k6........O.Q...}..|-,w.*.k..W.=.b......h...C....v..R....q..0G..Lt.?...zp...Mm.._..bt......{.x...../....>j....w.?f.]..E...K|...H..T.JzM{%]+..u........t._>..|....G.s.._>h}......~..

                                    Chrome Cache Entry: 108

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (762)
                                    Category:downloaded
                                    Size (bytes):60585
                                    Entropy (8bit):4.475297279785826
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:24A50AC64AA9CF47C48BE8F07C513E44
                                    SHA1:AA518031911D6121EF05247F3BF4278E534BA523
                                    SHA-256:A5332C50ECC82457574290155AC9F2BF2A6912F02F69D665167D3C8479EE5DEA
                                    SHA-512:720C5C6E6591D4108BBFD861F79FD50BEB119B1D1D3BEFC90C1B89563D4B38757BCB57CEDFF9EF3251F45FE16659E250248BD85ADB6D810BF2A80F88528520FA
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://thermal48828442111.dorik.io/favicon.ico
                                    Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <title>404 not found</title>. <link rel="icon" />. <meta name="viewport" content="width=device-width,initial-scale=1" />. <script type="text/javascript"></script>. <link. rel="stylesheet". href="https://cdn.dorik.com/605a56e34235520011809966/css/404.css?v=829ecdac01916bfae43daeb232ba941fcef279e5". />.. <style>. body {. font-weight: 300;. }.. .me404 {. width: 100%;. height: auto;. }. .st0 {. fill-rule: evenodd;. clip-rule: evenodd;. fill: #e8ebed;. }. .st1 {. fill: #ffffff;. stroke: #89949b;. stroke-width: 3;. stroke-linecap: round;. stroke-linejoin: round;. stroke-miterlimit: 10;. }. .st2 {. fill-rule: evenodd;. clip-rule: evenodd;. fill: #dbdfe1;. }. .st3 {. fill: #ffffff;. }. .st4 {. fill-rule: evenodd

                                    Chrome Cache Entry: 109

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (61177)
                                    Category:downloaded
                                    Size (bytes):113084
                                    Entropy (8bit):5.285180915082997
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D62B4EDEB512B07ABEF4688E27ECDDE3
                                    SHA1:981A7825DA5E29938AB6FE0CBFE2DB622F7B8333
                                    SHA-256:4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
                                    SHA-512:6E91B285BEA8566EBB7829F592744A6706CF6498E6D5DC1C5A0EBDD0A685D767AA215B275A88568B957E6BE824AEE60521ED1D77D92A697A3CE0F446ECDCDDB9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
                                    Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                    Chrome Cache Entry: 110

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:downloaded
                                    Size (bytes):3620
                                    Entropy (8bit):6.867828878374734
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B540A8E518037192E32C4FE58BF2DBAB
                                    SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                    SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                    SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                    Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                    Chrome Cache Entry: 112

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (38708), with no line terminators
                                    Category:downloaded
                                    Size (bytes):38708
                                    Entropy (8bit):5.214601408960595
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A537D3192825D559F5027A51F2E7EAEE
                                    SHA1:C0F340021CB05E12204A68A7BCBF1C1907078363
                                    SHA-256:C99C45F5DF1E0D08388F368866DE25B23A3E33FE7C2D78356A0D3746C665EDE3
                                    SHA-512:606D34F4401EA7D0F7B1CA0FA9A12F2B57FADFF1E9E5592FA7E20160198E7D8F048D4486DD295DB1ED3E3C77DDD09576C402FF44753CEFBC69E2C416D91A1767
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://cdn.dorik.com/661d1a0b1d6c2900113ad9e5/css/index.css?v=1713194631858
                                    Preview:/*!normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css*/html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:initial}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus

                                    Chrome Cache Entry: 113

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 39372, version 1.0
                                    Category:downloaded
                                    Size (bytes):39372
                                    Entropy (8bit):7.994926732786172
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:E4FFE70CF1F9923C96E83B3C3DFA2CE8
                                    SHA1:EF3BFE812369BD73E1B129C2FCE37AA91F879E15
                                    SHA-256:E357B02137741B5640A01EB60531CC5B9F1AD6AF0797ABD26D34249073FB11B2
                                    SHA-512:932A9C1A82303701BD714D08422A04817100DA63C27C3973573F39BF86EB25439ED2C1E22DEA426CB3226269176AA4B278152604D887045C1B6B864BCE647A5B
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://fonts.cmsfly.com/file/s/notosans/v36/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7du3mhPy0.woff2
                                    Preview:wOF2...................U..........................D.. ..^?HVAR."?MVARP.`?STAT.N'...4/l.....,....4.0..p.6.$..d. ..J..6[..q@.":.._7....es:.P...QXc...Z.r..p.4.?....OI:dlC..?^.....Qd%*..#..<..R..,..t."(E.-D8...E!d......301!.t.(".H..@..!. .]...>....tCn\.......7{9E...~....!w..J.....?._..............t..>.4%m..[..-....S....O8.K.6M..c..C)bE..+L0.96.m..3..lb.7....!;...~s[...o.8....5.7....{...}...Hr.GU0B}..~...!.....f...`!.....P*vF{F....W9u ....yO..A..(.J.........t.....F.4......T+IE).EG.Q.dj.`lx.9L.66.fl......Y@W.W..-.2$v.i3..<`.}Z..|....=......R....[.3.v.O'*.c..........[..#..'*..........'VE,..@B.o. @a....z..b.Id.I....d......*...;.w-;..J.....t....%..#.I..o..-..@..lZ.....I.A..4..D..1pz@.5.%.6W...........-Wf......T5..jD.H..W.....=..} ....8.F... . .....K..F....\..^............=cJ$...E.....Jvv./..P..D*..J..@......Sa../........x..7..n...).....5y......*?..7.........C.g@J.!y........)5.\GQ.Zg.3.....,5.5#..3.Z..o._.lv..ip..mj.....Vx..y..f.=..K..7.<z.5..........)

                                    Chrome Cache Entry: 81

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 36772, version 1.0
                                    Category:downloaded
                                    Size (bytes):36772
                                    Entropy (8bit):7.99461212667437
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:BCA21FE1983E7D9137EF6E68E05F3AEE
                                    SHA1:CD18280BFA37A4C44D5530899FE10A249310E6EB
                                    SHA-256:8905A3719FF792D3B18A7C40AE820C9FCE92782BB7696ABC29D6987EBC93CD82
                                    SHA-512:7DE38ECC3943257F71AE0E4C8EC2B2262E67F8E235B80B9F65F01BBFDBFB7BF8CB417DA480369F8C15AF417FD5D99077521B2A291116E98597A08B2E5690A7DD
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://fonts.cmsfly.com/file/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z9mXg.woff2
                                    Preview:wOF2..............)....3.................................J?HVAR.".`?STAT.\'2.../l.....,.A....0..4.6.$..8. .....8[..Q.................h,(....q.b.~......c.&..P.....N...a8..Z..5M.R9q.Rk..y..\.U...+..P.e...t.......j...nGG....Q..L.{..d'w:8.}......I...U9_.V..A..-.J.Y.^.".......1..4D......?.=...V...O>.c<n5....*0vy...q}.....?.>.u....>..="....{.......f....b.2b.3c.n...H .@C.R..@-.M{.....RZqQ....R.7.t,..v.?.i....R.)......j.....E....$...........0`Qw.[.m...j...6.HH..6...+......6~..Z.....bw.r+..X,.C.j......X......&h............?e..f....}..~..L;..=-........1...d..-..j...<+.g......|......P..c.....Jz>.b..|.p.{.z.6....4...V.|....CD...H..;...*.."....m.I..o..I..W.e.....G.v....*d.(....Ww.._..ik.....9"..T...j.........kh......P.?...*V....lIgKfo.6....h2...[Q;\Ln.%..~.yb.C......%..&...)x........n`."...&...L ...38....N.....w.@.p.,\ .%.'.UIK.*..}.V....1.f...{..3....Mwo..pL..!....)k...6Hw... .h.J...r.49{.g.j.@.]..=5.{..I.R.....[{..iko...{..i.....Mki?.....&\..5.C.

                                    Chrome Cache Entry: 82

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:dropped
                                    Size (bytes):2672
                                    Entropy (8bit):6.640973516071413
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                    Chrome Cache Entry: 83

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (43896)
                                    Category:downloaded
                                    Size (bytes):223759
                                    Entropy (8bit):5.257227710687157
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5252837FFA272234E1CBF2D3D83EF32C
                                    SHA1:CAA4E48A54A2B1CA09327E42F24F6031FDF21CDA
                                    SHA-256:DF2E852C347ECF82F70A0C8A4B91713FBB0914D58F2CBAB01316BFE646ABEE7C
                                    SHA-512:523C59BC0D2861B8F35A8D46E52C935A26001B2A2EF8197F7F6DBFC38E8F0D51A5D3753FD4F0DCCD68DA08505D3313AFCFA7CB236E0363EDA4856D41F05A233A
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],{528:function(e,t,r)

                                    Chrome Cache Entry: 84

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:RIFF (little-endian) data, Web/P image
                                    Category:dropped
                                    Size (bytes):39504
                                    Entropy (8bit):7.962919117437173
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:91D1CB756FDB7942FF69B36D74383B6E
                                    SHA1:DA2614DEA766C6566F30357F979059A7F190ED72
                                    SHA-256:239ED1154C1C7677E0F63551EF78A343E4256FFC6CDF74E10491FD7E7081014A
                                    SHA-512:4859A8E7E38ACFDA6FF62E11577ADBF798342D4E56ACB283EBD10452EA29CBBEA75D675D254807E429C2936BB9D23024886F0024229876B2C707BC3701C071AE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:RIFFH...WEBPVP8L<.../CA...u!...m.-..f..U......ezf.a..N........@..K.....I...@f`..v....[.T..<..Uku..{.I.$...Q5s....f....{.......3........pw3S.y=l.Hrlk....dfU5Hj.h......>..g.H..4.VCABD..Y@.$.m.....p..=.....q.....=.r...7.t..=.;.;.............O.".7..........H...(X...........4t.h.k......U.ox.x*... JQJ%..E)S...@...x.....?.D.@n. .n`.....G{.o...c...<.L$`....QH&.!.............................T0!....>....0....@...>.n.......p.+P.P2.`..:..8).0..q.....e....U....E.t.......Q...zk_.G.....s.5....gj..;..OYn........./.C.....@....P........}..~..2B..0..E.Y....w....'......(.w..[....h..C.../.......*..0..I....s;c..q}..F.....pv;.,.=..]..MD...............................................................................................................................................GA..1..~|~........M%.bV.ta..}.....s..._..o.....;L.Q....n..z...g.......Q.."...&....>..}...C....Gz.pu_.C0..\....(..L.......w.c..h+.2........O.9.......v.G..y.L.Jwo.t..!..._"=U.......X

                                    Chrome Cache Entry: 86

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:SVG Scalable Vector Graphics image
                                    Category:dropped
                                    Size (bytes):3651
                                    Entropy (8bit):4.094801914706141
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                    SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                    SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                    SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                    Chrome Cache Entry: 87

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (32153)
                                    Category:downloaded
                                    Size (bytes):55052
                                    Entropy (8bit):5.379588990855403
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3D725DCEB242C2D99BAFE9D3267FC5F1
                                    SHA1:CF1BD2E8790F3875DDC2316EF8B055BA15447C35
                                    SHA-256:33CEA1C907E3D621EAFE2BD781DF9EEE3A2A96E7CE8375B01E103D0533DB8C09
                                    SHA-512:AEA7B103B1CFCC0EFD0151993874AFCDC2F52F0397A1500BF190E4F622E7E1115B4EA32965F9E0432066689847A2C2EAB9E3CDE0B0B0B343F0FFA8390773AC10
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pxjdzrjcwtmbr-ntjn_f8q2.js
                                    Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                    Chrome Cache Entry: 88

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1740)
                                    Category:downloaded
                                    Size (bytes):14695
                                    Entropy (8bit):4.568250604019374
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:91169CD6304A0B5FC5A77C2F0D4DE2E9
                                    SHA1:52B42F088E5C850BDBC5179D52FD90D76DC0094E
                                    SHA-256:12F3CFC1573CD5A96D1E001150967B20D7DFC9E24D235B8D9C03B42E9479108B
                                    SHA-512:90FB2191520925EB88E0E20A57ACEA439FEF31E9985F7033B53197A0EF84EA463EE716297AC4FD6E3FEE7DA4D4C0DAD027281CD50A9D002EE73CE396F93810F1
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://thermal48828442111.dorik.io/
                                    Preview:<!DOCTYPE html>. <html lang="en" dir="ltr">. <head>. <meta charset="utf-8" />. <title>Thermal Road Repairs provides permanent asphalt repair solutions</title><link rel="icon" href=""/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="title" content="Thermal Road Repairs provides permanent asphalt repair solutions"/><meta name="description" content="Thermal Road Repairs is a sustainable asphalt repair company offering zero waste, low emission solutions to fix potholes and other asphalt defects."/><meta property="og:title" content="Thermal Road Repairs provides permanent asphalt repair solutions"/><meta property="og:description" content="Thermal Road Repairs is a sustainable asphalt repair company offering zero waste, low emission solutions to fix potholes and other asphalt defects."/><meta name="twitter:title" content="Thermal Road Repairs provides permanent asphalt repair solutions"/><meta name="twitter:description" cont

                                    Chrome Cache Entry: 90

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (14735)
                                    Category:downloaded
                                    Size (bytes):15708
                                    Entropy (8bit):5.364262866906095
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:82B3E71D28044021BF3BBA30A8B1B613
                                    SHA1:508FD0047F49E7965707F0B58708A59D6A62C528
                                    SHA-256:49BD3382F2D2C171947474FC65B701DED717BF69A6E88505B84DA1D69B3C2F1E
                                    SHA-512:5393810DAE66111F7CFCE77BF46CAE3EE3D4153B5FDBA12AB9B1D8A7095A5DD883C7EE09E0A177D6E1BE3DA2D53A0A64798A51EEE6DAC1D54FB42A8F23C9B553
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[17],{514:function(e,n,s

                                    Chrome Cache Entry: 91

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 21304, version 1.0
                                    Category:downloaded
                                    Size (bytes):21304
                                    Entropy (8bit):7.989787627670071
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:39EE576686AC0E893E06738504B87269
                                    SHA1:2213C1C0FD85490BED28E54764B6F4FA7DD0EEEC
                                    SHA-256:FA57A0C44B9B57A2F736E923B0A400FBA8BA99035B691A71C1087B15F1EEDB9E
                                    SHA-512:F70365CAB298304BC830655A6DAB7F56F1396832FE17273542B0CF231FBA53438049B17E2FA90E683A0F8754A5730CA9630D98225CBDB7B774ADFA12B6740AEF
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://fonts.cmsfly.com/file/s/notosans/v36/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5ardu3mhPy1Fig.woff2
                                    Preview:wOF2......S8..........R.................................|?HVAR.j?MVARP.`?STAT.N'...*/l......M..x.0..(.6.$..d. ..J..o....nj,......,.....6N....H..q...n........Y...(.... <l(...H....(4M.JL. E.e.r....0`.2..|.c..vg..Y9.4o.DX..bhL........(..kgn.6n.m..-..g.N(..z.o...U8A+...{z:.7.Sf-.\n..vk..,...>.....T.... ....f.T@@G..m......b$..6V...G. q.b..A.\.....^.^.d].j....../.!Q.@P.^.h...?"\...,i.P.ZN6.._b!+...Z.[IJ.c.+$g*.}..%[....K.....z0.D.U.n[.=..#...a..3.4C&lr. R..v.@..B..F......cO..W..m.f...z....1.$@...!$~c...N.......x....K.$.....>.e.....p.a....$o.u.{.3.......*.i.......v....S..D..L..*.Ux.Xk...d..L.....o......z...Y....r@.Z....P.].j..z@.s..=P._...i...r9go.To.D.A....R..`IgJ...{...z.G....r....P`].....@cKi.4,.?"..MM...{..q...w......v..2._,.b.L.%OZ..|.Hi...'x:-...K.!T..z..N.#.s..K..]y.......5...|......,.*...iu..r.v.R@..Q.ro....),Bb.)...6....7.6.GB........~.........T).n.x.....l.......b$5B...y.....hh)v.t7.F].p..$...H.I..\..^..w."7....!H..!..2..>{....vpXH..0.._.`...f

                                    Chrome Cache Entry: 92

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):10348
                                    Entropy (8bit):5.458836252020102
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:CE7B00B61890DFD5418A8A32D995BE38
                                    SHA1:1BBCF72BC62074A43D0A65D017412F53633558C5
                                    SHA-256:A6EEBF4DA0808A367E78366CC7D99E0D0ABE27DA41E092353151EC1B235A94BF
                                    SHA-512:A9A344988F82D31571FE6C88FD7DB0B64CE8C83FBC88DFE54A3FBCAC752CCD1A62BE7286829A9047BEBCF73F6753CF0FC24E156813435AA741C286ACE8F10C42
                                    Malicious:false
                                    Reputation:unknown
                                    URL:"https://fonts.cmsfly.com/css?family=Noto+Sans:400,500,600|DM+Sans:400,500&display=swap"
                                    Preview:/* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(file/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu6-K6z9mXgjU0.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(file/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K6z9mXg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(file/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu6-K6z9mXgjU0.woff2) format('woff2')

                                    Chrome Cache Entry: 93

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (64612)
                                    Category:downloaded
                                    Size (bytes):113657
                                    Entropy (8bit):5.491599164368304
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5B0E3778C74235B06DA49808DD8DF90A
                                    SHA1:AD25897B0870B81568412F55B19898E406CC11B3
                                    SHA-256:7530B843A86F3155CE07CDA787A40DA87052664B09C22F3D4DB5E9238664DBE0
                                    SHA-512:EE1FB8F232311A45A10D2CC2A8F19B6C8F86ECE52688F909B0928C0F65AE0953EB2176D0ADEA893A371300D0E3FEE7AF046865D48FFC2812B3440D01ADAEB727
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[37],{487:function(e,t,r

                                    Chrome Cache Entry: 94

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65451)
                                    Category:downloaded
                                    Size (bytes):89476
                                    Entropy (8bit):5.2896589255084425
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DC5E7F18C8D36AC1D3D4753A87C98D0A
                                    SHA1:C8E1C8B386DC5B7A9184C763C88D19A346EB3342
                                    SHA-256:F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
                                    SHA-512:6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://cdn.dorik.com/common/jquery-3.5.1.min.js
                                    Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

                                    Chrome Cache Entry: 95

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (45563)
                                    Category:downloaded
                                    Size (bytes):141339
                                    Entropy (8bit):5.431048966728945
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0A1A5BA009FB1F25E3F3D036D8CF26CE
                                    SHA1:8E9E6A11CED0807252C34DCA1D8C7C2390D1A5CA
                                    SHA-256:94153F2A6DAAE35DFCB61DC987E2D4310B7CA021E36375E87D8B8C641C0C6121
                                    SHA-512:018FA3AD6DCC5DD17258334C2AD5BD0CE4E6AC278A340EE9F0147EC3084B56D0BC5F7224DAF950E89B53828FF57737E1DB1539DCE2B3E7967FE40971677CDFB4
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
                                    Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,i=n[0],a=n[1],s=0,u=[];s<i.length;s++)

                                    Chrome Cache Entry: 96

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:SVG Scalable Vector Graphics image
                                    Category:downloaded
                                    Size (bytes):1592
                                    Entropy (8bit):4.205005284721148
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4E48046CE74F4B89D45037C90576BFAC
                                    SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                    SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                    SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                    Chrome Cache Entry: 97

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):28
                                    Entropy (8bit):4.307354922057605
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                    SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                    SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                    SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwm8Jxf22HzYoRIFDdFbUVISBQ1Xevf9?alt=proto
                                    Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                    Chrome Cache Entry: 99

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                    Category:downloaded
                                    Size (bytes):17174
                                    Entropy (8bit):2.9129715116732746
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:12E3DAC858061D088023B2BD48E2FA96
                                    SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                    SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                    SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                    Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                    Static File Info

                                    No static file info