Play interactive tour

Edit tour

Analysis Report https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u

Overview

General Information

Sample URL:	https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u
Analysis ID:	324355
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

chrome.exe (PID: 5924 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 800 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15741333574045818394,7388905800530690174,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

DNS traffic detected: queries for: forms.office.com

Source: ccfee25f38f911d4_0.0.dr	String found in binary or memory: http://amp.azure.net/libs/amp/
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: df05730d55081a08_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/engagement-window/window-confs/164436
Source: 156e023462d48427_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/eng
Source: 72090e93af2b3d0c_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=z
Source: 3b5ddd299823dee6_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb208
Source: manifest.json0.0.dr, 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/
Source: c94540d4c86c0448_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.1.min.js
Source: 094e2d6bf2abec98_0.0.dr, 5334000c05ed2b53_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Source: 5334000c05ed2b53_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.jsaD
Source: f46ad1d2652b0b43_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: b180e6523891105c_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: 82e92344281b46a9_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jquery.ui/1.11.1/jquery-ui.min.js
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://aka.ms/
Source: History-journal.0.dr	String found in binary or memory: https://aka.ms/PrivacyReport
Source: History-journal.0.dr	String found in binary or memory: https://aka.ms/PrivacyReportMicrosoft
Source: 166ee82c52b87e97_0.0.dr	String found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: ccfee25f38f911d4_0.0.dr	String found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsa
Source: ccfee25f38f911d4_0.0.dr	String found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsaD
Source: manifest.json0.0.dr, 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: b63b43555f5ef307_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC021d0a1582e845158b9974bf66e669f
Source: dc7f1e4e542b651c_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC05ac5f311ffd4e5c9ad450f46819401
Source: 1901d97a494284b6_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC15f3408d92fc4519a3a4fbb6f85a3d5
Source: 5193d3a772576834_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC278c787435b94d148603e89a80d2b33
Source: ef812770fec62f00_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC2fdf0b42e0414a7982f3ba48531bc16
Source: 46c1f20282dfa665_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC3743cb8b1ea14f88b7f7258ff32b6dc
Source: c45f8af2b96a162d_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC54b490a964b8430a93c0a4bea8ec38f
Source: bb03dd199347c739_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC683368007e154c38814065ef2499a0b
Source: 55002aca08adc148_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC9c46fb6a891f4562b65713ecdcbb737
Source: a245930ddc6025a9_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCa6da6c2ddf044453bdb4d0b0dafda95
Source: 96db824c331a77d5_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCa7a16d61c0134716b6c5d59808f9fd2
Source: 9e3e3b309feee242_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCb36993ed0cd440348a1b4711c13dbc8
Source: e020b8b54f7e541f_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCb931a36f851d412386794b82eefa667
Source: 99d39807317fa33a_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCc603b998e8c64e55b78656817f79328
Source: a62abfc932b5eff2_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCce79330d434c45ca8ea9effba974a13
Source: fab5435452b3b5fd_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC1a3e34bc6d5b4a44bdd14eed6f571ac
Source: 6e646dd4f853f7d8_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC30b69654d14a4895ae64b6e5cf0cf81
Source: 049e61f56bdec1ac_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC5548547466864ee2ab73cca512147d7
Source: e9e0fbfc734770b0_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC557c8c9e1a32442f85198b3cd484649
Source: dcbf9a43deeccc1e_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC5f812135e64f48ad85ea100034bc60a
Source: ea27fa7ad55e1017_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC69b31008c50e44318e064df1bd9de72
Source: 09e38a19b46d6eb3_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC8f2e96b0f42b4791b6a87bd6474f9dc
Source: 7d664ffbb549cf44_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC95d5954deda24aa780e2bd87a6eabf8
Source: 4e602b2b62deec45_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC9f9b3c9f668a4b9dbf5ccda86744fe3
Source: 71533a71068a629c_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RCf16325d3e41c447fb6b66d7d82fcb43
Source: 112ffe0d2f355de3_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.min.js
Source: 3c4d40e130a6a467_0.0.dr	String found in binary or memory: https://assets.adobedtm.com/launch-ENbb9d0de7cc374dc99259df2c4b823cef.min.js
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://assets.onestore.ms/
Source: 9edc3bcc45a63d3b_0.0.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js
Source: 38b572a46376d5b4_0.0.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.22.1/scripts/mwf-auto-init-main.var.min.
Source: 7bf2e63aba04327d_0.0.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-auto-init-main.var.min.
Source: 106511ff7d335ae7_0.0.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-video-player-main.var.m
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/
Source: a04d28593344b886_0.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.3.1.js
Source: a427860bca0ae4c4_0.0.dr, 6b848a87f40dd230_0.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: Favicons-journal.0.dr	String found in binary or memory: https://cdn.forms.office.net/forms/images/favicon.ico
Source: Favicons-journal.0.dr	String found in binary or memory: https://cdn.forms.office.net/forms/images/favicon.icorL
Source: b7908b9c9b3341b0_0.0.dr	String found in binary or memory: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.ext.1c44705.js
Source: 5cf7c6cbf1d6c26c_0.0.dr	String found in binary or memory: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.vendors.6a9a01e.js
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 5a2848e832bc50f4_0.0.dr	String found in binary or memory: https://consentreceiverfd-prod.azurefd.net/v1
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: 3131deb4-2687-4838-b861-23b939b0674b.tmp.1.dr, 4d3628b5-7221-4219-bd75-68b7fd0e3fcd.tmp.1.dr, 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log4.0.dr	String found in binary or memory: https://forms.office.com
Source: 000003.log0.0.dr	String found in binary or memory: https://forms.office.com/
Source: Favicons-journal.0.dr	String found in binary or memory: https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERR
Source: 000003.log4.0.dr	String found in binary or memory: https://forms.office.com7_https://forms.office.com
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 411135a47a8afbd4_0.0.dr	String found in binary or memory: https://live.com/
Source: f7ea591cb5d1c051_0.0.dr	String found in binary or memory: https://liveperson.net/
Source: 72090e93af2b3d0c_0.0.dr	String found in binary or memory: https://liveperson.net//
Source: 3b5ddd299823dee6_0.0.dr	String found in binary or memory: https://liveperson.net/O
Source: 22fb0e1969c285c1_0.0.dr	String found in binary or memory: https://liveperson.net/W
Source: c69630b836b04401_0.0.dr	String found in binary or memory: https://liveperson.net/h
Source: 50030ae951750ff1_0.0.dr	String found in binary or memory: https://liveperson.net/iP
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://login.live.com/
Source: Current Session.0.dr	String found in binary or memory: https://login.live.com/Me.srf?wa=wsignin1.0&rpsnv=13&ct=1606657350&rver=7.0.6738.0&wp=MBI_SSL&wreply
Source: History-journal.0.dr	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1606657348&rver=7.0.6738.0&wp=S
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: Current Session.0.dr	String found in binary or memory: https://login.microsoftonline.comh
Source: 411135a47a8afbd4_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.js
Source: 411135a47a8afbd4_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.jsaD
Source: 000003.log4.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net
Source: 000003.log4.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net
Source: 000003.log0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/
Source: 50030ae951750ff1_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028
Source: 309184ad59030aa2_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028
Source: Current Session.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=http
Source: e080674af345915e_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.js?loc=https%
Source: f7ea591cb5d1c051_0.0.dr	String found in binary or memory: https://lptag.liveperson.net/lptag/api/account/60270350/configuration/applications/taglets/.jsonp?v=
Source: 22fb0e1969c285c1_0.0.dr	String found in binary or memory: https://lptag.liveperson.net/tag/tag.js?site=60270350
Source: 8a41173cbadc68f7_0.0.dr	String found in binary or memory: https://mem.gfx.ms
Source: Network Action Predictor.0.dr	String found in binary or memory: https://mem.gfx.ms/
Source: 4ac2f448771ab57b_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1
Source: 462d64d34aad30da_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1
Source: 226692e5ab9c95ba_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
Source: 8a41173cbadc68f7_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1
Source: 8a41173cbadc68f7_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1aD
Source: 300bb9fb98ab63f0_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=amc&market=en-us&uhf=1
Source: 1a82e691e1d458ec_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=surface&market=en-us&uhf=1
Source: a5b18de7662d18f2_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=windows&market=en-us&uhf=1
Source: 94a5143d10615cf8_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meBoot.min.js
Source: 601763cfed8be44f_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meCore.min.js
Source: c02db6ab60fb1129_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.js
Source: c02db6ab60fb1129_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.jsaD
Source: 16d2f3faad7856af_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.js
Source: 16d2f3faad7856af_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.jsaD
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://mwf-service.akamaized.net/
Source: 94d12f6ce814ffd5_0.0.dr	String found in binary or memory: https://mwf-service.akamaized.net/mwf/js/bundle/1.57.8/mwf-main.umd.min.js
Source: b7908b9c9b3341b0_0.0.dr	String found in binary or memory: https://office.com/
Source: 5cf7c6cbf1d6c26c_0.0.dr	String found in binary or memory: https://office.com//(
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 000003.log4.0.dr	String found in binary or memory: https://publisher.liveperson.net
Source: 000003.log4.0.dr	String found in binary or memory: https://publisher.liveperson.net-_https://publisher.liveperson.net
Source: 000003.log0.0.dr	String found in binary or memory: https://publisher.liveperson.net/
Source: Current Session.0.dr	String found in binary or memory: https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-en-
Source: 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://r3---sn-h0jeln7r.gvt1.com
Source: 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: c69630b836b04401_0.0.dr	String found in binary or memory: https://static-assets.fs.liveperson.com/microsoft/aibot.js
Source: 3b99dc3d3bc104fb_0.0.dr	String found in binary or memory: https://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-neu-ms-com.akamaized.net/
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/
Source: Network Action Predictor.0.dr	String found in binary or memory: https://statics-storeexp-neu-ms-com.akamaized.net/
Source: c7b12560f839e230_0.0.dr	String found in binary or memory: https://statics-storeexp-neu-ms-com.akamaized.net/_h/46c44584/coreui.statics/externalscripts/jquery/
Source: adcefe05f695f7f2_0.0.dr	String found in binary or memory: https://statics-storeexp-neu-ms-com.akamaized.net/store/_scrf/js/themes=store-web-default/2f-63ce8f/
Source: 71f52630121e1252_0.0.dr	String found in binary or memory: https://statics-storeexp-neu-ms-com.akamaized.net/store/_scrf/js/themes=store-web-default/e2-ed7413/
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.0.dr, 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443

Source: classification engine

Classification label: clean0.win@53/303@29/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5FC423B7-1724.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\41eb0a49-5c28-4756-8488-c4eebba75e99.tmp

Jump to behavior

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15741333574045818394,7388905800530690174,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15741333574045818394,7388905800530690174,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u	1%	Virustotal		Browse
https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
cs1227.wpc.alphacdn.net	0%	Virustotal	Browse
liveperson.map.fastly.net	0%	Virustotal	Browse
logincdn.msauth.net	1%	Virustotal	Browse
statics-eas.onestore.ms	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://publisher.liveperson.net-_https://publisher.liveperson.net	0%	Avira URL Cloud	safe
https://consentreceiverfd-prod.azurefd.net/v1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=surface&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meBoot.min.js	0%	Avira URL Cloud	safe
https://forms.office.com7_https://forms.office.com	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-video-player-main.var.m	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=amc&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=windows&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1aD	0%	Avira URL Cloud	safe
https://assets.onestore.ms/	0%	Avira URL Cloud	safe
https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.jsaD	0%	Avira URL Cloud	safe
https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.jsaD	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.jsaD	0%	Avira URL Cloud	safe
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js	0%	Avira URL Cloud	safe
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.22.1/scripts/mwf-auto-init-main.var.min.	0%	Avira URL Cloud	safe
https://login.microsoftonline.comh	0%	Avira URL Cloud	safe
https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms	0%	URL Reputation	safe
https://mem.gfx.ms	0%	URL Reputation	safe
https://mem.gfx.ms	0%	URL Reputation	safe
https://mem.gfx.ms/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
microsoftwindows.112.2o7.net	15.237.136.106	true	false		high
blob.bl6prdstr14a.store.core.windows.net	52.239.152.74	true	false		high
dh1y47vf5ttia.cloudfront.net	13.225.73.51	true	false		high
va.v.liveperson.net	208.89.12.87	true	false		high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	0%, Virustotal, Browse	unknown
mcraa.fs.liveperson.com	3.216.53.130	true	false		high
liveperson.map.fastly.net	151.101.1.192	true	false	0%, Virustotal, Browse	unknown
aka.ms	104.74.143.169	true	false		high
googlehosted.l.googleusercontent.com	216.58.215.225	true	false		high
logincdn.msauth.net	unknown	unknown	false	1%, Virustotal, Browse	unknown
lpcdn.lpsnmedia.net	unknown	unknown	false		high
statics-eas.onestore.ms	unknown	unknown	false	0%, Virustotal, Browse	unknown
assets.onestore.ms	unknown	unknown	false		unknown
ajax.aspnetcdn.com	unknown	unknown	false		high
static-assets.fs.liveperson.com	unknown	unknown	false		high
cdn.forms.office.net	unknown	unknown	false		high
surfaceselfserviceoffertool.azurewebsites.net	unknown	unknown	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		high
statics-wcus.onestore.ms	unknown	unknown	false		unknown
publisher.liveperson.net	unknown	unknown	false		high
c.office.com	unknown	unknown	false		high
forms.office.com	unknown	unknown	false		high
accdn.lpsnmedia.net	unknown	unknown	false		high
assets.adobedtm.com	unknown	unknown	false		high
mem.gfx.ms	unknown	unknown	false		unknown
statics-neu.onestore.ms	unknown	unknown	false		unknown
statics-eus.onestore.ms	unknown	unknown	false		unknown
support.content.office.net	unknown	unknown	false		high
amp.azure.net	unknown	unknown	false		high
login.microsoftonline.com	unknown	unknown	false		high
offertooldataprod.blob.core.windows.net	unknown	unknown	false		high
lptag.liveperson.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC9c46fb6a891f4562b65713ecdcbb737	55002aca08adc148_0.0.dr	false		high
https://login.microsoftonline.com/	Current Session.0.dr	false		high
https://publisher.liveperson.net-_https://publisher.liveperson.net	000003.log4.0.dr	false	Avira URL Cloud: safe	low
https://publisher.liveperson.net/	000003.log0.0.dr	false		high
https://liveperson.net//	72090e93af2b3d0c_0.0.dr	false		high
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.vendors.6a9a01e.js	5cf7c6cbf1d6c26c_0.0.dr	false		high
https://consentreceiverfd-prod.azurefd.net/v1	5a2848e832bc50f4_0.0.dr	false	Avira URL Cloud: safe	unknown
https://lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.js?loc=https%	e080674af345915e_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC3743cb8b1ea14f88b7f7258ff32b6dc	46c1f20282dfa665_0.0.dr	false		high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.jsaD	5334000c05ed2b53_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=surface&market=en-us&uhf=1	1a82e691e1d458ec_0.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RCf16325d3e41c447fb6b66d7d82fcb43	71533a71068a629c_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meBoot.min.js	94a5143d10615cf8_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js	f46ad1d2652b0b43_0.0.dr	false		high
https://forms.office.com7_https://forms.office.com	000003.log4.0.dr	false	Avira URL Cloud: safe	low
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1	462d64d34aad30da_0.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=z	72090e93af2b3d0c_0.0.dr	false		high
https://office.com/	b7908b9c9b3341b0_0.0.dr	false		high
https://forms.office.com/	000003.log0.0.dr	false		high
https://live.com/	411135a47a8afbd4_0.0.dr	false		high
https://aka.ms/PrivacyReport	History-journal.0.dr	false		high
https://liveperson.net/O	3b5ddd299823dee6_0.0.dr	false		high
https://aka.ms/PrivacyReportMicrosoft	History-journal.0.dr	false		high
https://cdn.forms.office.net/forms/images/favicon.ico	Favicons-journal.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC95d5954deda24aa780e2bd87a6eabf8	7d664ffbb549cf44_0.0.dr	false		high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-video-player-main.var.m	106511ff7d335ae7_0.0.dr	false	Avira URL Cloud: safe	unknown
https://dns.google	3131deb4-2687-4838-b861-23b939b0674b.tmp.1.dr, 4d3628b5-7221-4219-bd75-68b7fd0e3fcd.tmp.1.dr, 7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr, 13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCb36993ed0cd440348a1b4711c13dbc8	9e3e3b309feee242_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC557c8c9e1a32442f85198b3cd484649	e9e0fbfc734770b0_0.0.dr	false		high
https://liveperson.net/	f7ea591cb5d1c051_0.0.dr	false		high
https://forms.office.com	000003.log4.0.dr	false		high
https://liveperson.net/W	22fb0e1969c285c1_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1	4ac2f448771ab57b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js	094e2d6bf2abec98_0.0.dr, 5334000c05ed2b53_0.0.dr	false		high
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.ext.1c44705.js	b7908b9c9b3341b0_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	8a41173cbadc68f7_0.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCa7a16d61c0134716b6c5d59808f9fd2	96db824c331a77d5_0.0.dr	false		high
https://liveperson.net/h	c69630b836b04401_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.js	16d2f3faad7856af_0.0.dr	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1	226692e5ab9c95ba_0.0.dr	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/meversion?partner=amc&market=en-us&uhf=1	300bb9fb98ab63f0_0.0.dr	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/meversion?partner=windows&market=en-us&uhf=1	a5b18de7662d18f2_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/	Network Action Predictor-journal.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.js	c02db6ab60fb1129_0.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC8f2e96b0f42b4791b6a87bd6474f9dc	09e38a19b46d6eb3_0.0.dr	false		high
https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsaD	ccfee25f38f911d4_0.0.dr	false		high
https://liveperson.net/iP	50030ae951750ff1_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1aD	8a41173cbadc68f7_0.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC69b31008c50e44318e064df1bd9de72	ea27fa7ad55e1017_0.0.dr	false		high
https://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js	3b99dc3d3bc104fb_0.0.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://lptag.liveperson.net/lptag/api/account/60270350/configuration/applications/taglets/.jsonp?v=	f7ea591cb5d1c051_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC278c787435b94d148603e89a80d2b33	5193d3a772576834_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC021d0a1582e845158b9974bf66e669f	b63b43555f5ef307_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC30b69654d14a4895ae64b6e5cf0cf81	6e646dd4f853f7d8_0.0.dr	false		high
https://assets.onestore.ms/	Network Action Predictor-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/engagement-window/window-confs/164436	df05730d55081a08_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC5f812135e64f48ad85ea100034bc60a	dcbf9a43deeccc1e_0.0.dr	false		high
https://ajax.aspnetcdn.com/ajax/jquery.ui/1.11.1/jquery-ui.min.js	82e92344281b46a9_0.0.dr	false		high
https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net	000003.log4.0.dr	false	Avira URL Cloud: safe	low
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meBoot.min.jsaD	c02db6ab60fb1129_0.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCb931a36f851d412386794b82eefa667	e020b8b54f7e541f_0.0.dr	false		high
https://assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.min.js	112ffe0d2f355de3_0.0.dr	false		high
https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.jsaD	411135a47a8afbd4_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js	b180e6523891105c_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.jsaD	16d2f3faad7856af_0.0.dr	false	Avira URL Cloud: safe	unknown
http://amp.azure.net/libs/amp/	ccfee25f38f911d4_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC1a3e34bc6d5b4a44bdd14eed6f571ac	fab5435452b3b5fd_0.0.dr	false		high
https://login.microsoftonline.com	Current Session.0.dr	false		high
https://assets.adobedtm.com/launch-ENbb9d0de7cc374dc99259df2c4b823cef.min.js	3c4d40e130a6a467_0.0.dr	false		high
https://lpcdn.lpsnmedia.net/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=http	Current Session.0.dr	false		high
https://lpcdn.lpsnmedia.net/	000003.log0.0.dr	false		high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js	9edc3bcc45a63d3b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028	50030ae951750ff1_0.0.dr	false		high
https://publisher.liveperson.net	000003.log4.0.dr	false		high
https://office.com//(	5cf7c6cbf1d6c26c_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC05ac5f311ffd4e5c9ad450f46819401	dc7f1e4e542b651c_0.0.dr	false		high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.22.1/scripts/mwf-auto-init-main.var.min.	38b572a46376d5b4_0.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/eng	156e023462d48427_0.0.dr	false		high
https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb208	3b5ddd299823dee6_0.0.dr	false		high
https://login.microsoftonline.comh	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC5548547466864ee2ab73cca512147d7	049e61f56bdec1ac_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC54b490a964b8430a93c0a4bea8ec38f	c45f8af2b96a162d_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC9f9b3c9f668a4b9dbf5ccda86744fe3	4e602b2b62deec45_0.0.dr	false		high
https://lpcdn.lpsnmedia.net	000003.log4.0.dr	false		high
https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERR	Favicons-journal.0.dr	false		high
https://static-assets.fs.liveperson.com/microsoft/aibot.js	c69630b836b04401_0.0.dr	false		high
https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.js	411135a47a8afbd4_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.1.min.js	c94540d4c86c0448_0.0.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC15f3408d92fc4519a3a4fbb6f85a3d5	1901d97a494284b6_0.0.dr	false		high
https://mem.gfx.ms	8a41173cbadc68f7_0.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC2fdf0b42e0414a7982f3ba48531bc16	ef812770fec62f00_0.0.dr	false		high
https://mem.gfx.ms/	Network Action Predictor.0.dr	false	Avira URL Cloud: safe	unknown
https://aka.ms/	Network Action Predictor-journal.0.dr	false		high
https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028	309184ad59030aa2_0.0.dr	false		high
https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js	166ee82c52b87e97_0.0.dr	false		high
https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.jsa	ccfee25f38f911d4_0.0.dr	false		high
https://clients2.googleusercontent.com	7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp.1.dr	false		high
https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC683368007e154c38814065ef2499a0b	bb03dd199347c739_0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
13.225.73.51	unknown	United States	16509	AMAZON-02US	false
15.237.136.106	unknown	United States	16509	AMAZON-02US	false
216.58.215.225	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	unknown	United States	15133	EDGECASTUS	false
104.74.143.169	unknown	United States	16625	AKAMAI-ASUS	false
52.239.152.74	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
208.89.12.87	unknown	United States	11054	LIVEPERSONUS	false
151.101.1.192	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	324355
Start date:	29.11.2020
Start time:	14:41:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 58s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@53/303@29/11
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://go.microsoft.com/fwlink/?LinkId=521839 Browse: https://go.microsoft.com/fwlink/?linkid=866263 Browse: https://go.microsoft.com/fwlink/p/?linkid=2126808 Browse: https://go.microsoft.com/fwlink/p/?linkid=2126809 Browse: https://go.microsoft.com/fwlink/p/?linkid=2126907 Browse: https://go.microsoft.com/fwlink/p/?linkid=2126908 Browse: https://go.microsoft.com/fwlink/p/?linkid=2126810 Browse: https://www.microsoft.com/microsoft-365 Browse: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Browse: https://www.microsoft.com/en-us/windows/ Browse: https://www.microsoft.com/en-us/surface Browse: https://www.microsoft.com/en-us/store/b/cyber-monday?icid=gm_nav_L0_CMdeals Browse: https://support.microsoft.com/en-us
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 13.88.21.125, 52.255.188.83, 172.217.168.45, 172.217.168.78, 13.107.6.194, 172.217.168.14, 74.125.99.25, 74.125.99.43, 2.20.142.209, 2.20.142.220, 52.142.114.2, 204.79.197.200, 13.107.21.200, 172.217.168.67, 52.114.75.150, 172.217.168.10, 172.217.168.42, 172.217.168.74, 216.58.215.234, 104.108.39.131, 92.122.145.53, 52.147.198.201, 152.199.19.160, 92.122.213.240, 92.122.213.194, 104.108.38.107, 92.122.213.247, 104.43.193.48, 13.107.246.13, 92.122.213.200, 92.122.213.219, 51.104.144.132, 104.83.119.205, 40.126.1.130, 20.190.129.160, 20.190.129.130, 20.190.129.2, 20.190.129.17, 40.126.1.145, 20.190.129.133, 40.126.1.142, 92.122.144.200, 92.122.213.176, 92.122.213.193, 2.21.57.112, 104.83.97.40, 65.55.44.109, 20.54.26.129, 8.253.207.120, 8.248.115.254, 8.253.204.121, 8.241.126.249, 8.238.85.254, 92.122.213.195, 92.122.213.163, 2.21.61.5, 92.122.144.67, 13.66.138.97, 172.217.130.41, 74.125.99.10, 216.58.215.227, 92.122.213.211, 178.249.97.23, 2.20.142.210, 178.249.97.99, 168.62.58.130, 178.249.97.98, 92.122.145.184, 92.122.213.160, 92.122.144.197, 104.108.36.15, 20.190.129.19, 20.190.129.24, 40.126.1.166, 40.126.1.128 Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, cn-assets.adobedtm.com.edgekey.net, clientservices.googleapis.com, i.s-microsoft.com.edgekey.net, publisher.livepersonk.akadns.net, fs-wildcard.microsoft.com.edgekey.net, ev.support.microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, a1945.g2.akamai.net, clients2.google.com, e3843.g.akamaiedge.net, star-azurefd-prod.trafficmanager.net, videoplayercdn.osi.office.net, statics-marketingsites-eus-ms-com.akamaized.net, au-bg-shim.trafficmanager.net, r4.sn-h0jeln7k.gvt1.com, dual-a-0001.a-msedge.net, account.microsoft.com.edgekey.net, global.vortex.data.trafficmanager.net, ris-prod.trafficmanager.net, compass-ssl.microsoft.com, lgincdnvzeuno.ec.azureedge.net, assets.onestore.ms.akadns.net, statics.onestore.ms.edgekey.net, c-s.cms.ms.akadns.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, c.bing.com, lgincdn.trafficmanager.net, cdn.account.microsoft.com.akadns.net, translate.googleapis.com, c.s-microsoft.com-c.edgekey.net, compass-ssl.microsoft.com.edgekey.net, clients.l.google.com, e9398.g.akamaiedge.net, a1985.g2.akamai.net, c-bing-com.a-0001.a-msedge.net, e9412.b.akamaiedge.net, support.microsoft.com, statics-storeexp-neu-ms-com.akamaized.net, compass-ssl.microsoft.com.nsatc.net, i.s-microsoft.com, go.microsoft.com, prod-video-cms-rt-microsoft-com.akamaized.net, r4---sn-h0jeenek.gvt1.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, 160c1.wpc.azureedge.net, accounts.google.com, cs22.wpc.v0cdn.net, mem.gfx.ms.edgekey.net, accdn.lpsnmedia.livepersonk.akadns.net, a767.dscg3.akamai.net, login.msa.msidentity.com, a1894.d.akamai.net, lptag.liveperson.cotcdb.net.livepersonk.akadns.net, skypedataprdcoleus16.cloudapp.net, c.s-microsoft.com, r5---sn-h0jeln7y.gvt1.com, e7808.dscg.akamaiedge.net, waws-prod-mwh-031.cloudapp.net, go.microsoft.com.edgekey.net, a1963.g2.akamai.net, az725175.vo.msecnd.net, skypedataprdcolwus15.cloudapp.net, e13678.dspb.akamaiedge.net, query.prod.cms.rt.microsoft.com, wcpstatic.microsoft.com, mwf-service.akamaized.net, arc.msn.com.nsatc.net, cdn.forms.office.net.edgesuite.net, www.tm.lg.prod.aadmsa.akadns.net, browser.events.data.trafficmanager.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, query.prod.cms.rt.microsoft.com.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, skypedataprdcoleus13.cloudapp.net, update.googleapis.com, e11070.b.akamaiedge.net, a287.g2.akamai.net, watson.telemetry.microsoft.com, www.gstatic.com, a1778.g2.akamai.net, e10583.dspg.akamaiedge.net, fs.microsoft.com, content-autofill.googleapis.com, a1835.g2.akamai.net, statics-marketingsites-wcus-ms-com.akamaized.net, www.tm.a.prd.aadg.akadns.net, www.googleapis.com, videoplayercdn.osi.office.net.edgekey.net, web.vortex.data.trafficmanager.net, e10583.g.akamaiedge.net, t-0003.t-msedge.net, e55.dspb.akamaiedge.net, blobcollector.events.data.trafficmanager.net, privacy.microsoft.com.edgekey.net, dub2.next.a.prd.aadg.trafficmanager.net, browser.pipe.aria.microsoft.com, e2699.dspg.akamaiedge.net, account.microsoft.com, au.download.windowsupdate.com.edgesuite.net, r3.sn-h0jeln7r.gvt1.com, r5.sn-h0jeln7y.gvt1.com, c-msn-com-nsatc.trafficmanager.net, support.content.office.net.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, mscomajax.vo.msecnd.net, redirector.gvt1.com, prod.forms.office.com.akadns.net, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolweu06.cloudapp.net, statics-marketingsites-neu-ms-com.akamaized.net, r3---sn-h0jeln7r.gvt1.com, r4.sn-h0jeenek.gvt1.com, e584.g.akamaiedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, r4---sn-h0jeln7k.gvt1.com, web.vortex.data.microsoft.com, lgincdnvzeuno.azureedge.net, skypedataprdcoleus17.cloudapp.net, privacy.microsoft.com, lpcdn.lpsnmedia.livepersonk.akadns.net, e13678.dscg.akamaiedge.net, www.microsoft.com Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:43:06	API Interceptor	1x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Reputation:	low
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1104823335779463
Encrypted:	false
SSDEEP:	6:kKNLCwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:zkPlE99SNxAhUegeT2
MD5:	6C21FDC4EB6729FC59F6D1DA6C81B9DD
SHA1:	1F97F6696117E06ED8D880A98AD49F98FDFB18B5
SHA-256:	6E8576B5D9D2537FF28CA9568A7763E9641BDA0B1181F6168B55A89A6E4931B4
SHA-512:	7DDAEE57D3CCED2007AAA1F0D143C8C4BD6F9CB1CCFEFD0AD3DD37A145A52BCE8ACA85FD5619D5F5F1F4CA4F0894EAB47EB634D2197F290551756599B99F6C67
Malicious:	false
Reputation:	low
Preview:	p...... .........7-.....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\23c1a0cc-0a5b-4bb7-b0b3-f359d456a9c0.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	162523
Entropy (8bit):	6.082365503394239
Encrypted:	false
SSDEEP:	3072:0PYCAPHKb1o/hF5RzweKvf14PnpqIMFcbXafIB0u1GOJmA3iuRQ:cJ4HW1oZF5BtK1eng5aqfIlUOoSiuRQ
MD5:	555167E9645421C64E8C8FC5F5981FF3
SHA1:	141FB2F365FF2EFE52C85A9F7AEBE528C16962B6
SHA-256:	60B76C6363C4F876ED1BC3C4850EDA8639EF1DCD9DC1B77BAF309D52A4060923
SHA-512:	0DA67F9F3739E32D8735791AFC42F7B6AF2ECAB25C8656B81EA4E2A2B914F5611192930B95A5285D1925832A7E9BE0D4A0EAF2FD94D0CE3C2A4DC12548332067
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.606689722761553e+12,"network":1.606657325e+12,"ticks":97762913.0,"uncertainty":4351774.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016980594"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\29478246-238a-453d-bf7f-95f36099e607.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7448923018268934
Encrypted:	false
SSDEEP:	384:1bA/zxis5Gp1Vu0jqNLrQvnt3AflgH54G8rrWBHjxQFFVUrunmOa4CtT3zYO9dXt:JeKFluJAMQevL5JEX7qxKXJj1T
MD5:	D45C88143A55EB17406FBA9983BD24B9
SHA1:	14EDB5C29CAECCB38EA08A58BDA78DFFACC171BF
SHA-256:	4637BE369F5EF5A846B6E28BB975D13839FBFF9004F037BA7AE8F45842B248E5
SHA-512:	834EFC8C0AFE3B35BB131B9A3637E413F41485661E8266D4653C25C49575646A83D288ED60580D51EE05274C4F72BFFA54AF7ABA5858FDAA6E5C3698ADB492A8
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0........C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...n8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\30c5c694-ee18-4182-aa7b-c34f428d07da.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.7443279481371112
Encrypted:	false
SSDEEP:	384:jbA/zxisVpujqNLrQvnt3AflgH54G8rrWBHjxQFFVUrunmO5CtT3zYO9dXNy1raV:MKFluJkMQevL5JEX7qxKXJj1/
MD5:	2134644A8111DFF458F8E9C4F0AB949D
SHA1:	2DCE2AFB04A40C70580FFAD1CA9B7B5E18F64CB3
SHA-256:	0D031788282A4CFA468CD4819C3504B25DCF8228A2D6FE14125E02283367B2D5
SHA-512:	6BA7751D920A41CDA14A6550135493222C35C651D8397F99991315F38C469D5D2B318767D18F52875357AFB5C37008C6D9FD606BEDADACCA2D9070A82E2C0BF3
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0........C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...n8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\87067f8a-dea2-4869-a4ef-f6a9a83b729c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	162525
Entropy (8bit):	6.082360427426502
Encrypted:	false
SSDEEP:	3072:05kCAPHKb1o/hF5RzweKvf14PnpqIMFcbXafIB0u1GOJmA3iuRQ:aV4HW1oZF5BtK1eng5aqfIlUOoSiuRQ
MD5:	B436E02177CE5E6F9374CDA9359480D3
SHA1:	770461B1E0224BA2BAA1187BF692A2468BB75CC7
SHA-256:	4334F36A90A3657E1D3767F2C9B5A30FD334150D02B169197D0EB95941A6B1F8
SHA-512:	A6FBA9DFCD1F7AFF01A64213DD7A45F53A42A471269CC112B0BBE4D6D8C13ABA64BE5B1621824167297F4E403BA58A7425BD312A6560A097D916F4D76E4B32F1
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.606689722761553e+12,"network":1.606657325e+12,"ticks":97762913.0,"uncertainty":4351774.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016980594"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0fffab18-2751-4ec3-abda-5ea8e850f2e9.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22612
Entropy (8bit):	5.534747316398285
Encrypted:	false
SSDEEP:	384:B6YtSLlCYXK1kXqKf/pUZNCgVLH2HfDprUdHGNnTkkemmB4s:KLl1K1kXqKf/pUZNCgVLH2HftrUBGNnA
MD5:	B8D5982EF80465E1F80F0F6D7017E432
SHA1:	64EEA6CEC66E58756861DE649832D2A01E0F8C70
SHA-256:	77A9578081B9731D5793FBC6E1E44F482A6961EEE0A1186761EE810D36D4EC97
SHA-512:	AE5D2D0910EA5C15D744F930B40AC980D15A17FA199C09D7F35073B6F33D21E36B81725F573B915BD8FEF7261F2E0C968B6FF9A9CDCF9F3ADBEBF5E07C185463
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13251163320001457","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\10f604c1-28bb-4f6f-8ae6-92247d31cda6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5666
Entropy (8bit):	5.193025354446744
Encrypted:	false
SSDEEP:	96:nnObt4C2DLmScVxok0JCKL8pkHS1bPbOTQVuwn:nnc4C2DLXcm4Kiky9
MD5:	CA12745FC4BA76D2D487D65720DF52BC
SHA1:	5BCBB0FFBA4CED67F587EC877FA1CDBD114F5B7F
SHA-256:	30CD9A2D14DCAB2A59405701E0F6B486180AABC57EF5AD45DB4C8A45DC55F619
SHA-512:	10D4136C140D1ED4876C0B8551F088016A10F6984075E9901BF5534B246A763DC65BEF23E3E4723C95632F89ADC6B1E843C72CE646227E78CAF5AEBFF6B8ACD1
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13251163320235408","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\13aa37f0-eeee-45c8-90b1-d51e2544daae.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3367
Entropy (8bit):	4.848577015873475
Encrypted:	false
SSDEEP:	96:JTnOCXGDHzMK0pwfoy6Kpa6Gxm6jFUVai+XFVmLeOhH:JTnOCXGDHzMK0pwgy6Kpa6GxjFaaTX3E
MD5:	7F776D72757356AD352A7EA88142F71C
SHA1:	02CD1469453A5A6559B7243E4C27BE6DE840014F
SHA-256:	F3DFFDCB3719E2077EBA70794E7EA5E82BE573238C06FB8F4CA0A25E74250BD4
SHA-512:	82A6E1C663DEE7A5BB46CD3C51CC6E75A07738278C59FBE996AADFBDE62F4FF85CF75921A2B2D1C793B502C4988940E0E1D78F83DA5210EBD71C58AB1DCA9DD4
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://forms.office.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253755322577535","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13253755322591968","port":443,"protocol_

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\237ac1f1-6815-4cad-bb2c-ebfaefe220f3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2377
Entropy (8bit):	5.591120738212466
Encrypted:	false
SSDEEP:	48:YQUHd9UC6UUhaUPvheUgnUnk9seKUeeOU/HlUuRUVqPeUer2UefawU5Uenw:JUH3UHUUYUXheU4Uk93KUjOU/HlUuUA3
MD5:	82C6A101E509087A83906EE8E288A925
SHA1:	AEEB1ED320FA23DB569CBCD9EAA60F4152BA7C2D
SHA-256:	67B984EA1027BCF024924CF85726700ECA2BA2EAB31626C6DE6D158EBD2B822C
SHA-512:	94969B47EDC1EFCC99BCE987FEB59D50D55BD095B0717E446B1043BA62F7FABB8830DE69C212124DA113671CABB5291C48EA948AA8BE9F9CB2CA9E1B2201D9FF
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638225774.661221,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689774.661224},{"expiry":1638225723.385846,"host":"CAoynrd73kf+1KRReKSCpZBcDVU3WMlwGfrX6uU71nA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689723.385854},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638225774.717531,"host":"PKqosHGXLFTwexcsjC+UXTkKV3GWWHwtzKz/ULb9ssM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689774.717535},{"expiry":1638225762.012021,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689762.012027},{"expiry":1638225762.963322,"host":"e0dnev3n5m4rUz3lgUGIx3llwf0kSf/EB+PPIf8u0SI=","mode":"force-https","sts_include_subdomains":false,"sts_o

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\32cdffa9-562d-45cc-9f8b-806550559eec.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\337b8b70-16bc-483b-a43c-38700ac88571.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2209
Entropy (8bit):	5.590154706720392
Encrypted:	false
SSDEEP:	48:Y8UyHd9UC6UUhpUK/eUSUBseKUeeOUSUL8qPeUer2UefawU5Uenw:VUs3UHUUnUK/eUSUB3KUjOUSUL7PeU9X
MD5:	34AB40148005F71B162828BF6FA7C802
SHA1:	9C473F3B1F2F2C98D5393CF8F1308AA49074369E
SHA-256:	9714F1BAA86EBB037549357BC6CBC5BBF920755432753BB290EA1110F6D50D27
SHA-512:	0305739C49D0477EBA508A7D0CF0BFF5243E5C036A0F45A66D4CF848C4793B773BB5E39288FAF63F0390D978A8C1ECB39AE783C9373A59629ECA3AA5A54E71D9
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638225751.026627,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689751.02663},{"expiry":1638225723.385846,"host":"CAoynrd73kf+1KRReKSCpZBcDVU3WMlwGfrX6uU71nA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689723.385854},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638225751.130196,"host":"PKqosHGXLFTwexcsjC+UXTkKV3GWWHwtzKz/ULb9ssM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689751.1302},{"expiry":1638225753.940797,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689753.940851},{"expiry":1638225744.582478,"host":"e0dnev3n5m4rUz3lgUGIx3llwf0kSf/EB+PPIf8u0SI=","mode":"force-https","sts_include_subdomains":false,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3b2ed6cc-f5bc-4c34-a3a7-0bee97b7e8a8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2709
Entropy (8bit):	5.59718073542865
Encrypted:	false
SSDEEP:	48:YGUaXd9UYUj6UUh7UOeUgnUnk9seKUeddUGOUwUZ8QRUVqPeUer2UefawU5Uenw:vUC3UYU2UU1UOeU4Uk93KUeUGOUwUu0l
MD5:	D833F3147BAB86236BE743A653AADAE4
SHA1:	29E9EC57A9A4FDA6FFCE3ADA2D9D00B15C736A00
SHA-256:	EC6156A38EA45693247BD93B3FD7FDCA97B32B6C9E03743C080B9A73431554FF
SHA-512:	49C5E03B8766551ACA6F7A8B056AC7FCFC24D6307F54911DC33C90FD5C4DAD5A5D8F3853C471BC4193C5772E4F901B3A910506B4969292D60463445A5736DF2C
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638225791.760604,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689791.760608},{"expiry":1638225723.385846,"host":"CAoynrd73kf+1KRReKSCpZBcDVU3WMlwGfrX6uU71nA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689723.385854},{"expiry":1638225791.80333,"host":"F8CDsiT0h6lTN4Nqwoyb2wNyqqjWSTsRj/gzlYU3NfY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689791.803334},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638225792.244319,"host":"PKqosHGXLFTwexcsjC+UXTkKV3GWWHwtzKz/ULb9ssM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689792.244322},{"expiry":1638225762.012021,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\58719bc4-3775-414e-b75b-e8b3d4474676.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5666
Entropy (8bit):	5.193133928541855
Encrypted:	false
SSDEEP:	96:nnybt4C2DLmScVYok0JCKL8pkHS1bPbOTQVuwn:nn44C2DLXcF4Kiky9
MD5:	B7305E74BAF460588D96F2BD7C53FB53
SHA1:	6CB6D0C36CDD972A74969B761A98EF412BA166F8
SHA-256:	C9DA75D31403457D06B897C39BFA4C48218DA377DF28EDFD6AF866C97D101F36
SHA-512:	74F2BF5A0F7556E1F2D1D2EC4220BE750AB66ABE0C87F19D3943F9DCCDE50407B6CA76D32B5317386DAD82F54EE9D789733910F42672E5256DC29D0B76700FA8
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13251163320235408","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\652de9b4-902b-4829-97ad-cbfaf2920c5a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5748
Entropy (8bit):	5.1914801960875945
Encrypted:	false
SSDEEP:	96:nna04t4C2DLmScVpok0JCKL8pkHS1bPbOTctVuwn:nn44C2DLXc64Kiky9b
MD5:	B8FCFB217911A61C8A9C9778326B6400
SHA1:	D0978E8A33094F28F74F1AB87FA5C8AA1E77B720
SHA-256:	E2C4EA0C2E3B292B02EC342E1F4B1A382AE0DC12140F12CCBE8C40A7D42BCB86
SHA-512:	1A4BC0E821768335DBB0591F7BC418D31179A0383357857DE6B141AB58F8262964A1BC7813B129E1752FDC011905F9143557FFE59DF96EBF7888E16E5C346E78
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13251163320235408","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\74b7fa61-9286-4ec0-a589-7f94d0c6ddd7.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.584636822076652
Encrypted:	false
SSDEEP:	24:Y2dsqUG16H0UhqZeUOI9sTG1KUerkq/HeUeXby2qUeXvM7wUPRUenHQ:Y2d9UC6UUh+eUh9seKUewqPeUer2UefN
MD5:	8A413636F397DFF64DF1C2166EBE2F60
SHA1:	657FF6AB31E20EFD4A4EADAD7CB36891582F2E5E
SHA-256:	A1427B00304C09DBC30617FC1F54C1A0B488BDF099595DEE6963F24CE97097DA
SHA-512:	5336E278F009874CC3392D4683DAB790A3D67CC2700DC317D9780A562314F7C78B473C64A728B11CA17F08800C5720FFD44CCB0772F3C5CB8F0D2A707CE2B13D
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638225723.385846,"host":"CAoynrd73kf+1KRReKSCpZBcDVU3WMlwGfrX6uU71nA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689723.385854},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638225732.084446,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689732.08445},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\76e68d26-4b43-4aac-9247-d6ce6c55f420.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1709
Entropy (8bit):	5.580652487726926
Encrypted:	false
SSDEEP:	48:YsUYd9UC6UUhTAeUQlUTseKUewqPeUer2UefawU5Uenw:VUY3UHUUueU4UT3KUGPeU9UEHU5UD
MD5:	0EE142A9CF5450D69967E989E51889D0
SHA1:	E118917214B24D69BA23D7A209DFB6BA9BAFC037
SHA-256:	65B89C8065CA029F5FAA40CB4B96AB3CAC09AE106A2913ECB1448250696C2703
SHA-512:	8C43CB932EF2E088D259062CE8F651BDF8C5B0B74D1C667DC359E744BBFF125CC085A3C37F9C0C9E022A4F21BE645ED6F12AE34A49B445F45302318F6482D364
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1638225738.186133,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689738.186137},{"expiry":1638225723.385846,"host":"CAoynrd73kf+1KRReKSCpZBcDVU3WMlwGfrX6uU71nA=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689723.385854},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1638225736.787251,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1606689736.787256},{"expiry":1638225733.549184,"host":"e0dnev3n5m4rUz3lgUGIx3llwf0kSf/EB+PPIf8u0SI=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1606689733.549278},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_ob

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7af3b868-3d93-4fde-9550-fcbc12cf696e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7c099d94-221f-4cdb-8689-50c8cc30ded4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5630
Entropy (8bit):	5.195367650715348
Encrypted:	false
SSDEEP:	96:nnQbt4C2DLmScV9ok0JCKL8pkHS1bPbOTQVuwn:nn24C2DLXcW4Kiky9
MD5:	2B604B70D9B886EEAA33EC97D2414960
SHA1:	C29E33B766648ED4106584D151E7B1C5C2193205
SHA-256:	EBA19D9A27FED6A7B9DF6457DADC0BEE93C86F27DE779917E14F3ED4D04531DC
SHA-512:	37C221A9E7C1A103F1C44EBED3BF83700410DCDB8C316219088E0414ADDBF4D3639CDFB3085E8325AB12DA7451AE2E1C1453B6734A4C8B92D5626B3E1BA56F9B
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13251163320235408","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.273891502745048
Encrypted:	false
SSDEEP:	6:ox9+q2PWXp+N23iKKdK9RXXTZIFUtwHSNJZmwyHJE9VkwOWXp+N23iKKdK9RXX5d:U+va5Kk7XT2FUtwy/ypiV5f5Kk7XVJ
MD5:	EFE3D9306DBDA40A4EB6FA52D398CD45
SHA1:	E3B4F6C265BDD92A38DFA81CB85D8DF4EE355A61
SHA-256:	BF0CECB5AAA185E04F6E8D7D34E750D67183EED69EEC0EDF55B1D5035BFB6301
SHA-512:	0E1BD6259D24A19B16356D359E0C416A18B0418580F579E9698DE1BD84B718EC22CB7907D56E609C6D478E99C1355889D537A31E876DE8BB265C1EEDE9F76598
Malicious:	false
Reputation:	low
Preview:	2020/11/29-14:42:07.480 15bc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2020/11/29-14:42:07.483 15bc Recovering log #3.2020/11/29-14:42:07.485 15bc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.262910146752032
Encrypted:	false
SSDEEP:	6:oXP9+q2PWXp+N23iKKdKyDZIFUtwHvkJZmwyHcE9VkwOWXp+N23iKKdKyJLJ:OV+va5Kk02FUtwe/yHV5f5KkWJ
MD5:	FCCB2B998E7F2212B6D144A01E52D9F0
SHA1:	8904ACB45B9DFAA018F09049DADAA51F72D05029
SHA-256:	96919644D4223C6C0D5C017A63F5EB1ECD2B64B4671F5178E94CAD688D755CF5
SHA-512:	F1C64CD21795EB229ECA37106AEBCCAB5AC79B12DA31579EB3590BF7BBF6357562D006ACAE6A87ADCA2EEF20332359DE26C5A07E155CF0A54B460B247B7209A4
Malicious:	false
Reputation:	low
Preview:	2020/11/29-14:42:07.464 15bc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2020/11/29-14:42:07.465 15bc Recovering log #3.2020/11/29-14:42:07.466 15bc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0464521381b40578_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.671491226504752
Encrypted:	false
SSDEEP:	12:qDQLf+5KWFhhoH3F16XvTy8KDIA/1NCt7:qj5FhYcXLwF/1I7
MD5:	A29930FE4CC762DB86CAE92A149C8AD5
SHA1:	59BF2A6D5E52BCD9EB2D023D65B745C7E7748737
SHA-256:	49D7815358CD0A7BD5D0E03A54D8D0E171769E49625CD6F15F434EBCDE7ABFEA
SHA-512:	5C028D7AA945EEA61176AE424F3B8A342D22C2BB2C59604F9196E9B23C39D161265CCCCE06509F742C623F6197F591C3C7A4620AE1DE084344F31EC293D5025F
Malicious:	false
Reputation:	low
Preview:	0\r..m...........#.K...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-6ade99/ff-dc7b13/2b-b6ab60/8a-91655a/28-8f59e1/71-4da314/58-f3fc85/c4-301a8f/e6-9d6ac7/1a-3fe6fe/cd-8ce651/f5-7e27a5?ver=2.0 .https://microsoft.com/.y.../..............5......T./K#.8...,L..../....T...Lq._v/m.A..Eo......:Z...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\049e61f56bdec1ac_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.647117605148678
Encrypted:	false
SSDEEP:	6:mIjYcv0KgJpmpC+SLhiCsa1DcRlgW6SYLxzbK6t:1SfYpvIhiADqsSkN
MD5:	1C1AE02EE4F809B3749A2C8BFB05A9D0
SHA1:	007F739FD31915D15EE8F6D9A74CCD377B4544C2
SHA-256:	E09AA858AC32D2F01960FD3A2C0496A671CC1DAAB106001FD46D136118F95DA6
SHA-512:	E05693371E8343B247E7BE43C914C3DAA336FE27CCB3AE6717DB703B1938D3149A4DB9A0D5B4553D1EDF96B679B02D4F2257151C53867155559B729E489D84FD
Malicious:	false
Reputation:	low
Preview:	0\r..m.............d...._keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC5548547466864ee2ab73cca512147d77-source.min.js .https://microsoft.com/9=..../.............G.......3..L...${.R........X~Rk*..!..g.A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04b9cf4c7c39886f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.743924542163813
Encrypted:	false
SSDEEP:	6:mQdnYcBD631XAQi8RuadTxUydwPzXcY3QDnlgxpIFv4rfSaK6t:9VDu1XAnAuadTxUOsLhQDlaIFvCSs
MD5:	2152829B4353A24B321810D5B19E0EB0
SHA1:	99CD5897C9A61E25600377F38075274D082EEEBC
SHA-256:	5CB54714D35D1C8C24B2608126A2341649536B3DB09BE63D6E03DD54CD6DA6FF
SHA-512:	3FA1C89B4AFF33123B85D1054EBF631A64ADDAEE2362E532780B98CF855D231D603A54A970DE80B1C883B204E60BCD60D58F96AA11C0A0F5B03D2C35552E1B6A
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://account.microsoft.com/dist/oneui.razor/public/scripts/amx.min.js?v=B51B71CD1157AD7895177C07B006CB93F95CE755838286D2A7F725330B3E2467 .https://microsoft.com/.K[.../....................p.54t..........I...M.9.- ....Tt.A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\094e2d6bf2abec98_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	351
Entropy (8bit):	5.956630782227429
Encrypted:	false
SSDEEP:	6:m3VYyK08fNH1D6ZalgOfyL6DK6thhmhqOl3dqTgVEStTqfyL6L:aKjfNH1D6ZuffycFmhFlNqTgIK
MD5:	8A552E4C3900427AB87170C9E9447F23
SHA1:	4C11C2F4F7475AADBEA09B3D940F1DC6E7A42360
SHA-256:	50AE984029F4C9B17E4F12239989BAD0D06320874D59161400849F1B2D1D5321
SHA-512:	A39E0FF82E0C6D5BAABBF5F092FD2341E417E1EB72BBF923F85838F8288C78F5A02C810FDE4120E5A971F200F921CC35682A77E8AA8C8DE17513942EBD8B481C
Malicious:	false
Reputation:	low
Preview:	0\r..m......W..........._keyhttps://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js .https://microsoft.com/..O.../.............5..........=.z-.7.K]..~..=..9......8...A..Eo......?.WW.........A..Eo....................O.../.`...E7CC36CE1DAB9F35E7F5AD7BF4D432557E9008C6DE5BCAE09C1520FAE6D63CD3...=.z-.7.K]..~..=..9......8...A..Eo.........PL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09e38a19b46d6eb3_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.705956912302803
Encrypted:	false
SSDEEP:	6:mIkYcv0KgJpmpC9DJpa1D/+9lggqaI41dRYflK6t:17fYp2UDmH3XRi/
MD5:	51E8DC96F51C535C2E8A5748B42B743B
SHA1:	80861ACB93193960B15FC93B46646278F63E778A
SHA-256:	F63BF81C0220D343ACF60564ECDC4D5EBAA8B48ABD1EB7881024E017DA60373B
SHA-512:	5EEDFB8780C2557BCE869D7F4B754AC78E1BBA5524FDA44A747D644CA08F4D87E68B92213C5B068C7B1ACFA520D4950861E66158009DB789D61B665B63FD7F6F
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC8f2e96b0f42b4791b6a87bd6474f9dc7-source.min.js .https://microsoft.com/.(..../.............G......h.Fq4...%^l.....7..sjJ.$.x....A..Eo........j.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\106511ff7d335ae7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	265
Entropy (8bit):	5.503825797598488
Encrypted:	false
SSDEEP:	6:m3nltXYcvrX7pqL2VRqTlZND0alghbp2I4N/ZK6t:u1H7qTdD0ukcIO
MD5:	191F3C8BBFCF877F30C2C61A196A2456
SHA1:	F1EB03CF6F2C82D7EA1057BFFCA57762E7F67CD3
SHA-256:	8B0D0F29B8096BD0BA54841696BF0B4A375558D37160A56556591DB0F2577F8C
SHA-512:	E7551E295B83E68A064C79BD3711EF0166CD9E623CECE79C92314B535EAD736BE0619722D524AF7D34913E15C37559B34903FA86C9D2E543C1E72B55869103C4
Malicious:	false
Reputation:	low
Preview:	0\r..m..........Ed}....._keyhttps://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-video-player-main.var.min.js .https://microsoft.com/{...../.............U.......Q....h.x...U...c..^..."....I...A..Eo....... ...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\112ffe0d2f355de3_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	236
Entropy (8bit):	5.606356423314167
Encrypted:	false
SSDEEP:	6:mnVYcv0KgRMQpi3yDqKXlgOtXZEArr3bK6t:HwQM3yDqQbpEI3N
MD5:	15432B6471A657A58E6DDE8B22A6DC05
SHA1:	A7094A3A9CB0F6DD9B4960F8B9C3E886B48738CF
SHA-256:	7A5CC0E3F6721F583AEE691CCE4D9CC96870202DC299BDD669121D1F9FB64EAA
SHA-512:	57F085175A94704BC7C7A5E9178D7458ACBFC0109AFC58F0447CD63348EC7E5619CDF9C5951A37E04E672E38627CA34E4A8FA30BAEC0B0839101DA9DD4DD4343
Malicious:	false
Reputation:	low
Preview:	0\r..m......h..........._keyhttps://assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.min.js .https://microsoft.com/....../.............mV.......p.. ...6u..\iuhX.!...l<9C..RU..A..Eo......{&m..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\11a58c3d643cb456_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	588
Entropy (8bit):	5.518978538711346
Encrypted:	false
SSDEEP:	12:ZQ0DQLf+5KWFhhz59K7uCOXXc8HNC1Ngw9jMuwLmzlKDuHDKxPXOGHX:ZQ0j5Fh31COXXc8tCrMu0mzQGKZHX
MD5:	341D096C923600C3D559B553FF1D32BB
SHA1:	E0330354677A74639D8679442185F66BC0DCC867
SHA-256:	3E77A279453A45E3EA9197EE5AA5D1CFC7DA529F55E60475116D42849397DD16
SHA-512:	705C57FC193E4289EA8FDF1A3729A53FCFE99EB1E1F0E04FDEBAE3841A7A3A7C15B589F3450AD6296555BB429A5205979B15E805ED705F6D0630499BD5A1E866
Malicious:	false
Reputation:	low
Preview:	0\r..m.............'...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/c9-7b8600/2f-63ce8f/45-f9a0d4/aa-dc1460/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/91-97a04f/1f-100dea/33-abe4df/50-f1e180/e3-082b89?ver=2.0 .https://microsoft.com/:.x.../..............5......m.B.;M...l..O...q...tE).<..9.S.A..Eo........g.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\156e023462d48427_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.686465779261048
Encrypted:	false
SSDEEP:	6:m08PYcBB8LjFke/BDWDQIC8mKVmLPVEBsJMpkf5VNvcUllgJ8TACPony/ZK6t:J8qnN/hWDxC8mTVpVNvp/g8TOCT
MD5:	3D3FC2F641A01B88E8A0920A043EEA3A
SHA1:	503209A9FA4834118F5124DD1A8D4F1D17CD5625
SHA-256:	0768866E7359EA767034A784EB06F4B7DB6E5F00B199C71FEF27CF0EBD7CE7C8
SHA-512:	A54D2F7D7C05C2A252998081DFA4F680F76E221EDFEBE88FB46DEB08745D56FA06F569CD2E34D89C015AE8C45A720D40B09F7FC1C3271B3FC12E3E0136E7D41D
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/engagements/1644414430/revision/15598?v=3.0&cb=lp1644414430&flavor=dependency .https://liveperson.net/....../.....................q..~{.F...].........3.x...!.T...A..Eo.......I...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\166ee82c52b87e97_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.897048428823482
Encrypted:	false
SSDEEP:	6:mY6EYmcRR3/wZdDElg65i96Vr5ADK6thfrRUIhpbdF96Vrh:RLcj4ZdDMRE9CsffrTr9
MD5:	1F5EB899C142907F881809A662796E23
SHA1:	0A7C8D98D73D52895F273C6561CA8F3CEFD20770
SHA-256:	9CAD472B3AD5900599413EB6C1DF51C6B9C522D720393D4EA6122C7CE1D12632
SHA-512:	6600620BDD500D81357F9BC9EC6AC77D378F760D0B8ED81462AA924D8F8A558529BFFC8628EBDF62904A82DDCBAF5B48DE1117206E5A5706631DB8E39E4575A9
Malicious:	false
Reputation:	low
Preview:	0\r..m......X...\n......_keyhttps://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js .https://microsoft.com/..`.../.............,...........(..A=Z....F...1/.k....s6...A..Eo.......m...........A..Eo....................`.../..v..0D061364705A80765D45C303F0549151B6ACFEE08D1A7E19B827BC1A344763EC.....(..A=Z....F...1/.k....s6...A..Eo......>S..L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\16d2f3faad7856af_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	59890
Entropy (8bit):	5.296455837252756
Encrypted:	false
SSDEEP:	1536:WOLKooIheFoceBkUq6L0z4KjPJXzzZImtNAzLwRwJpkP5xYi1rMQtcDtdsYqO9r4:FG
MD5:	8CA30560A71F6A866FDA78A77D9A6B43
SHA1:	2E56883E252F3E669E81088DA12D1ADB1992D574
SHA-256:	3CAFCABD2838231CC6F0A7E6CCBE8014367D767E6ACC82298C3AFB2FD67DC685
SHA-512:	5009C1885557C30A04B3FCC33C157B6D75F8DA3BF095741495C4AF8D70F7647E94E24A1FC0B4A59DBECE08A1DD984BA22F44AE305F0080ABDC1119543F7D1087
Malicious:	false
Reputation:	low
Preview:	0\r..m......b....!H....._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20300.4/en-US/meCore.min.js .https://microsoft.com/I.e.../.............C........\......,V..K.#.O.....U..hW4.\|.A..Eo.......@bJ.........A..Eo................................'......O....`..._2......................l........................(S.H..`L.....L`......Q.`r%......MeControlDefine...Qc..w.....meCore.......`......M`......Qc........exports..$QgV.......@mecontrol/web-inline.... QfF.K.....@mecontrol/web-boot..(S.....Ia[...~.........A.........~....@......@......@......@......@......@......@......@......@......@......@......@......@......@......@...+..@.+.,..@.,.-..@.-./..@././..@./.3..@.3.?..@.?.A..@.A.B..@.B.D..@.D.D..@.D.D..@.D.F..@.F.J..@.J.J..@.K.Z..@.Z.]..@.].]..@.^.d..@.d.f..@.g.i..@.i.j..@.j.j..@.k.l..@.m.o..@.p.q..@.q.x..@.x.{..@.{.}..@.}....@.......@........@........@.......@.......@........@......@......@........@......@......@.......@........@.......@........@........@........@........@....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\185fb8be4e716935_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.811605105723281
Encrypted:	false
SSDEEP:	6:mODXY4BLIMZDPumaU20juKcDublllgxGn+HITygK4iIlthK6t:7J9TDP923/Dubl/OG7+ir
MD5:	60E3058223EDB7E7BF448E485DCD3EB8
SHA1:	980831E3471DF681FBE742BE5A91CBB79F74CC6D
SHA-256:	2E4460B4458BD5B9D62CD2B34CF18CF8660E98236327C0B141A373297455846D
SHA-512:	0BE3BE907FB8897E433C08F1C6F6F69054AD0B0B4EC2A57C81BA0D50ACFC3B3DDFDDDDD7872590F587B9776A50BC95E947CA4D78599BA4B6FA48789F8CBCF3AA
Malicious:	false
Reputation:	low
Preview:	0\r..m......}...F......._keyhttps://support.microsoft.com/socbundles/floodgate?v=N7a-gpEJQkN6bthY4nvjISnR62g8lnmiDB2WXm1P3aI1 .https://microsoft.com/....../......................c.-..........%.#.i..I~-.\l...A..Eo.......R1..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1901d97a494284b6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.670002308007007
Encrypted:	false
SSDEEP:	6:mIyXYcv0KgJpX4GE1oHWTMaBcaTm8a1Du8lllgnyIhD2nKRK6t:1yOfCGQoHWwaBcaTYDu8l/qysiKr
MD5:	7C5BCCD77422BB6D2A62131C3026912F
SHA1:	B7F08206A3FF8FD788C731FC1EE06B9F8BF88331
SHA-256:	8B34166A5860EFE74AE68D61D37E5B074BB44556E314B69246373A93DD96F4EE
SHA-512:	3F75903D7796C0C0E50B08123A2BFE9CB584E0CFE9369963FB8263E4C014D23AFA339F280B83D3722278529C46623090BBB6697E5FFF8B5EE5D26D0BAE1FEBAF
Malicious:	false
Reputation:	low
Preview:	0\r..m..........f.;;...._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC15f3408d92fc4519a3a4fbb6f85a3d5e-source.min.js .https://microsoft.com/....../..............X......YW...$iO.T...Y\|.L..2.QV..[.^...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a82e691e1d458ec_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.488527994812308
Encrypted:	false
SSDEEP:	6:mz9YL8iCM8mLD2DOlgjw2pRr9hnbpK6t:H/CTmLD2DK92pp9hbj
MD5:	58A07DA2BDDB4C902D1C10C97611D1D1
SHA1:	BC6861A701E778A18FE190B92A617742F0F5FC37
SHA-256:	787B5F05C6E959B94E8167F58E72C4782C73B50A6C35727858F4E3DBE18C9410
SHA-512:	F78EA883A33081649493D9137BDCD6984ED99D4AE082494751489D78316E46C19E523E96891A593A2EF14B5A588FF2E54554FB8D40C02B825C2A2605461B718C
Malicious:	false
Reputation:	low
Preview:	0\r..m......[......\|...._keyhttps://mem.gfx.ms/meversion?partner=surface&market=en-us&uhf=1 .https://microsoft.com/....../.............S........H..m.....o.....u.+....8.g...A..Eo........H..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\226692e5ab9c95ba_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.575610503401262
Encrypted:	false
SSDEEP:	6:mkkYL8gT2l8mLD2D99llgJ5Xo/KqOJgK4RubK6t:B53mLD2D99/My/K1uK
MD5:	A4CD5FDDB8574D07D8CAFFA63BB41673
SHA1:	D556979B366F5EC364890BA5BE37D9DB85F9C0F9
SHA-256:	64FA18FCD7913496C0DC7872032165BBB433CD5704E857DD3CAFFD61C327E775
SHA-512:	775AF0CC4F1B2E5B5B95FEF42D7AE28950D87F196AAD9694C117B266264667E12F77C239282BFEBCA5393D19DF548D941BB6249EE4262722933E9860AD7F619A
Malicious:	false
Reputation:	low
Preview:	0\r..m......`..........._keyhttps://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1 .https://microsoft.com/bwc.../.............,q......c.~zW..Y..>.....uu4G.3.+.\k\...A..Eo.........R.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\22fb0e1969c285c1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.385257153373553
Encrypted:	false
SSDEEP:	6:mCVCVYv0iffhQ3fvg5llllghEx/pK4XPK6t:VVuAavg5ll/wO
MD5:	99B55940AED8C1E4F8150767DA72B541
SHA1:	7F41D21E9FE860434DD5469F92C1A8E0ED5A3B8B
SHA-256:	6735A6721153757328810A82D94029A2662AC93288B1293275DEC44D90D9F3BB
SHA-512:	F8BB3C984FDE312F79B0D0D9D1AC7A19A40D2ED1E3A8AFA2D6BE9EED15EC114934EC6154042B3EFD66014BD1A256BBDD76EDB7C365BBDC60DF6FC7404DBB84FB
Malicious:	false
Reputation:	low
Preview:	0\r..m......R....p.3...._keyhttps://lptag.liveperson.net/tag/tag.js?site=60270350 .https://liveperson.net/W..../.............tz.........5+.o....D.o.p..3lm...\....x.A..Eo......[s...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\300bb9fb98ab63f0_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.526407763036858
Encrypted:	false
SSDEEP:	6:mNtlXYL8woG/8mLD2DE+FlgOE+8pC6AEnK6t:0XizUmLD2D9ryCk
MD5:	53FE58F5025EA030C734943D01662620
SHA1:	CD98F4A5F0303E2DAC1D9D19A4DBEC2A07D4E23A
SHA-256:	791F3CE1EB77A7E6DE7D9C9DCE2ACCF49AE8476375DFC7601366BF9F1132401A
SHA-512:	29991762A04C74AAA366ABE25FC7AAD9C8E38B79B4667133795095081A84CB96253849103A7F50B1933419A4CA0C2A081BD1AB4888B084B8F3118F50C81C8258
Malicious:	false
Reputation:	low
Preview:	0\r..m......W....&......_keyhttps://mem.gfx.ms/meversion?partner=amc&market=en-us&uhf=1 .https://microsoft.com/.._.../.....................y@.+.....KC+.wjL..l...Z.yD..LO..A..Eo........U..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\309184ad59030aa2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.546075832430373
Encrypted:	false
SSDEEP:	6:mORUYbLjFCsWLqLUqxYy6cUqmvg9llgMldrLStlhK6t:Zbn3WOAvQ/tGl7
MD5:	B61581603447F546704E877F64F0F319
SHA1:	2E22746B2D82B180ED3943BB66B60CD06995DCF5
SHA-256:	75C576809B6176CCC45C6A4DCC8A7CDE38FC9F042E88540E075775C84D99CF61
SHA-512:	C99E21D9E1F9F2F33CEFC4E8EBFAC1B1F267AAC395AE645203DE7BEFA32E2A35934FAB372D57F874E210D80DD350DC56952A1370D7AC415279747D6F211033AF
Malicious:	false
Reputation:	low
Preview:	0\r..m......}.....4....._keyhttps://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028 .https://liveperson.net/....../....................E.J2'.+...... %..(......h6G.qx..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\359022573035c25f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.367133343489782
Encrypted:	false
SSDEEP:	12:3yLDFbKr08xEjsKlITP2RTzgoz3PZ1rKDr4eA0eT:Ghs0yMstb2RTb3PZ1rKleT
MD5:	212EEBCC1AF93A7693A53130992DD1B9
SHA1:	2EC4EC4A523355390AD93D199F95A6721D83B438
SHA-256:	E75145AF8F0F1878A6657627660A0101A0CAAE0A74D2859EC1B8D5BE79937174
SHA-512:	E4E33C38AA869C2201B23061A457FE2007B48B9D933F8B2DC22916F1B7FCC950AE3A22EB0F7300D67F23DA7E71DF0FDE23D3ACEFDDEF787782FD0259882F7B2F
Malicious:	false
Reputation:	low
Preview:	0\r..m......x......G...._keyhttps://www.microsoft.com/mwf/js/MWF_20201028_28422223/actiontoggle/alert/ambientvideo/areaheading/autosuggest/button/contentplacement/contentplacementitem/dialog/divider/drawer/glyph/heading/hero/heroitem/hyperlinkgroup/image/imageintro/list/mosaicplacement/multislidecarousel/pagebehaviors/productplacement/rating/skiptomain/social?apiVersion=1.0 .https://microsoft.com/X.y.../..............5........Te..t....d9.....@...F.....$.+.A..Eo.......-...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\35eb01beb1fe591d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	394
Entropy (8bit):	5.987016878513956
Encrypted:	false
SSDEEP:	6:mMLYcvrX7pqL2VRqPSDC9lgXxHEndGkYH9K6tAXHJVJBljKF0TQ3qEndGkYl/:1H7qKDSUkEXGRBljg0M3R
MD5:	2B971C26862FF3774ABBE277C98F5693
SHA1:	1D1473F2C73479D1C20D7C2092176877CC89BC62
SHA-256:	C07168D3AE52749AF1B378EEEBB18BC52B9530BDA5CC7E92B4121CEE127468EB
SHA-512:	ACC9F25FC6A85146D78FF51AA3951D60A354D5337B2844AE60F40F06394056E51A65EB74D59B8683DD3E5690B8EC964902541591E067716EA1467CA9C0E89BC7
Malicious:	false
Reputation:	low
Preview:	0\r..m..........i..0...._keyhttps://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-auto-init-main.var.min.js .https://microsoft.com/.X..../..............D......7n..P.;...k..C.{.G.q..V. .....A..Eo......j...........A..Eo...................X..../.....6379C02E323EDDFED89B8419F3AF4C64F7E82A7E54B62C00AFC44C567F4DF93C7n..P.;...k..C.{.G.q..V. .....A..Eo.......II.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\38b572a46376d5b4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	262
Entropy (8bit):	5.523018607978529
Encrypted:	false
SSDEEP:	3:m+l5UgOA8RzYcv+EXY38RpEdCpLHgUXMVRqEEDuSLn+LIM2FvDFYtRDnq/l/lHC7:meYYcvrX7pVcVRqPSDmlgevlLnyK6t
MD5:	5C1D30DFC11B340FD76B1BA7794437B7
SHA1:	18C0B76B6A88002C6ABDDF0321E51652AA9A2451
SHA-256:	47B851C79220E4D465201DAC41DB1616F6D512E5517DE3E76561F53F2AC92CB7
SHA-512:	845F15DE3C614EEB63CD40122F330223FAA15D20F2C6A3575777CB5730DBDE15C775D3AB6ACC93A3E3A98E22D818D6608B1D8FE0C99A6640D5CC209CBAE6EDBA
Malicious:	false
Reputation:	low
Preview:	0\r..m...........}Y....._keyhttps://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.22.1/scripts/mwf-auto-init-main.var.min.js .https://microsoft.com/...../..............D...........Gj......7m`......c....y...A..Eo......;............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b5ddd299823dee6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.609869624684573
Encrypted:	false
SSDEEP:	6:mKDEYcBB8LjFke/BDWDQICW0ZSVCmeve9llg1+rYj7D+45PnK6t:njnN/hWDxCxqCzve9/w+r++oR
MD5:	9966157A36F509F4949BBA2FCA272FCF
SHA1:	464968AEDD064063158B0A6810343BA6C53DA243
SHA-256:	F52D08A208413EABCEAD683E36DC7E378FB5AA10628AD8EB0CD7337F6332FCBD
SHA-512:	0F83F2506AF55BCCABC0B7BB88C83A165CB26CC7F8D192BD6DDCF9D72A6FE98FDBAA9E786B0B8029BAB60779465C2D0759F38EDC181244C67174A1471E4BDF2E
Malicious:	false
Reputation:	low
Preview:	0\r..m..........mB......_keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb20870x54198 .https://liveperson.net/O...../...................nc.=V.u......6..$....#.. ...[=.A..Eo.......O.U.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b99dc3d3bc104fb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	238
Entropy (8bit):	5.452552694594053
Encrypted:	false
SSDEEP:	6:moinYkhcV5IT6Rsbm59LPWNvsllgUl6bjPn+K6t:EEpRs0uNvs/Pyjo
MD5:	9406DA9240350C421104E34441FED4CD
SHA1:	FDBD5CDA12463927BD850D791F172ABDDEDAA458
SHA-256:	A273154C06F8225B35E99FF9AC80B1CA6A1614A2EE11E045F286F48FF5856FEA
SHA-512:	BC5AC25851F90898BAC4C9BD06F16589D0D5D08F69425D843F9DCBC29508D6EBABE9EA5807EC8C7080B365728BF37141D3770A04ADB52C959B7E0CD79BDAFE66
Malicious:	false
Reputation:	low
Preview:	0\r..m......j...~.F....._keyhttps://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js .https://liveperson.net/.Z..../..............~.......j\.!.&.....I....B..m..(..w.G!..A..Eo.......y.h.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c4d40e130a6a467_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	236
Entropy (8bit):	5.652705749298088
Encrypted:	false
SSDEEP:	6:m/oPYcv0KgRT7DIyIQdDeX9lgna9XhDzTPYFK6t:0vgyZdDeXHdVzTA
MD5:	1910FF5CB0217E30266683ABBAFAFFBC
SHA1:	A4B3BF0111612888F61FC784BF625F84532EE5A2
SHA-256:	18B0F997EE838D946A78B459D2B514152C315378DB2EFAB97AF449B6E0D9655D
SHA-512:	F35DEC888FD5C5A142A695E78ADE238053C329A29B87E931216BA2E7FFC483070D3FD3C97E006C5C620178C84D5552C60429C6F189359A07021FE635DF7A9317
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.........._keyhttps://assets.adobedtm.com/launch-ENbb9d0de7cc374dc99259df2c4b823cef.min.js .https://microsoft.com/.E..../.............F......$c...`..D.....gtB....@..C...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\411135a47a8afbd4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	17753
Entropy (8bit):	5.643260867875608
Encrypted:	false
SSDEEP:	384:D5cawKqifKnPwDCPk2rKBTPeSf56loyJLEHDc3IWBg:9n8PiCPk2rKRPeS0loy9/hg
MD5:	5C98F7AE8DC6E73E5139ED312FCADC0C
SHA1:	B2B6DA31FF41BD692778917B1E1E4F76674A4435
SHA-256:	6840BEFCD4250527FC48D834256EF2F086053036CC63BFDF328F52F012ED80E2
SHA-512:	6C3350F95865BDF68DF5EC08A6DDC9A6C154CCDBD75869EDE5DC04A090319800C607C1813D469B1666DF8F30ADE573F0C16637A5FD6F7016208F4D76CBBAEACE
Malicious:	false
Reputation:	low
Preview:	0\r..m......i....J6S...._keyhttps://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.js .https://live.com/..j.../.............Q........3.<.%....^....&.&>..`..T!..I...A..Eo........Z..........A..Eo................................'..C....O.....C...........................................................(S.....`.......L`......L`F....(S.<.`2.....L`....I..K`....Di..............%.......g.....g......g.....(Rc..................Qb........_iY.`....Da....h.......b.........B...@.-....`P.q.....R...https://logincdn.msauth.net/16.000/content/js/MeControl_zXOsandYqRnW6Qh35WUOMw2.js..a........D`....D`....D`.....)....`....&...&..A,&.(S.....Ia@...X.....Qb..+F...._Du.E..A/d....................&.(S...Iad.........Qb...@...._Bd.E.d....................&.(S...Ia..........QbF......._BD.E.d....................&.(S...Ia..........Qb..M....._E..E.d....................&.(S...Ia..........Qbf.?....._BE.E.d....................&...(S...Ia!...9.....Qdfz.....strOrDefaultE.d....................&.(S

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\431ab35fa84a13dd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.537497314307371
Encrypted:	false
SSDEEP:	12:H/pDQLf+5KWFhhBoKRtCOXXc8HNC1Ngw9jMuwLmzlKDE+0Vn:fpj5FhHhtCOXXc8tCrMu0mzQC
MD5:	2C7A2EC7826BFA933527F684FD3CFF3A
SHA1:	A6F48B28B2407396528F8C86600EC274646A28C9
SHA-256:	C499E63E86CF90BFC52CE0D95B5821DEFC41ECF589A2650A7A1F4E40F9B855FB
SHA-512:	5019DB28107BDA87E630B105E92366F027BED29E0EC997B72542B638641E1453E6CF063EA614220F9928A70C52558290DC4818E918FB814D17B05981C8CC5C4B
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/2f-63ce8f/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/91-97a04f/1f-100dea/33-abe4df/50-f1e180/e3-082b89?ver=2.0 .https://microsoft.com/.dR.../.....................!.K.R..{S^...5._b.nY\|o........A..Eo.......z...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\462d64d34aad30da_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.576244370999133
Encrypted:	false
SSDEEP:	6:mUv/gEYL8uCKxwVOW8mLD2DLlgUn/lkPfAtm4rxlbK6t:/vI7rbwVcmLD2DRfn/YfAVN
MD5:	CF9FF14CA264E36A4EF1979EC8B3B279
SHA1:	F525D682A7C36052D0688701FAE0940FB2D78EB9
SHA-256:	C505E84F4C5EBE332BEAC18EE41CC0279A0032DCE00FF03CFEBB9EDEE4CF6FA0
SHA-512:	A62017EFC6D0E894F0274DAB14394D06814846B1145B1AC77F62BCB1BFE8DB5A56544A7D61A0DBC50A3792126449EAE062F1DBFC29F3C3E10194CA57755E4B4C
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.........._keyhttps://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1 .https://microsoft.com/x..../.............36.........y.o.W.*.5...=.......+..v.....A..Eo.......w..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\46c1f20282dfa665_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.71787698212862
Encrypted:	false
SSDEEP:	6:mIcYcv0KgJpX4GE1oHWRiZTZsa1DZllgBHuNTB/GhZ4K6t:1jfCGQoHWRiXnDZ/sONea
MD5:	A452E4F5593929C766D2DB205E72C84A
SHA1:	CDCFBF6AF44616B8E073D7E02746387A53D323AB
SHA-256:	0759A21E23902242256C696935EADA5A5DD3EB97A0FE1A99CA31E7B1F6E95947
SHA-512:	DCCF2CD41CE4CBB86273C015B673A9117FB0D75F9FCAB37674DD05D0893BBE7A3401F85A22CA2260A9DCF105017CE5AA0D3B0FBAF571831000EA16AC67FC7342
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC3743cb8b1ea14f88b7f7258ff32b6dca-source.min.js .https://microsoft.com/....../..............X.......D....Vu.Bp.+...$R..MP...R[.^..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ac2f448771ab57b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.526466068601198
Encrypted:	false
SSDEEP:	6:mCVYL8uCKxwVOdD2Dcvlg225df/CxJWom4I5XhK6t:irbwVgD2D43ofyWHrX7
MD5:	B60F2C2E301280CB10286BD1B2A044DF
SHA1:	90FCDCF99716E1EB0AD0F63494509B94FC0A066B
SHA-256:	018C4A67B4724D811D74F366140E3376AED5EE00165EE4A49BD12EF7AB1DFEEC
SHA-512:	C21872527BD4B7415714880EF9855CA5D42E5FCBED2549C2B1D9BE6EF1A77AA9116677F69C83E2408BB45D3B2A84910CA16160EA35F947BA8D60B053D344C1CC
Malicious:	false
Reputation:	low
Preview:	0\r..m......b....f.;...._keyhttps://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1 .https://microsoft.com/9\U.../.............G.........d..,...........cP..Tl.*...A..Eo.........e.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c00151b4faedffd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.87088919188266
Encrypted:	false
SSDEEP:	6:mOj5YcBD+IwGEjQ2HkjSDCSgDQ//lg12MSN/Vpdk4rhK6t:rZD+IwGYqSDwD+s2MSNdpdko7
MD5:	650022F9F3B209DA5D88C63AC8AB5CBE
SHA1:	EBF9B2395F68CF7D9FE84BCBE850141FE23EEEE9
SHA-256:	D8B351B9C7290F440EBA12E27541A7EF444F9E2BE8FF0EB5159FDD6B2B448F1F
SHA-512:	54F24A79BD56BFDCCB607858F6B26DDB3395425E20A686F3B1AED38EF06E6ABEC0A6A7D2747DF1A79B438A318D214D200390BCA021FFC2C9BD03738D3A9555BA
Malicious:	false
Reputation:	low
Preview:	0\r..m......}....v.8...._keyhttps://account.microsoft.com/bundles/scripts/webi?v=fZv-tdFuVx3i-eDH9P6ZXQFi23-PA4jNrt3gQKAeIhg1 .https://microsoft.com/".T.../......................[.e....Y}=.>7...o.;..+........A..Eo......?K..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4e602b2b62deec45_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.681056265695628
Encrypted:	false
SSDEEP:	6:mIxYcv0KgJpmpCvYnjlwHa1D4tc2+9lg8+zEAPflxXithK6t:1sfYpGkjWSD4tHuz+Am/Xi1
MD5:	36671D930A0B14A784D0C5B4E7E104CB
SHA1:	E346CF7AA740B8AB7CC102AD36B89CB48739F383
SHA-256:	2F8145926BBB63859CC6F67AC53DB2EED6BF558EB62227E115E7263B00550CDD
SHA-512:	6C82D1674729EF971788F46E010D50D4E063A6C5597DE5446C521D11416EB0F7BCA3B6B3C260E303F3375A4D0F764317696ACFC14CE16F3C1FADC2FB3ABADA8A
Malicious:	false
Reputation:	low
Preview:	0\r..m..........._k....._keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC9f9b3c9f668a4b9dbf5ccda86744fe39-source.min.js .https://microsoft.com/....../..............G......\.~QC........1..;.3S.....&.8f.A..Eo.......K...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ec07a418dc5ef6f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	259
Entropy (8bit):	5.806730356229561
Encrypted:	false
SSDEEP:	6:mwkY4BLIMZDP4C45D+pt0fi2Du+llgs0trhWG/YlhK6t:a9TDPd6OL2Du+/jshWGA7
MD5:	43607C801B763C9E299A47473713FE2D
SHA1:	B9453E866E93A253D3C77E56631893BC40997AE2
SHA-256:	20506EBCD377C88D0B6FE6E33BBC53D98FF37F34C0C2680318223FD9DA49A332
SHA-512:	65B37BBC20EAF15DE3938168F85577BF26ED6913D216DD061135003AFA96DE91CB79962A736BF1A302F2552F14019B94D10B3DA842A13A3B8DFF2D5AEFC2A10F
Malicious:	false
Reputation:	low
Preview:	0\r..m..........r.r....._keyhttps://support.microsoft.com/socbundles/autoSuggest?v=b2ShfitFfjDH1KZ4N9Kp7V_6MkFoFsk79Dh7joMxS1c1 .https://microsoft.com/....../....................5d...-..\|..".>.K;"......slU..(..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50030ae951750ff1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.602846612452877
Encrypted:	false
SSDEEP:	6:mOWVYbLjFCsWLqLUqxzZUqmv0Ms+llgPxbc25fhm4pZK6t:e0n3WOGv0I/YI2VkST
MD5:	A68FD6EA10807C0CB4C756F94A165F33
SHA1:	B3E34F48DE24010DB20CE0D48F5E689A7908FC2C
SHA-256:	18C7E05A3DD6355D6A8E00C350538AB923F050A208A10A553E6FC46C4A240BB5
SHA-512:	1B686D6D09F8AB1A8F3335A494D0F7352EAE59DE6B78E4205C41CE9D7959A0D2E3F3CCD57DC9EA498F15D5436B6FB495032508D7D920A0F9F3893567D9DBFF31
Malicious:	false
Reputation:	low
Preview:	0\r..m......}....~......_keyhttps://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028 .https://liveperson.net/iP..../....................\P..yV..L....8I.0%.U.1..T.....y.A..Eo.......O.8.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5193d3a772576834_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.680551137624758
Encrypted:	false
SSDEEP:	6:mIUYcv0KgJpX4GE1oHWG9LT16Ha1DcflllgVplSV9G4K4VChK6t:1LfCGQoHWwNzDol/QplR45C7
MD5:	4984E361E744293F3ECB81CDA5310BA0
SHA1:	6E6F24DA131AB2F26BBFCD1743958827ADD60397
SHA-256:	8C8A3211A525EBD3175689BC517E3F7F81CDA5DCB5CD36F01528756ADC7D5283
SHA-512:	7FF4F8037EA97F8C2187CA5C2E9CE3FAECC725636167D3664834C5B47BC770E17CFDABE0AA711BF24FC168CFE4B8B9E7FC1E768D96676F57ED83C0F8D32B0962
Malicious:	false
Reputation:	low
Preview:	0\r..m...........W.[...._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC278c787435b94d148603e89a80d2b336-source.min.js .https://microsoft.com/.J..../.............W.........?NO75..<.Z.]p}!...].O.7.....A..Eo.........9.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5334000c05ed2b53_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	104456
Entropy (8bit):	5.793544341376319
Encrypted:	false
SSDEEP:	1536:0sh1UBpoMBnlwJYg4X5sJxP0XpvZ5YgonaPROoAnGeMOSj+qkqA:dWkJb4OJxPeugDPRDgGBLj+DN
MD5:	C4A65AADF94C97F301FA8C3C78C71989
SHA1:	A9FD205D5BF09072F27915BB39DB83E09D41C059
SHA-256:	FCBACF06EE08F760BD67B258A5F3957A21C09200275A03EA9022B6E448C69C96
SHA-512:	AE23051FEFC8FDE11EA0944B5298A619AB6DB7B217BB3E94955D8FBE16AB37BA670A86C6E71DEE46A9361520661AFEAB198E1B40A78842C10AD0B2049572EA57
Malicious:	false
Reputation:	low
Preview:	0\r..m......@..........E7CC36CE1DAB9F35E7F5AD7BF4D432557E9008C6DE5BCAE09C1520FAE6D63CD3..............'..v....O#.......f.W.............d....&......................`............................................................................................................(S.H..`L.....L`.....(S.p.`......L`.....0Rc...................O.`....I`....Da....N.....Q.@........module....Qc.1[;....exports...Qcr85.....document.(S........5.a...............a..............a...............a............a...........Pc.........exportsa....!...I.....@.-....HP.......;...https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js.a........D`....D`....D`.....]....`....&...&..!.&....&.(S....&..`8M.......L`@........Rc............8......M...QbN.a7....c.....Qb........d.....QbbY[.....e.....Qb:.F.....f..........Qb>.FB....h......S...Qb.4......j.....QbB..}....k.....Qb.......m.....Qb.AK.....n.....Qb:.R.....o.....Qb.e.k....p.....Qb..74....q.....Qbf.......r.....Qb".......t.....R....Qb.afi....v.....Qb^.......w.....Qb..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\547db41b413d52f1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	43062
Entropy (8bit):	5.8710816141857745
Encrypted:	false
SSDEEP:	768:K7Giblnm5ya913V9ecmsABLO0A150Y0pXWm4W:Mb0Dt9e5sAByR150Lm+
MD5:	09CBA1CDBC71448079FC7BA732009528
SHA1:	F79A3E76D8A6F15681EBFE44F64A1B62CEAC8ADD
SHA-256:	B416200201C997ACAB1C92EF5AA5DD9406D570DB93967CF8F3534D767B8090BF
SHA-512:	114CABDDC4CFCBCBF4F67D7F98C4EE876B6002234E7EE7B651CE7EE18B0B764C9CC8B737108BBFDA7FA5B33230C297AD771B384AF3855D3D1A84B81881C41E38
Malicious:	false
Reputation:	low
Preview:	0\r..m................._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/78-6f121b/94-3cd1e0?ver=2.0 .https://microsoft.com/A+..../.............X.......!.$\|p6.g..OG."A....-.o.d.3).....A..Eo.........S.........A..Eo................................'.......O....H.....'.............h........................................................................(S.....`.....=.L`......L`......Qb"nh.....awa...Qd........behaviorKey...Q.@........define....Qd.}.....jsllConfig.......`......M`......Qe^..\....rawJsllConfig....(S.....IaB...O...IE.@.-.....P.......z...https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/78-6f121b/94-3cd1e0?ver=2.0..a........D`....D`b...D`..........`V...&...&..A.&.(S.t.`.....<L`.....@Rc..................QbR.......t.....Qb..ph....n......S.b............I`....Da2........(S...Ia....H.....Qb.k(....r.....q...!.d.....................(S...IaR...J.....q/..d.....................(S.....IaT...b

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\55002aca08adc148_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.663438324407213
Encrypted:	false
SSDEEP:	6:mImYcv0KgJpX4GE1oHWbGYlELknIyFHa1DwlllgtDobWgZ9h/WK6t:1xfCGQoHWyYlakn9ADwl/oDobW84
MD5:	CB69007AE29CE667DB8FD9265A2AC29A
SHA1:	B5E7EF204D76513CBECE87F7139D3370A56E15A3
SHA-256:	9057A3481896AF2CFD9629427D0EA90F3044370B996B4BFB725C790BADFB0B6A
SHA-512:	261E4A35252E2B3B3AF51589AD2613591D3320F46498B19EAC6F9B594A157977071A50C0E29F283158692D3F35F45B21E6610763E5E56E984B58CD67F1D2F614
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RC9c46fb6a891f4562b65713ecdcbb737f-source.min.js .https://microsoft.com/s4..../.............W............d.&..>?..0...>.O....mI@z>.A..Eo.......U.].........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\560eb50eaa655bc7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16930
Entropy (8bit):	6.0878445207854375
Encrypted:	false
SSDEEP:	384:CM2IVMTk4D69cjJvELvSzrTzwcqhkqKva1l:wdAErTzwcq9Kcl
MD5:	E71FF03DAFAB525C05C17CD8B2E37B45
SHA1:	5020F1E8D63A3CB314BBCA7EAC027554E6028281
SHA-256:	EA50F0C9A86B4AF54710A0AA701B20CFC5DF4F50E7D23794A142278ED752503C
SHA-512:	C509534A0BBF0293407CBC51506DA2C02EC4BDBB6838C1EB60CAEEA0CA8FE515B966C22EFC0BEE85119F3BF8FDC02DFA573D5CC6F41B48CF9F42267CD6856868
Malicious:	false
Reputation:	low
Preview:	0\r..m..........E......._keyhttps://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1 .https://microsoft.com/....../........................#g,b.v.U..c`.^...h.......A..Eo.......Dp..........A..Eo................................'.......O.....>...c.............(........................................(S.0..`......L`.....(S....`.......L`.....LRc".................Qd2a......requirejs.....Q.@. Y$....require...Q.@j..B....define....Q.PZ.W1....__extends...d....................I`....Da.........(S...`......L`>.....Rcf..........*.....Qb..N....n.....Qb.+......r.....Qb.!.....s.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\59a8cca6e4f3998e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	254
Entropy (8bit):	5.80525678015072
Encrypted:	false
SSDEEP:	6:mC9Y4BLIMZDPO8vnOAQhvwWD2Dr+vllgMWWkJ2V9h4RK6t:pD9TDPjjQhYK2D6/OWpAr
MD5:	75CC991FBC72A4E7580654E83300C502
SHA1:	699FEADC57744C3D72D50C6298B8C413BFB64DED
SHA-256:	3034BFA1D0DE653A4E3C8CB044C751C82C7F8DE5FFA2215C5E81D01C8E5DFC20
SHA-512:	30B94F6152F00E1E4A5BF1893371B47FF9E6273B24D38184AA6FFBCC9111FFC5921D65DFDB2F4341135559889F0587304B9E7997F236B20CEF69AC84CD646F4D
Malicious:	false
Reputation:	low
Preview:	0\r..m......z...t=.V...._keyhttps://support.microsoft.com/socbundles/topNav?v=XYJZrw0yvSWJRlrR7vC3uLGzcXwCX5AMXhrSLUSZJ9s1 .https://microsoft.com/...../....................d..If....&I...j..d.,I5.%...(..A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5a2848e832bc50f4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	276760
Entropy (8bit):	5.5810009321431595
Encrypted:	false
SSDEEP:	3072:S3EPj2KZjl4CIyahjxu6ukltapyUE/cEkjT+B5wE1IYWrtfFAXl0CvptU+AUh+ck:S3nVQstu6PzITrtfFEVvA+e
MD5:	8EE5D4BE605CAD8FDD66B4480A798C31
SHA1:	A99BBF138F300A79B72C47FE01D8324CCD60B828
SHA-256:	330A9AD2B2CE5F9D6DD2EB59AF818D33D59BD03D172D381DE3AC83C3E5A388ED
SHA-512:	BFA0F803F2F7FCCFF394145202BE734EC15B0C24DB4271F87E83D63D7E7C06BBF55DFA47E40ED80809B7C7D37D51DC6F25CB82DE4ED95317B00BBB42D8BF52D7
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...u.\|.....F5717253EDA10B2E15D99F3D9E2C63BB6D401083DCF3A696B95B4F0AF6DF6A0B..............'.tT....OP....7....................\....%..................................(...................4...........H...,...........H...........d...............\|...........L...L...............$.......$...`...,... ...\|.......................\|...............$...............p...............p.......P.......(...........$.......\|...8...\|....................(S.`..`\|....$L`......L`......Qd.5C.....WcpConsent...(S...`.....LL`"....@Rc..................Qb.W".....e......M....S.b$...........I`........a....F....(S...`......L`......Q.@.......exports..$..a.........C..Qb.[......l...H..!....a...........Qb..\|.....call......K`....D}8...............&.%.......&.%...&.(......&.}...&.%./...%.0...'....&.%.*..&.(...&.(...&.(...&...&.'..W.....-...(........,Rc................`....Da\...T...........e......... P.........@....@.-....HP.......:...https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js..a........D`...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5cf7c6cbf1d6c26c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	250
Entropy (8bit):	5.4348087279994495
Encrypted:	false
SSDEEP:	6:mJYEJJwM7zk2xQGAAN/lg1E6wMy4ybK6t:IJJwM7gGntkwLLN
MD5:	F4D96F27988629E5DB0E916D9D499EE9
SHA1:	5CBB558B6857123CC83D3ACDB9F34CA9544780C8
SHA-256:	A44FCB3E118D284F3841BBC122D50779978C8A5D55683835DB43E8862DE8FCDB
SHA-512:	27427BBC66AFEFEDB587F560DBD92364044714FD0A66CD1DF669E4797A55264F7545B156D31828E6CBA8EB1F24A5BB5A1C43D366A8C7130FC48A84AD668033A7
Malicious:	false
Reputation:	low
Preview:	0\r..m......v....$t....._keyhttps://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.vendors.6a9a01e.js .https://office.com//(..../.............J.........Pi....HB...NJ..z.;87...s/...A..Eo.......c...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\601763cfed8be44f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.524157330491474
Encrypted:	false
SSDEEP:	6:mynYL8vc7ZwcwVLx1D0e9lgD4qUORYQUK6t:C0c7ZwpRDvHE4QI
MD5:	1FC51EAF6BF88FCE584ADBA2A0647F31
SHA1:	79C8609C535E092657E14F525E553AD3B051B433
SHA-256:	3E7504E9330570E96E3532B08E92CE0E9CB60A6BB4664954BCD3F978926060F2
SHA-512:	8016D277B0395CF96563BCA26ABE386A2DB356D32C4DA2C9A0E874C9665ECD86D6567616C50B6FE01F48AC3BCD679827FA1F77F994AE8FD8A7A0E9119C535244
Malicious:	false
Reputation:	low
Preview:	0\r..m......b...8D.N...._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meCore.min.js .https://microsoft.com/..\.../.............+.......QJ;...{.z...O....wys..^..../..A..Eo........>#.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\62473b79b8e9cf76_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19401
Entropy (8bit):	5.997144668631908
Encrypted:	false
SSDEEP:	192:uMozMbMldIoVeyy6JM2roacbJvie80nZ4ODzF1J2eARfuZJjyM4IFS/8qO/MKzr9:uMozMbkfy6HVcbJvL8KlvmMi8qKva1U
MD5:	6245B4DA8DE43AD85426B5DC61C94540
SHA1:	211F139C7983A66348862DB0DE4211BA6AD00AAD
SHA-256:	3904FD845A0DCA31DDA40CBBCD6F4EA45E2148CFE2C198AC6D1A63FA6E43ADBC
SHA-512:	F0A0824010C13915497CDADD8D418810869B48D137A955AC58981839BECF9B8BD891D8FBF7A5C0FBCD764211379BC4FF7585156C518F3366BD67C0F00E13CA9C
Malicious:	false
Reputation:	low
Preview:	0\r..m............#....._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1 .https://microsoft.com/....../.............}.......Y.L.U.......Gv..6.....}.........A..Eo.......dPC.........A..Eo................................'.......O.....H..................(........................................(S.0..`......L`.....(S....`.......L`.....LRc".................Qd~.......requirejs.....Qc..[....require...Q.@........define....Q.P..N....__extends...d....................I`....Da.........(S...`......L`>.....Rcf...............Qb..ph....n.....Qb.k(....r.....Qb>5......s...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a8892a527604694_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	224
Entropy (8bit):	5.34246475603076
Encrypted:	false
SSDEEP:	6:mFYcMha4tTD6MDyVKDKalgJ/lx9LmsibkAq2nK6t:JaaD6MDyVKDDuP9SskV
MD5:	7B4826C29BC889A3E5B6AD8F4ED18657
SHA1:	F68389B46A228C5DAB4F48AA61F1363110AEBDE2
SHA-256:	2272833EA22A13F68410D0CBA740D93032D158C0DE7369F5D620A013CB4405F7
SHA-512:	9826EF47CA9BA8D5216FFB48C8CC02D83D2A86E161A49441360C562FA27D125805553D97DEA5A388C0D689E4397178DD74A81C1A35C00C25A58B99C06F28C2C8
Malicious:	false
Reputation:	low
Preview:	0\r..m......\....pW....._keyhttps://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWfyex .https://microsoft.com/G...../.............oU..........]. ...zy...Ci.u...J.x.....A.A..Eo.......Wr..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6aa8f657d25858ac_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19409
Entropy (8bit):	5.997255376815022
Encrypted:	false
SSDEEP:	192:cM2ywM5MldQyxVeye6JM2roacbJvie80nZ4ODzF1JkzZmjhgCyf1IuSc8qO/MKzg:cMCM5kP7e6HVcbJvL8Kl+Z/fx8qKva1X
MD5:	0369B472DD7757008FBF7106F901847B
SHA1:	AA2B13C69314DF3323BAD1337B4FB2BDFCADFB83
SHA-256:	9B89FEA747F97F41D82CE269DC2461346AB06F43451E2BDB7C2D80C54A78190B
SHA-512:	E32686F9E47601103AC18FA8C579D226D287E89BFDB1B7CD79149AB5B6F0EC99B495B2BB4200EC4DC2A8BFB0ECDA6B30BC19EB18CFBCEC6BB4ED4FCE1C6FD51F
Malicious:	false
Reputation:	low
Preview:	0\r..m..........m......_keyhttps://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1 .https://microsoft.com/..Q.../.............v.......YP].4.=...K..........;.=p...<..A..Eo.......U.M.........A..Eo................................'.......O.....H..2...............(........................................(S.0..`......L`.....(S....`.......L`.....LRc".................Qd...a....requirejs.....Qc^7{.....require...Q.@.W......define....Q.PF.[v....__extends...d....................I`....Da.........(S...`......L`>.....Rcf..........*.....Qb.AK.....n.....Qbf.......r.....Qb........s...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b848a87f40dd230_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.520024861786243
Encrypted:	false
SSDEEP:	3:m+lvw6v8RzYDCIWAcBIsWGkRUJG27zTT/oKsZvll/lHCXNh6cnD4/MmvK///pK5M:mewXYWFW7RPAvsRllgXNh6AqnvqhK6t
MD5:	025C71E8A3D02629718A39431749DE5D
SHA1:	044BA81C4E197A5690E252CD5C50F87F700D531D
SHA-256:	AF88F55EE0FC73670A5BFB651F8D410F049A5CE2352C3BEEAF38B3760C7AA29B
SHA-512:	61BE74283F3C02C8F0EC0B16FB98F1E60396E0C25E051159DF015BD1B9AD31ABC69EED2DBBECC879A8FB6EFDEC172DD052FB535E86361FC2205D1E1F7A6BBEBA
Malicious:	false
Reputation:	low
Preview:	0\r..m......M....ZcW...._keyhttps://az725175.vo.msecnd.net/scripts/jsll-4.js .https://liveperson.net/.Ku.../.............Hs......:....XJ.2.x.b....K .ZQ...Cj..T...A..Eo........F..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6e646dd4f853f7d8_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.724187300286838
Encrypted:	false
SSDEEP:	6:mIAQllVYcv0KgJpmpCKMkIga1D8lgZCaJrt1/bK6t:1AQ/ofYplMbzD0Ut3
MD5:	B8301574FF0C64330AA2E60B24B02FA2
SHA1:	3F02674EE0399D942181E934F35590F660911F68
SHA-256:	6E9C7DDAE44CA41DE5D95355399E133A7A95CA139FCC9EC9753FAF811F5E3542
SHA-512:	16C3EB18EF1D56E0B8D172479B3C1EAA17DEEBB0FF8E9A70A0E2AF834E89F46B9088731870418799B702467210ED281D1711FD18F8B818E2EB2BE8656B488C97
Malicious:	false
Reputation:	low
Preview:	0\r..m..........`.w....._keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC30b69654d14a4895ae64b6e5cf0cf812-source.min.js .https://microsoft.com/.<..../.............G.......?..&...H.d.`.....J....i....L..A..Eo......@X+c.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71533a71068a629c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.647589834721554
Encrypted:	false
SSDEEP:	6:mItllVYcv0KgJpmpCrZTZHa1DuVX9lgDeOnKeK4P//hK6t:1tllofYp9DuBpOHz//7
MD5:	55FC954DBD19AB0AF57A34E743DE5DFF
SHA1:	6F0B2E5E759990BFB382FC42F4C2022CF42CD675
SHA-256:	07F2A4E07B40193325008D34874A38D0E547BBD9C0440879794B7967172D6E4B
SHA-512:	C4D10E90862825DC36584D2F6AFBC236F08DF80FE6236A37A8DC9CD03CD3D3E74CCA6A9B076BD95E19AF93F7DC36B0F4A715165D909B76C035E7DF0FD8EC7562
Malicious:	false
Reputation:	low
Preview:	0\r..m...........L......_keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RCf16325d3e41c447fb6b66d7d82fcb43d-source.min.js .https://microsoft.com/....../..............G......cv...VW....b..n..-.6a.C..w.>..A..Eo.........!.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71f52630121e1252_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.5625788018731495
Encrypted:	false
SSDEEP:	6:mDYkEX3LEE3RFGFRzVKqYhgLBORFz8DNlllgont+0l4G7DK6t:iA3aFhVKBcD3/Ht/171
MD5:	FADF5892ED882D823EF08F85FA0AA3B9
SHA1:	5B3C7845F5D3FD757F965CF4D0D09DE87CA8426B
SHA-256:	547C94CE70CEAE98AEEAB8C180888DF4D7007708393D78B69ED9393A49C62E68
SHA-512:	3A1FA8411D473D38E446F0E5ECA3D8543CA115C7A29AAB9BBA1FFABC525B55E5685C1EA69B20C2DB705C2CEF5A34C0CE2D8D032DC8BD331863C5FD1EC8D086F2
Malicious:	false
Reputation:	low
Preview:	0\r..m..........4S.j...._keyhttps://statics-storeexp-neu-ms-com.akamaized.net/store/_scrf/js/themes=store-web-default/e2-ed7413/1e-fd610f?ver=2.0&_cf=11242019_3231 .https://microsoft.com/w.a.../..............p........k9.4.:..2e....}..n5.fo.Y..-...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\72090e93af2b3d0c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	5.643770343282537
Encrypted:	false
SSDEEP:	6:mjlXYcBB8LjFke/BDWDQIC8mx1SBfxVYXrNvKHllgXLzhnAK6t:ICnN/hWDxC8mxHvKH/WA
MD5:	8859FE7C82D194C886513B1EA4B779D3
SHA1:	B9B97DCF168DBED478A0F1DD745B7DBC885759A9
SHA-256:	A979C2D6CED1A3559A333BFBF598B8894E57FF20E4685092AF522A27285C4815
SHA-512:	2B9E793269819F5499AA269247BB214576702716FA7C3C0D33C9A02B276938F03512FA8035B5EA030792ABDADC7CCA5F92DAC262A55BB62E9F5F1DF5355ADA74
Malicious:	false
Reputation:	low
Preview:	0\r..m..........".C....._keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB .https://liveperson.net//...../..............}......@...u.RV.%.b...k..,V......... ..A..Eo......]<NR.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75499b213d6c8d9d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.471878686566196
Encrypted:	false
SSDEEP:	6:mpEYGLTDyxlgtrDSlgsACZQXj/m4W7DK6tWpEYGLTDyxlgtrDfalgyXQCZQXj/mu:fDyxlCDWtAa4j+9JDyxlCD2ua4j+K
MD5:	252678A71DFEE2D8E01A1953DC0E65C2
SHA1:	7C7AD3E836BB8D3A0F5F5136734D1B09829D5EF5
SHA-256:	1B4497695A30B6CEB2032D5208B4660D56D62ED5DD10B64DCAA59554B2C1D5DC
SHA-512:	1B5F6AF47FD6295F46E88317447EE0E4839BC3BE6BF93C3D3886E51F5F18679AF29953DEA7AE1FE30C36BF35F7A8F6CFE12088F840FABDF04860039D79D81B57
Malicious:	false
Reputation:	low
Preview:	0\r..m......W..........._keyhttps://www.microsoft.com/videoplayer/js/oneplayeriframe.js .https://microsoft.com/A...../.............B............5..,W.".....J...7./.0N.T...A..Eo......?<...........A..Eo..................0\r..m......W..........._keyhttps://www.microsoft.com/videoplayer/js/oneplayeriframe.js .https://microsoft.com/n,..../.............^S............5..,W.".....J...7./.0N.T...A..Eo.......A...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\781980b07f1bb38f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	5.667534614626753
Encrypted:	false
SSDEEP:	6:mql9YiRDHwA7qYsDpNdNFvNgDWlgLS//R0QK4IthK6t:RTDHXqn/xNgDiIQk7
MD5:	37CC1CDF5BA5D479A02862E28C349F2C
SHA1:	2DACA0A8FF0730C76A001F0DE4486486210B7055
SHA-256:	62283C32EC747EC2447C903DA62C209E90108879240A58683F96F7AFA9296104
SHA-512:	205C4A4FBFAAA1B6A38606AF59AB2A5EA66BF812ED6E5336EF06F329291852FD4355BBA566F10CBCD1AD87A110D949B19B72FB3081ADFF7F88F481EC26F1D966
Malicious:	false
Reputation:	low
Preview:	0\r..m......x...0.v....._keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=1a053411-4f63-d069-d3b8-11d5d720eeb4 .https://microsoft.com/W...../.....................5...a.....S...s5.O..8O....F$.\|3F.A..Eo......{W...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7bf2e63aba04327d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	199776
Entropy (8bit):	5.843593862060789
Encrypted:	false
SSDEEP:	3072:2QCcej8z47sEV5behwmldcAX9CEx9VCUbavmw5DSacH:2QQ5b2wmncAtf94UbkmOWl
MD5:	306F6D1B442FAA19892889D58FF910AF
SHA1:	F355E6462B00D04BCFD340A981B186061C5C0D26
SHA-256:	B996B33FA79C7984F420B95E8B33930E946A5AF0D61942D299BF5889509164AF
SHA-512:	6AC7D0B5DFBCC2C64E67AC8361037E3CE49F6FDD4149B0DFC2000C4839D3224553702B6AD318ED77D19E2CF5F0874D993359551AC006D2884A77C2214B341C03
Malicious:	false
Reputation:	low
Preview:	0\r..m......@......R....6379C02E323EDDFED89B8419F3AF4C64F7E82A7E54B62C00AFC44C567F4DF93C..............'.8.....O?.......(..3............\|...............................d........................................................................................................................................................................................................................(S.....`.....Y.L`......L`......Qd..E ....mwfAutoInit..(S.M..`R....lL`2....\Rc*.................Qb..@.....r......S...Qb.%6^....s.....Q.P........Modernizr.....Qb..t.....l.....R..f............................I`....Da....2....(S.0.`....]..K`....Df..............%.R&.%.h.......,Rc...................`....Da2...f.....!.....b.............@.-....tP.......f...https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/scripts/mwf-auto-init-main.var.min.js..a........D`....D`....D`............`....&...&....&... &...(S.....`.....XL`(.....QeR.W.....hasOwnProperty.......Qb......push..Qd..e....toLowerCase...Qc.._c..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d664ffbb549cf44_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.6583109813328045
Encrypted:	false
SSDEEP:	6:mIynYcv0KgJpmpCe2+PHyHa1DsRlgmxMs3on/kK6t:1y+fYpHPP7Dazis3o/2
MD5:	6F6A4B45EB2E5BB2C600192EA39FA1EA
SHA1:	3B105146DA10E2C453FC102ACB7DA8C4276310A0
SHA-256:	E4292E23EA9BD6654537103E237BA81CCC2B6FFC3D1096F69B2A29E88CEAC4F6
SHA-512:	367A2449A0167B4AEC117DAA99D542087FD7B4654A6FF2B4FF112CA66C7C28BB79CAE36176134E8DAAF796E54DC292908426EBBCF61FD636B98BBE41767761C3
Malicious:	false
Reputation:	low
Preview:	0\r..m...........x......_keyhttps://assets.adobedtm.com/5ef092d1efb5/e6b4ca74378c/2418adba327c/RC95d5954deda24aa780e2bd87a6eabf8f-source.min.js .https://microsoft.com/.=..../.............G...........+V,i..@......#..c.r.kvb0\D..A..Eo......v............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\82e92344281b46a9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	225
Entropy (8bit):	5.577517987289033
Encrypted:	false
SSDEEP:	3:m+lFEUOA8RzYJb9yKIf8w8gt4LSFvDFYtRO52KHl/lHCTl/lZ+I6CgA+UXmUX/pD:mkEYyK08JDxKHlgTDXkUXhK6t
MD5:	536E4A233C3E7DA9302E7B235FCFDC2F
SHA1:	79FEA89D8BDC2767FF1DFE94F6DC4ED08BD2776D
SHA-256:	B3C90C416648CCDE2BB3A3222488FF902926E16D7535062148FC8C1374F19600
SHA-512:	87ADB03D27957E3326EA8A3B444EEFBE847E773BDF204A32841140DE76224FDA28FCE392C81C1EF7EA1A523FA9850A306E4790532869371BC73391449ADF9FA6
Malicious:	false
Reputation:	low
Preview:	0\r..m......]...U......._keyhttps://ajax.aspnetcdn.com/ajax/jquery.ui/1.11.1/jquery-ui.min.js .https://microsoft.com/fV..../..............B.......l".......H..i...-Xg..Z....{\|.A..Eo........bY.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\86aa07f121a6237f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	264
Entropy (8bit):	5.7529949348528415
Encrypted:	false
SSDEEP:	6:mgXYcBD+IwaG5wHfCfxsxKNlDV+gDUWlgpJ8cWygrsK6t:xLD+IwXKHfCfxKKXAgDUiOya
MD5:	635E6961EFE10CB80EA08459D1AB133E
SHA1:	8277ECEE99FA58E4FAE2185B540417D48230DA90
SHA-256:	ECF8C038743E9922118A897B4742502044AEC66A976EF08321C403C75C760727
SHA-512:	8941E4CD19DB1FFCB3C34CE1ECFBE83E7D7A047230F5BCEC3ED3EB95E6204E720CB481D2EFA500833F4D78B08676F6D2BF6CAF9002EA8BDE1A081369297851F9
Malicious:	false
Reputation:	low
Preview:	0\r..m..........l......._keyhttps://account.microsoft.com/bundles/scripts/experiments?v=dhMHbKozrGOgxx2MYXfMMYMDxUo0UcLjtgcfK8uL2iA1 .https://microsoft.com/m.U.../....................Q...JKd.,.P.U...Oy9@.Du.>..#...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a41173cbadc68f7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	24482
Entropy (8bit):	5.911307577107584
Encrypted:	false
SSDEEP:	384:yA7pihtN1XhIotf7tx7bsgcP1G2yx30AAWBcqVvGv+eNAPRWarv1LmHa:BVevpL7wgc9ax33CaG2tPXZLma
MD5:	567E7AE7FA12734488648D5EC7687880
SHA1:	0ABF974F78D26E0066EF4F9785525501F6BBD4B3
SHA-256:	B26084099F5E4ED38B2F8854E917C4EC5AC1612D38ED11BDD4795C57A5B6970D
SHA-512:	924A6C2528E2B3D3F7799B8BF1C87DF2A578450822F4922864439C180CCE3B4B3399D79AC4B14674A5761D1DEF74AA505B4BAB945480D297E485A34792667F89
Malicious:	false
Reputation:	low
Preview:	0\r..m......b....C.\|...._keyhttps://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1 .https://microsoft.com/A...../....................)3.8=..p.O.........@!....&s...b.A..Eo...................A..Eo................................'..k....O.....^..N1. ............P...@............................................(S....`.....<L`......Qc6.......window....Qb.ec#....MSA...Q.P........MeControl.......aN.........Qb^a......ver...Qdn#4.....10.20300.4....Qb..>.....mkt...Qc.@......en-US.....Qb6.^.....ptn...Qe..).....smcconvergence....Qb.......gfx.. Qf.._.....https://mem.gfx.ms....Qb.I.&....dbg.H..Qb.27)....aad.G..Qb..#.....int.H..QbB.......pxy.H..QcR(q.....msTxt...H..QbrB;]....rwd.G..Qc..r.....telEvs...pQz..h.b...PageAction, PageView, ContentUpdate, OutgoingRequest, ClientError, PartnerApiCall, TrackedScenario....Qcb.=F....remAcc..G..Qb........main..Qc^.......meBoot....Qd........wrapperId.....QbJ(......uhf...Qc........cdnRegex..Q.A.J.......^(?:https?:\/\/)?(mem\.gfx\.ms(?!\.)\|contro

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f3c2e2c260a7099_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.822106483394013
Encrypted:	false
SSDEEP:	6:mXYI4McTDsJegDAblgs61TrlEbS6llhK6tiqq4PctE8VTrlEx:e+TDsYgDABO13Yn/7hcaU38
MD5:	E3886CE03F87A20B5113835F31CCC7F2
SHA1:	D4AB58EE7341A59CF6D6A68D263D605F78B4C317
SHA-256:	1C7BBB92BE59816FE57AC356034993BCBB823E96645602B41DDAD434471D7ECB
SHA-512:	1303C59177738C1DD497E36FB763F79589D01D3043671F9A1DCEDDF6A0E0FD26105A0D36A5252E5828DF116426B8D2EA2E9D0706E0777E3EC95AF786B1E9727C
Malicious:	false
Reputation:	low
Preview:	0\r..m......V...\|.L\...._keyhttps://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js .https://microsoft.com/....../.........................<.S....l....\.W.U\..E?`..r.A..Eo........w..........A..Eo......................../.p8..F5717253EDA10B2E15D99F3D9E2C63BB6D401083DCF3A696B95B4F0AF6DF6A0B....<.S....l....\.W.U\..E?`..r.A..Eo......./t.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91e887711a548594_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	213
Entropy (8bit):	5.432974718781314
Encrypted:	false
SSDEEP:	3:m+lZn8RzYrSLZRtRJKj1ZPNTyRA27FYtR+zrvlll/lHCClwIrTnyeEgBQAL4mezP:mXYGLTDyxBrxD+3lllgJouNq/ibK6t
MD5:	7A28D386FBF41308E522F688CD54C0D1
SHA1:	3AA0D81AA0D0D1983F8DA8CAF343D869C6B7E3F5
SHA-256:	BCCA707C6B1B3A7BCAE7AEE532FFA02BC74BC290594626C446EA2D5B2D81FBE2
SHA-512:	A809AC9429384C4AAC9358D63C893C459581F21FCAEC9E7FF11B5EFCA37DBCE5F4A03E78203CA0B7B866FA30E265FE247538011E29C4DF14C2DECD4C8B64C487
Malicious:	false
Reputation:	low
Preview:	0\r..m......Q...'......._keyhttps://www.microsoft.com/videoplayer/js/vxpiframe.js .https://microsoft.com/....../.........................n..".:.....T....q...x.C..>c.A..Eo.........p.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\921a520646898d46_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	5.6948855306536235
Encrypted:	false
SSDEEP:	6:mGYiRDHwA7nXDjSQ1rdrDtfMDolgk5BYQ4bxTZK6t:tDHXzuQ3WD475BYZ1T
MD5:	21D57776CEE0AAE708053B9C678C74E8
SHA1:	86A9D4E1FAA629B93336504699EAF7169A268836
SHA-256:	9B1016891CCFB9E7F96399E0C59BE97AAAF640EDCCB4B429D6104A59CE55A0EE
SHA-512:	BDB90EF1822DC4BFDF4416F56D8C09AF2A299038539D880FC79176BD7E24ED8FE31886B94A159C98DF47EBADACA07A0A5A0C63E91801C8698715D842C6D4A00A
Malicious:	false
Reputation:	low
Preview:	0\r..m......x.........._keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=42ce545a-d075-ac8e-38d1-8d9b4eaa1c7e .https://microsoft.com/(.P.../.............w.......A.o.,.M#4.Y..<.iZ..m..M.`.Q..k'.A..Eo.......I..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9299ed2c4c7a3963_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	43060
Entropy (8bit):	5.869555364552337
Encrypted:	false
SSDEEP:	768:jkO2nO3WTurRdRY5EUfl+nmZOhS2J51EpF3atnvZs9:jkU3/QflVZOhS2J51IFmvZW
MD5:	19D84BDC9A1812D082BA16A1D7B143B8
SHA1:	64EC469F4664BCCC30712037DBA623AA02F25A37
SHA-256:	9CC937F18B1C91C2536F029E28D4F1687DE6E4A6DE9D4646FBDF6E6A07FC5308
SHA-512:	0B1CC4506F2765806525CC362E77802EB11897D9103A49D1085665EDA5897175D6C4C6AD095D5376A7DA2BF245EB308526FBF8F82FFD7BEA43E6DCF91FECCA95
Malicious:	false
Reputation:	low
Preview:	0\r..m..........k.Hz...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-bcc229/94-3cd1e0?ver=2.0 .https://microsoft.com/.US.../.............)*.........'....3.hi!......QF........A..Eo...................A..Eo................................'.......O....@.....&.............l........................................................................(S.....`.....=.L`......L`......Qbf.%I....awa...Qd..O.....behaviorKey...Qc..M.....define....Qd.7......jsllConfig.......`......M`......QeBf/s....rawJsllConfig....(S.....IaB.......IE.@.-.....P.!.........https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-bcc229/94-3cd1e0?ver=2.0a........D`....D`....D`..........`V...&...&..A.&.(S.t.`.....<L`.....@Rc..................QbF.......t.....Qb........n......S.b............I`....Da.........(S...Ia..........QbZ..b....r.........!.d.....................(S...Ia.........../..d.....................(S...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94a5143d10615cf8_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.54545420746754
Encrypted:	false
SSDEEP:	6:msYL8vc7ZwcwkVD4flgvU9Wual4TIbK6t:00c7ZwpKD4NCMalH
MD5:	C4A6C7F8D30E3622BC25B9881A1444C8
SHA1:	097A34EAC0D3CE9AD6B7541F174DE89CE36EBFD3
SHA-256:	5B09708405D452470DB7538CAA8D0CC23592722FE4A18713A609A3664EB50AC3
SHA-512:	A0A9176CFB4FFE8DD86F811F493B67D050B3D5C13037539E105E0F728EED6A8E24680E9AAAE75822308CED223306CBB9E4B4F86678D96A15D327661A536960B1
Malicious:	false
Reputation:	low
Preview:	0\r..m......b...9......._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20300.4/de-DE/meBoot.min.js .https://microsoft.com/..[.../..............+.........aI.O.U(...[%Z.J%07H.bA.......A..Eo........@.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94d12f6ce814ffd5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.5941868469950045
Encrypted:	false
SSDEEP:	6:mi/gEYsYpl3ax/dDKeK/lgXZARipdbK6t:10fAVDKNtOZ0iTN
MD5:	77DAA3FC6B173F5F550F52704505AAA8
SHA1:	593C9BB0081E3876D23740FB509F9DA79461FC80
SHA-256:	FE65B5F0F45E07FC8D14B87EE7B535977FC15F080F3986DEAAD4577390CEE9CF
SHA-512:	06B730F3D8639DE72678DAB7513EB9BE4F0037483AE2AD7715AB3F8FAA60AC3CC4FAF22977A564A78D68444174891FC0BB895C86B09E0927EA4B467616666069
Malicious:	false
Reputation:	low
Preview:	0\r..m......f...@'t....._keyhttps://mwf-service.akamaized.net/mwf/js/bundle/1.57.8/mwf-main.umd.min.js .https://microsoft.com/.%W.../.......................j.k.D2.Ek%.....M.N...JO.jK..A..Eo.......?.S.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9660b83c29aac989_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.767865790968896
Encrypted:	false
SSDEEP:	6:mOVVYcBD+Iw0fnw5TKlbAVQDIJlgrUllygsdPulO1GnMvK6t:tND+Iw0Y5TKlbWQDIrQwpMR
MD5:	C1FF235F01AEB0B337AB452D645BAA91
SHA1:	9FBF9101ACB518272E4DF697B3EE322DA0FC34CF
SHA-256:	27C4382786C7724E70068A074B2A531F3A905686C9F5F7F494329FF32F37F7D2
SHA-512:	3AA068ACCB01073BCEF2524780CA30ACB716222E22C81807E9AEA49ABDA199BBDCB43618C5F19FBA5DC2904BD2C4067919CA20EE22CC88439D23D3A428BAFB9B
Malicious:	false
Reputation:	low
Preview:	0\r..m......}...q\>....._keyhttps://account.microsoft.com/bundles/scripts/site?v=vDloEEMna0v0bDOvhg3Wu9-5aomWGcLr7BbgT0gTGfk1 .https://microsoft.com/..V.../......................j~A.....p..b.y..".5......A..Eo.......M.j.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\96db824c331a77d5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.649619164189831
Encrypted:	false
SSDEEP:	6:mIEnYcv0KgJpX4GE1oHWAP9ZDkiHa1DCoKvlllgJ6kmb+g6M5RK6t:1E+fCGQoHWAlZwrDIvl/wmigb5r
MD5:	B7AC8313E02F87CF63951941D2F3C49B
SHA1:	757771E4F3C0E945EBF465A75E136FEE86E9D555
SHA-256:	820DBE2B5CAF57F45B02E5B91CB7EB76656760BA2C0B2564AF584B3D76601C2B
SHA-512:	8E498884E05458678D51B9189317AAD9FA30AF4B48FF2E27F77D9615466EA118A9FC9DD9DB11488CAB9B346504A2C40A4CB2E28F92C73C77AEEF51822FF29CBD
Malicious:	false
Reputation:	low
Preview:	0\r..m.............6...._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCa7a16d61c0134716b6c5d59808f9fd26-source.min.js .https://microsoft.com/.c..../..............W......e......n*\|z<d.`.3..Xg..\..o5.....A..Eo......K..M.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99d39807317fa33a_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.678641058806758
Encrypted:	false
SSDEEP:	6:mIA/Ycv0KgJpX4GE1oHWK0deNQeCsa1D7vlllgdo2flw/ygrRhZK6t:1xfCGQoHWKkAADjl/r2f/Ip
MD5:	D6FA883563B5A615C9F7258D97D86AF9
SHA1:	E0833CEAA9E6FC93939DD6DBEB42FBEB23967E56
SHA-256:	A4D6396024199B3108E3228CBA7AFFC72C085EE54DC1F74E06E8118E2DCF01E3
SHA-512:	6DE6704564C403AA9E532E3D8556D82868F50DDA984C22BF2CCD6B77B80493FF75A89DEEED7A23F31D81AD3604085400B3B3B940DC688F975B642D254FE5DB54
Malicious:	false
Reputation:	low
Preview:	0\r..m............d....._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCc603b998e8c64e55b78656817f793285-source.min.js .https://microsoft.com/....../..............W........R.dS.-6;...G..>......E..S.....A..Eo........kF.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a5575bef7c495dc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	424
Entropy (8bit):	5.931171871485504
Encrypted:	false
SSDEEP:	6:m0iYGLTDQyKfZ+ONNKM3IGRWm8SIyDc1XlgYkU0Jf374nK6tGkDc+T229ta0Jf3j:D6DQLjl4mxIyDczDNM3spIkU2vaM3
MD5:	C521D8BCF81E5925FBD098762F6F9B3B
SHA1:	E9BCEA17C3BBBF261A0790740867C56CD17C9E38
SHA-256:	DCBA24A3BFF2E9C213ACAC5165D15AC9B011BD8B912E342AE7316A31240AE8C8
SHA-512:	F1900FC0B377EE8432E32CBD6626FB8180FD3C550C937046A8BB12246C9BA2BFC2CD258DB414ED801C3CDB70CDB71BFE4A53286758437EF741C31DC149E77BEE
Malicious:	false
Reputation:	low
Preview:	0\r..m...........k@....._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/46c44584/coreui.statics/externalscripts/jquery/jquery-3.3.1.min.js .https://microsoft.com/.MU.../.............i*.......'\|.....C..j.,c%X.i.Y-....F...N.A..Eo.........\|.........A..Eo...................MU.../.0x..CA1EA789D0897C156F6E2EFC7210A4606ADF573A6986B4CC9F9DC6A1D805F1DD.'\|.....C..j.,c%X.i.Y-....F...N.A..Eo........O4L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e3e3b309feee242_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.655772097595926
Encrypted:	false
SSDEEP:	6:mIi/XYcv0KgJpX4GE1oHWzQXvG5mLUsa1DOtllllg7O0YP5lDK6t:15fCGQoHWzQXvG5m+DOtll/KG1
MD5:	AFA0F2DBFEDAE9C2DAFA22F9B254A2BA
SHA1:	9FCF47626C3BD51DEDF59995AF293388F99F9FD6
SHA-256:	A0294AAB8B5EADD16EDC74CC2B365095A72DA3CCA0D4F82ED748FE1BDC9D7455
SHA-512:	B004CA5C6AB229D657123CD1C4A2CA1BF19B8F31667EBBA4B48B52414671D1A4F1E6F8604BC7B4612A09C7DC0CDFD388552007F3781EDD634D83B6C650838638
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCb36993ed0cd440348a1b4711c13dbc8e-source.min.js .https://microsoft.com/+...../..............X.........yJ....M.c.....U..sZH!D.2+.b.+.A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9edc3bcc45a63d3b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	248
Entropy (8bit):	5.44078261359791
Encrypted:	false
SSDEEP:	6:mAVYcvrX7p1UKaVRqp1DeHlgXpdmHj4DK6t:Pv3a7qp1DeFMAW
MD5:	0DFFD518E1593CFC95926A081C47066C
SHA1:	F44DF5F2379462519254F79FF35D064BC6ACF17E
SHA-256:	64CD4A0C1217466CE364EF81A34B91C45EEEFBF65CBA6A3AEE8A88FDDBEFBAE7
SHA-512:	00A8421FEFE48D51B0F19FDB5F725525EEF064BD8352FA81AEF38D0BE891223DE10AA1635A5BAD90B1911652AEA542214E86945537A846D3D3B936E65ABB2FE8
Malicious:	false
Reputation:	low
Preview:	0\r..m......t....-H....._keyhttps://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js .https://microsoft.com/;...../..............E.......je.....y ..Sq.1._..(.kT......1.A..Eo.........H.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a04d28593344b886_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.527261565697666
Encrypted:	false
SSDEEP:	6:m4ZYWFW7RPoHgDWivlllgrUsq67s9hz1nK6t:nW7RPoADl9/gq3p
MD5:	F6BE9EC58D449395DC5AF726CAA5628C
SHA1:	6313C06831CA13CE058C0AFD5FE6DB35074F78B2
SHA-256:	029856CF541B894D07D36FD374E3987A05871F65D8203897730F8620D3181035
SHA-512:	D5069F5F6AFCDF2D88DEBEAAD7984C95B0AE85E8F832785CDB46113A6BC7112F3ABF4271039DD0E28654C6E49E672C754E6AC2123C0220BEC71E8901130DBC51
Malicious:	false
Reputation:	low
Preview:	0\r..m......P...U......._keyhttps://az725175.vo.msecnd.net/scripts/jsll-4.3.1.js .https://microsoft.com/...../.....................(....k..>..m...d?!lc..m.....A..Eo.......k?.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a245930ddc6025a9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.642683856243682
Encrypted:	false
SSDEEP:	6:mIIYcv0KgJpX4GE1oHW9xBGNa1DGoKlllg90znTvv62/SBZK6t:13fCGQoHW93DGoKl/4oTvinT
MD5:	B761082D1FD6BEF0672AC4F130AE8C69
SHA1:	E953D9C8AA709CC426A8CA333D35116A83E9EF1D
SHA-256:	5FBAEEBD2CAE47C1F7BBE646A7B930A11FEB1EA59EFF16371B2F4793ABD85023
SHA-512:	C4C2E685DBB9DEEE71FF9FA8AB57435388C414312014ED371DC853F74BFFD5E5981A42A6CFCACD72BD25A6337B6D75E31887C5E46BDACAD469DAF1CB3E90463A
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCa6da6c2ddf044453bdb4d0b0dafda95b-source.min.js .https://microsoft.com/0M..../.............W......\|..8E.5.......K..t7v......G......A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a28564b05f7fa3cb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	466
Entropy (8bit):	5.38999273074576
Encrypted:	false
SSDEEP:	6:muP4EYGLTDFbDH2QshvK6cXBokqPSuwykNWXeFODOtyIgoGV17vKDs6lgJ3OKMhq:Z4sDFbKQ+8xEPjTxTjoc1rKD/M3tN
MD5:	233B125A090F47A56998B3182AC76F8E
SHA1:	429A8F1F072186136EF8805748D98E2ABAE4DE0F
SHA-256:	BB05134BAABFDF9FA78E5065A23BD00138911AE1727E4E9A330AABD29FC7FB37
SHA-512:	21BC39F5E2790A164342CF4536C9214187C9196574FECBBDADF8BCD0054CD8EF70DAB14C0618FADA493E6C320F5856A341F84A5C69225DB06363BE6388EBA9CF
Malicious:	false
Reputation:	low
Preview:	0\r..m......N....:>(...._keyhttps://www.microsoft.com/mwf/js/MWF_20201028_28422223/alert/ambientvideo/areaheading/autosuggest/button/calltoaction/dialog/divider/feature/glyph/heading/hero/heroitem/hyperlinkgroup/image/imageintro/list/logo/mosaic/mosaicplacement/multislidecarousel/pagebehaviors/rating/skiptomain/social?apiVersion=1.0 .https://microsoft.com/..S.../.............,*.......g.m.\........\>>...1ou/.Q....<..A..Eo.......@Px.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a427860bca0ae4c4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.529947996891715
Encrypted:	false
SSDEEP:	3:m+lIhA8RzYDCIWAcBIsWGkRUJG27FYtRRbl/lHCbl/ayh6oC9FpI/RGvg4mo8G/J:mzYWFW7RPxDtlgByLZI/A4rUhK6t
MD5:	912B7C7F7051D5E8117A4223299567B7
SHA1:	A341296A346C9074FB52CF993922AC20522E4FF9
SHA-256:	89E5A61C81D3FA26E046FB4ED479D8275D10768DBF08DAF0EA09589197786448
SHA-512:	32B7A8B077C1C657B29C2F87D3FFEC45BF60542BD90F4FCF3AB3DFE3B8E42C0C1F92DC21908BECF8175A77DDD4B55F20B2F92EA7C2923C0980E6B5165630965B
Malicious:	false
Reputation:	low
Preview:	0\r..m......L...d......._keyhttps://az725175.vo.msecnd.net/scripts/jsll-4.js .https://microsoft.com/....../.............]S......r-..tD.....6u.......7..`\J+Z4.A..Eo......8............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4cf8298e1a20149_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	4.996706576800788
Encrypted:	false
SSDEEP:	24:5ycjXlrRRgOiQEzdAJOsjcOUlqMnQ6UvB6SRDnZC+2XS+Gple:5p1RulQEzCJbjcRqMQ6O8woGle
MD5:	8388D7613FD246A83D5DE56C106B879B
SHA1:	0079B6CEA36755B456145B3BFD87524438171AB6
SHA-256:	493B52FF05E4EF53DA6EF3A204D0E70971FB1D64C3B58DF704EBE8ED13591EB9
SHA-512:	76C224D2652977C109CB0953AFC6C75FC014C3931F912D813FDB84E4DE5F1A495BF5C5949F84B75DFEA7D968E93902DF802F5D48C83C0E6BE148DE142F2BB6A4
Malicious:	false
Reputation:	low
Preview:	0\r..m..........W.%...._keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_e971c28c-2b00-920a-7b3c-ade93b62d97b_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-912e-9a27-74fc22d5e823_d05d04f0-2693-ec0c-01de-808f5ad22891_693cb7af-5841-0401-bf99-98f0d9ba4140_a42d7277-10a1-6935-b06a-ebeeb8815ba6_30431ce6-63a7-f889-dfb0-0df5e1561da0_a96731a9-c05d-ced4-6287-89c900b1ed4f_55f6f45b-01ff-8a72-87f2-aef7adb3c4ae_2d3684a3-f1a0-d1c4-8c01-8f5b22b0884d_bec3e8b8-6afd-a4da-0cb7-e3f0e65d6704_25785618-c6df-5018-c882-7493400f3937_3d6f4407-99a7-efc0-9273-2886b50fa823_544bfecd-07c5-9fff-20c9-9125b66a3749_cc850638-66c6-0dc0-e5df-a231bf28e478_4d0ade6c-4b76-3f03-5f2d-4d8913f009df_88257d23-e3fb-0deb-d967-418273373312_79c01e4e-6436-0168-278f-66f180dd4fdd_360dd1e2-0971-6b97-6b15-bebe0e7ed91e_548c8edb-b925-5700-12de-1fbe1e801b5e_e102ee4d-7772-ae41-a83e-3b7ad65995ca_d707f600-5853-342b-4975-ecd5

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5b18de7662d18f2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.490738865782082
Encrypted:	false
SSDEEP:	6:m5YL8mMW8mLD2DllgtWL/EEUzN45VK6t:j7MJmLD2D/9L/E35C
MD5:	DE708A9A7269B39DD191860EEFC4EE28
SHA1:	621D5ACF68EFCBF6AEDE05649EB244BE855A3255
SHA-256:	DAD802F6EC9DEA5DEEAD5C1B489C38A6E3B7910ED66F1723ED1E59535A7CDDB1
SHA-512:	5A9A3F31EC1BE50BF7D814766014D6DEC30290BC356818890735947BC258CC6F4D91247E8CD54FB2591BF4CA6160854D0720DCEE22A86ECF959F7E65888490C6
Malicious:	false
Reputation:	low
Preview:	0\r..m......[......i...._keyhttps://mem.gfx.ms/meversion?partner=windows&market=en-us&uhf=1 .https://microsoft.com/....../..............C......2.\......n..!..P#..iV..m..Z..j..A..Eo........A..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a62abfc932b5eff2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	275
Entropy (8bit):	5.59470231109613
Encrypted:	false
SSDEEP:	6:mIAYcv0KgJpX4GE1oHWgBqPoHa1DDzlllgz0h+KZurz/ZK6t:1/fCGQoHWMqhDDzl/L3I
MD5:	4D74C2BED3541DFC498804E0A887301A
SHA1:	4EB105CA5C0C7EE6B748FEA548AE43D30D729BBD
SHA-256:	3644C3D404970919F25C5085A04F06D67EBA015D172539EEDA97C325DB6D25C5
SHA-512:	5D89611067D5B4FC7F893CCB9A9B52539FDA1162DF432275C8638066B26C3116AE758ADF16DE126AFD5F8CD4471A99C24AABF89ABBCF1608C3F2F0FE5D15EF1A
Malicious:	false
Reputation:	low
Preview:	0\r..m.............v...._keyhttps://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/0e102e270abf/RCce79330d434c45ca8ea9effba974a13d-source.min.js .https://microsoft.com/.K..../.............W.......]ww.....].........X.:r....>.A..Eo......vR9..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\adcefe05f695f7f2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	645
Entropy (8bit):	5.379909560330278
Encrypted:	false
SSDEEP:	12:zUA3aFhVKVoKhhwdCt6go++nOXIUX3NC1Ngw9jMuw8YxrYcD+//kqe8:I6ChAQCk/++nOXJdCrMupOEcS/sv8
MD5:	089AD1D1F44CB86B843CF815F3189F52
SHA1:	840A27BBE4C6AD9CF7CAA64111EC413A6665C187
SHA-256:	0131A0903E518AF6C28FC631777B7D64A220374DE2B9BC2A4CDCEE6F74C38B29
SHA-512:	BF242B029E442C2AA1F527581EBD39D78819217975F6BAF7368D7968BE6B74BBF0AA88D43F14B1F162B837DD588010F8B5E9E449D047D16A97003B3BDE1EC673
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://statics-storeexp-neu-ms-com.akamaized.net/store/_scrf/js/themes=store-web-default/2f-63ce8f/12-f9cbf0/aa-dc1460/2d-7a9063/8b-b7e929/69-f75c22/ff-8418b5/e9-a27a19/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/e1-c35781/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/ab-30f5b9/91-97a04f/1f-100dea/33-abe4df/fe-a5cf09/e3-082b89/7f-25cd1c/b7-5b4bf5?ver=2.0&_cf=11242019_3231 .https://microsoft.com/).b.../..............p......x...n..B-_.b..S.s.z.~...KY..q..A..Eo..................A..Eo..................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2020 14:42:08.186070919 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.207313061 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.207407951 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.207659006 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.228857994 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.242357016 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.242413044 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.242451906 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.242484093 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.242492914 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.242538929 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.257435083 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.257591009 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.257707119 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.278951883 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.279100895 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.279175997 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.279242039 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.281166077 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.281207085 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.281244040 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.281263113 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.281294107 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.281294107 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.281343937 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.282166004 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.282211065 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.282237053 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.282249928 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.283200979 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.283241987 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.283263922 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.283291101 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.284301043 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.284343004 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.284365892 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.284410954 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.285356998 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.285419941 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.285450935 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.285526037 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.286413908 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.286457062 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.286488056 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.286509991 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.287481070 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.287532091 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.287555933 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.287583113 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.288558960 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.288600922 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.288633108 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.288655996 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.300477028 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.300533056 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.300565004 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.300610065 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.300750971 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.300796986 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.300816059 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.300846100 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.302311897 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.302352905 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.302417994 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.302911043 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.302953005 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.303010941 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.303972006 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.304009914 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.304075956 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.305058002 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.305098057 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.305159092 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.306126118 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.306164980 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.306216002 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.307194948 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.307235956 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.307301044 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.308254004 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.308301926 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.308363914 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.309353113 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.309420109 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.309478998 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.310394049 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.310434103 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.310494900 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.311455011 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.311496973 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.311554909 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.312536001 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.312577963 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.312638998 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.313601971 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.313643932 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.313709974 CET	49745	443	192.168.2.3	216.58.215.225
Nov 29, 2020 14:42:08.314698935 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.314740896 CET	443	49745	216.58.215.225	192.168.2.3
Nov 29, 2020 14:42:08.314795971 CET	49745	443	192.168.2.3	216.58.215.225

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2020 14:41:57.439197063 CET	64185	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:41:57.466373920 CET	53	64185	8.8.8.8	192.168.2.3
Nov 29, 2020 14:41:58.513490915 CET	65110	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:41:58.548935890 CET	53	65110	8.8.8.8	192.168.2.3
Nov 29, 2020 14:41:59.346389055 CET	58361	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:41:59.384192944 CET	53	58361	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:01.349657059 CET	63492	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:01.377049923 CET	53	63492	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:02.532295942 CET	53195	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:02.570419073 CET	53	53195	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:02.968566895 CET	50141	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:02.968952894 CET	53023	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:02.972603083 CET	49563	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:02.973601103 CET	51352	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:03.004404068 CET	53	53023	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:03.012152910 CET	53	50141	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:03.022037029 CET	53	51352	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:03.028712988 CET	53	49563	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:03.327548981 CET	59349	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:03.383898973 CET	53	59349	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:03.463833094 CET	57084	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:03.507127047 CET	53	57084	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:04.145190954 CET	57568	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:04.181962967 CET	53	57568	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:04.522470951 CET	50540	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:04.573787928 CET	53	50540	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:04.694713116 CET	54366	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:04.721822023 CET	53	54366	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:04.726144075 CET	53034	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:04.753532887 CET	53	53034	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:04.896387100 CET	57762	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:04.940013885 CET	53	57762	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:05.439919949 CET	55435	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:05.467366934 CET	53	55435	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:06.218135118 CET	50713	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:06.255306005 CET	53	50713	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:06.453946114 CET	56132	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:06.481147051 CET	53	56132	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:06.915229082 CET	58987	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:06.950566053 CET	53	58987	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:07.489753962 CET	56579	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:07.516915083 CET	53	56579	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:08.141540051 CET	64938	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:08.185095072 CET	53	64938	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:09.397648096 CET	61946	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:09.433912992 CET	53	61946	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:09.876527071 CET	64910	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:09.903825998 CET	53	64910	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:11.884161949 CET	56338	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:11.911483049 CET	53	56338	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:12.490370989 CET	59420	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:12.527842045 CET	53	59420	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:12.828087091 CET	58784	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:12.876637936 CET	53	58784	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.227025986 CET	62938	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.262461901 CET	53	62938	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.409682035 CET	55708	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.411303043 CET	56803	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.418852091 CET	57145	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.419477940 CET	55359	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.420604944 CET	58306	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.448399067 CET	53	56803	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.448427916 CET	53	55708	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.458228111 CET	53	57145	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.458479881 CET	53	55359	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.479033947 CET	53	58306	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:13.641262054 CET	64124	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:13.678231955 CET	53	64124	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:14.164021015 CET	49361	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:14.200882912 CET	53	49361	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:17.249651909 CET	63150	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:17.286680937 CET	53	63150	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:17.341535091 CET	53279	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:17.347419024 CET	56881	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:17.377006054 CET	53	53279	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:17.383018017 CET	53	56881	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:17.466757059 CET	53642	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:17.493885994 CET	53	53642	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:17.990806103 CET	55667	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:17.991671085 CET	54833	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:18.027147055 CET	53	54833	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:18.027903080 CET	53	55667	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:21.890922070 CET	62476	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:21.918207884 CET	53	62476	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:28.593888998 CET	49705	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:28.631133080 CET	53	49705	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:28.997374058 CET	61477	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:29.046797037 CET	53	61477	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:29.395961046 CET	61633	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:29.433182001 CET	53	61633	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:30.522069931 CET	55949	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:30.559092999 CET	53	55949	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:31.150783062 CET	57601	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:31.151422024 CET	49342	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:31.190584898 CET	53	49342	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:31.191577911 CET	53	57601	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:31.672785044 CET	56253	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:31.716434956 CET	53	56253	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:31.920361042 CET	49667	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:31.957844973 CET	53	49667	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:32.861731052 CET	55439	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:32.898436069 CET	53	55439	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:33.054919958 CET	57069	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:33.090435982 CET	53	57069	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:34.697278023 CET	57659	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:34.724550962 CET	53	57659	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:44.169800997 CET	63975	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:44.214010000 CET	53	63975	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:44.951771021 CET	56639	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:44.999907970 CET	53	56639	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:47.659300089 CET	51856	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:47.705480099 CET	53	51856	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:47.706926107 CET	56546	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:47.763616085 CET	53	56546	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:47.911976099 CET	53470	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:47.948647022 CET	53	53470	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:48.145926952 CET	56446	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:48.187612057 CET	53	56446	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:53.682368994 CET	59631	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:53.684760094 CET	55515	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:53.718139887 CET	53	59631	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:53.723650932 CET	53	55515	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:53.905273914 CET	64547	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:53.942110062 CET	53	64547	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:54.038207054 CET	51759	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:54.114604950 CET	53	51759	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:58.795172930 CET	59207	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:58.851229906 CET	53	59207	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:58.982573986 CET	54269	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:59.009659052 CET	53	54269	8.8.8.8	192.168.2.3
Nov 29, 2020 14:42:59.400793076 CET	54856	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:42:59.445971012 CET	53	54856	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.010045052 CET	64140	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.053281069 CET	53	64140	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.348176003 CET	62271	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.383913040 CET	53	62271	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.496419907 CET	57404	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.540184021 CET	53	57404	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.621917963 CET	62997	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.665115118 CET	53	62997	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.717149019 CET	57712	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.773822069 CET	53	57712	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:01.902280092 CET	60065	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:01.946549892 CET	53	60065	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:04.730422974 CET	55068	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:04.767656088 CET	53	55068	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:04.948566914 CET	64700	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:04.949142933 CET	61998	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:04.949825048 CET	53724	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:04.953210115 CET	52328	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:04.986439943 CET	53	61998	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:04.986694098 CET	53	53724	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:04.990094900 CET	53	52328	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:04.994856119 CET	53	64700	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:05.002770901 CET	58051	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:05.040132999 CET	53	58051	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:05.845696926 CET	64130	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:05.883353949 CET	53	64130	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:06.313122034 CET	50491	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:06.350043058 CET	53	50491	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:07.229970932 CET	53004	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:07.267151117 CET	53	53004	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:08.694933891 CET	52529	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:08.712423086 CET	53656	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:08.732119083 CET	53	52529	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:08.749819994 CET	53	53656	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:09.762095928 CET	62724	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:09.789158106 CET	53	62724	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:10.177649975 CET	56059	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:10.214736938 CET	53	56059	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:10.739698887 CET	63060	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:10.776556969 CET	53	63060	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:10.858880043 CET	51498	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:10.898248911 CET	53	51498	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:11.214415073 CET	59943	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:11.251336098 CET	53	59943	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:11.386898041 CET	50118	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:11.424309969 CET	53	50118	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:11.557873011 CET	58357	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:11.594686985 CET	53	58357	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:11.781985998 CET	55804	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:11.808939934 CET	53	55804	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:12.896394968 CET	58079	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:12.932200909 CET	53	58079	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:13.563838005 CET	52080	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:13.600935936 CET	53	52080	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:13.636702061 CET	55238	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:13.672302961 CET	53	55238	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:34.406075001 CET	49289	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:34.433274031 CET	53	49289	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:34.877784967 CET	61034	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:34.921994925 CET	53	61034	8.8.8.8	192.168.2.3
Nov 29, 2020 14:43:49.215511084 CET	51964	53	192.168.2.3	8.8.8.8
Nov 29, 2020 14:43:49.258477926 CET	53	51964	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 29, 2020 14:42:02.973601103 CET	192.168.2.3	8.8.8.8	0xd4f2	Standard query (0)	forms.office.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:04.145190954 CET	192.168.2.3	8.8.8.8	0x7857	Standard query (0)	cdn.forms.office.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:04.522470951 CET	192.168.2.3	8.8.8.8	0xecdd	Standard query (0)	c.office.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:06.218135118 CET	192.168.2.3	8.8.8.8	0x68c7	Standard query (0)	cdn.forms.office.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:08.141540051 CET	192.168.2.3	8.8.8.8	0xef0	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:13.409682035 CET	192.168.2.3	8.8.8.8	0xb69	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:13.420604944 CET	192.168.2.3	8.8.8.8	0xc5d8	Standard query (0)	assets.onestore.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:31.150783062 CET	192.168.2.3	8.8.8.8	0x292e	Standard query (0)	mem.gfx.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:31.920361042 CET	192.168.2.3	8.8.8.8	0x532e	Standard query (0)	logincdn.msauth.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:34.697278023 CET	192.168.2.3	8.8.8.8	0xf0c9	Standard query (0)	aka.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:48.145926952 CET	192.168.2.3	8.8.8.8	0x989b	Standard query (0)	amp.azure.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:53.905273914 CET	192.168.2.3	8.8.8.8	0xaad1	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:54.038207054 CET	192.168.2.3	8.8.8.8	0x41bb	Standard query (0)	offertooldataprod.blob.core.windows.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:58.795172930 CET	192.168.2.3	8.8.8.8	0x26ca	Standard query (0)	surfaceselfserviceoffertool.azurewebsites.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:59.400793076 CET	192.168.2.3	8.8.8.8	0xcd39	Standard query (0)	microsoftwindows.112.2o7.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:04.948566914 CET	192.168.2.3	8.8.8.8	0x69c5	Standard query (0)	statics-eas.onestore.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:04.949142933 CET	192.168.2.3	8.8.8.8	0xb2d1	Standard query (0)	statics-eus.onestore.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:04.949825048 CET	192.168.2.3	8.8.8.8	0xe5c6	Standard query (0)	statics-neu.onestore.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:05.002770901 CET	192.168.2.3	8.8.8.8	0xe1b4	Standard query (0)	statics-wcus.onestore.ms	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:05.845696926 CET	192.168.2.3	8.8.8.8	0xe4fb	Standard query (0)	publisher.liveperson.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:06.313122034 CET	192.168.2.3	8.8.8.8	0xd8cd	Standard query (0)	lptag.liveperson.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:08.694933891 CET	192.168.2.3	8.8.8.8	0x71fd	Standard query (0)	accdn.lpsnmedia.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:08.712423086 CET	192.168.2.3	8.8.8.8	0x4b2a	Standard query (0)	static-assets.fs.liveperson.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:10.739698887 CET	192.168.2.3	8.8.8.8	0xa207	Standard query (0)	lpcdn.lpsnmedia.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:11.386898041 CET	192.168.2.3	8.8.8.8	0x1d0	Standard query (0)	support.content.office.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:11.781985998 CET	192.168.2.3	8.8.8.8	0xfdcc	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:12.896394968 CET	192.168.2.3	8.8.8.8	0xf354	Standard query (0)	va.v.liveperson.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:13.636702061 CET	192.168.2.3	8.8.8.8	0xb995	Standard query (0)	support.content.office.net	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:49.215511084 CET	192.168.2.3	8.8.8.8	0xf3d1	Standard query (0)	mcraa.fs.liveperson.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 29, 2020 14:42:03.022037029 CET	8.8.8.8	192.168.2.3	0xd4f2	No error (0)	forms.office.com	prod.forms.office.com.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:04.181962967 CET	8.8.8.8	192.168.2.3	0x7857	No error (0)	cdn.forms.office.net	cdn.forms.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:04.573787928 CET	8.8.8.8	192.168.2.3	0xecdd	No error (0)	c.office.com	c.msn.com		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:04.573787928 CET	8.8.8.8	192.168.2.3	0xecdd	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:06.255306005 CET	8.8.8.8	192.168.2.3	0x68c7	No error (0)	cdn.forms.office.net	cdn.forms.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:08.185095072 CET	8.8.8.8	192.168.2.3	0xef0	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:08.185095072 CET	8.8.8.8	192.168.2.3	0xef0	No error (0)	googlehosted.l.googleusercontent.com		216.58.215.225	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:13.448427916 CET	8.8.8.8	192.168.2.3	0xb69	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:13.479033947 CET	8.8.8.8	192.168.2.3	0xc5d8	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:18.027147055 CET	8.8.8.8	192.168.2.3	0x47df	No error (0)	consentdeliveryfd.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:29.046797037 CET	8.8.8.8	192.168.2.3	0xa99a	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:31.191577911 CET	8.8.8.8	192.168.2.3	0x292e	No error (0)	mem.gfx.ms	cdn.account.microsoft.com.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:31.957844973 CET	8.8.8.8	192.168.2.3	0x532e	No error (0)	logincdn.msauth.net	lgincdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:31.957844973 CET	8.8.8.8	192.168.2.3	0x532e	No error (0)	cs1227.wpc.alphacdn.net		192.229.221.185	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:34.724550962 CET	8.8.8.8	192.168.2.3	0xf0c9	No error (0)	aka.ms		104.74.143.169	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:48.187612057 CET	8.8.8.8	192.168.2.3	0x989b	No error (0)	amp.azure.net	160c1.wpc.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:53.942110062 CET	8.8.8.8	192.168.2.3	0xaad1	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:54.114604950 CET	8.8.8.8	192.168.2.3	0x41bb	No error (0)	offertooldataprod.blob.core.windows.net	blob.bl6prdstr14a.store.core.windows.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:54.114604950 CET	8.8.8.8	192.168.2.3	0x41bb	No error (0)	blob.bl6prdstr14a.store.core.windows.net		52.239.152.74	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:58.851229906 CET	8.8.8.8	192.168.2.3	0x26ca	No error (0)	surfaceselfserviceoffertool.azurewebsites.net	waws-prod-mwh-031.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:58.851229906 CET	8.8.8.8	192.168.2.3	0x26ca	No error (0)	waws-prod-mwh-031.sip.azurewebsites.windows.net	waws-prod-mwh-031.cloudapp.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:42:59.445971012 CET	8.8.8.8	192.168.2.3	0xcd39	No error (0)	microsoftwindows.112.2o7.net		15.237.136.106	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:59.445971012 CET	8.8.8.8	192.168.2.3	0xcd39	No error (0)	microsoftwindows.112.2o7.net		35.181.18.61	A (IP address)	IN (0x0001)
Nov 29, 2020 14:42:59.445971012 CET	8.8.8.8	192.168.2.3	0xcd39	No error (0)	microsoftwindows.112.2o7.net		15.237.76.117	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:04.986439943 CET	8.8.8.8	192.168.2.3	0xb2d1	No error (0)	statics-eus.onestore.ms	statics.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:04.986694098 CET	8.8.8.8	192.168.2.3	0xe5c6	No error (0)	statics-neu.onestore.ms	statics.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:04.994856119 CET	8.8.8.8	192.168.2.3	0x69c5	No error (0)	statics-eas.onestore.ms	statics.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:05.040132999 CET	8.8.8.8	192.168.2.3	0xe1b4	No error (0)	statics-wcus.onestore.ms	statics.onestore.ms.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:05.883353949 CET	8.8.8.8	192.168.2.3	0xe4fb	No error (0)	publisher.liveperson.net	publisher.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:05.883353949 CET	8.8.8.8	192.168.2.3	0xe4fb	No error (0)	liveperson.map.fastly.net		151.101.1.192	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:05.883353949 CET	8.8.8.8	192.168.2.3	0xe4fb	No error (0)	liveperson.map.fastly.net		151.101.65.192	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:05.883353949 CET	8.8.8.8	192.168.2.3	0xe4fb	No error (0)	liveperson.map.fastly.net		151.101.129.192	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:05.883353949 CET	8.8.8.8	192.168.2.3	0xe4fb	No error (0)	liveperson.map.fastly.net		151.101.193.192	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:06.350043058 CET	8.8.8.8	192.168.2.3	0xd8cd	No error (0)	lptag.liveperson.net	lptag.liveperson.cotcdb.net.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:08.732119083 CET	8.8.8.8	192.168.2.3	0x71fd	No error (0)	accdn.lpsnmedia.net	accdn.lpsnmedia.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:08.749819994 CET	8.8.8.8	192.168.2.3	0x4b2a	No error (0)	static-assets.fs.liveperson.com	dh1y47vf5ttia.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:08.749819994 CET	8.8.8.8	192.168.2.3	0x4b2a	No error (0)	dh1y47vf5ttia.cloudfront.net		13.225.73.51	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:08.749819994 CET	8.8.8.8	192.168.2.3	0x4b2a	No error (0)	dh1y47vf5ttia.cloudfront.net		13.225.73.72	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:08.749819994 CET	8.8.8.8	192.168.2.3	0x4b2a	No error (0)	dh1y47vf5ttia.cloudfront.net		13.225.73.123	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:08.749819994 CET	8.8.8.8	192.168.2.3	0x4b2a	No error (0)	dh1y47vf5ttia.cloudfront.net		13.225.73.20	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:10.776556969 CET	8.8.8.8	192.168.2.3	0xa207	No error (0)	lpcdn.lpsnmedia.net	lpcdn.lpsnmedia.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:11.424309969 CET	8.8.8.8	192.168.2.3	0x1d0	No error (0)	support.content.office.net	support.content.office.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:11.808939934 CET	8.8.8.8	192.168.2.3	0xfdcc	No error (0)	login.microsoftonline.com	a.privatelink.msidentity.com		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:11.808939934 CET	8.8.8.8	192.168.2.3	0xfdcc	No error (0)	a.privatelink.msidentity.com	prda.aadg.msidentity.com		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:11.808939934 CET	8.8.8.8	192.168.2.3	0xfdcc	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:12.932200909 CET	8.8.8.8	192.168.2.3	0xf354	No error (0)	va.v.liveperson.net		208.89.12.87	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:13.672302961 CET	8.8.8.8	192.168.2.3	0xb995	No error (0)	support.content.office.net	support.content.office.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Nov 29, 2020 14:43:49.258477926 CET	8.8.8.8	192.168.2.3	0xf3d1	No error (0)	mcraa.fs.liveperson.com		3.216.53.130	A (IP address)	IN (0x0001)
Nov 29, 2020 14:43:49.258477926 CET	8.8.8.8	192.168.2.3	0xf3d1	No error (0)	mcraa.fs.liveperson.com		52.200.9.81	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 29, 2020 14:42:34.773336887 CET	104.74.143.169	443	192.168.2.3	49872	CN=go.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Sep 06 21:37:21 CEST 2019 Fri May 20 14:53:03 CEST 2016	Mon Sep 06 21:37:21 CEST 2021 Mon May 20 14:53:03 CEST 2024	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 29, 2020 14:42:34.773336887 CET	104.74.143.169	443	192.168.2.3	49872	CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 20 14:53:03 CEST 2016	Mon May 20 14:53:03 CEST 2024		b32309a26951912be7dba376398abc3b
Nov 29, 2020 14:43:05.975449085 CET	151.101.1.192	443	192.168.2.3	50081	CN=liveperson.net, O="LivePerson, Inc.", L=New York, ST=New York, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Mar 27 04:17:26 CET 2020 Wed Aug 19 02:00:00 CEST 2015	Sun Mar 28 05:17:26 CEST 2021 Tue Aug 19 02:00:00 CEST 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Nov 29, 2020 14:43:05.975449085 CET	151.101.1.192	443	192.168.2.3	50081	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Aug 19 02:00:00 CEST 2015	Tue Aug 19 02:00:00 CEST 2025		b32309a26951912be7dba376398abc3b
Nov 29, 2020 14:43:13.233999014 CET	208.89.12.87	443	192.168.2.3	50140	CN=*.v.liveperson.net, OU="LivePerson, Inc.", O="LivePerson, Inc", STREET=475 10TH AVE FL 5, L=New York, ST=New York, OID.2.5.4.17=10018, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon Apr 13 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Thu Apr 14 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5924 Parent PID: 1788

General

Start time:	14:41:59
Start date:	29/11/2020
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 800 Parent PID: 5924

General

Start time:	14:42:00
Start date:	29/11/2020
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,15741333574045818394,7388905800530690174,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://forms.office.com/Pages/ResponsePage.aspx?id=cDgNZ_NsCEK0nbknGQ7BS4561NiEZjlNhv9vg7q7u5hUOERRUVExUUtGSUJPUkhDVk82TU5JNFlTQS4u

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5924 Parent PID: 1788

General

Analysis Process: chrome.exe PID: 800 Parent PID: 5924

General

Disassembly