Play interactive tour

Edit tour

Analysis Report ACH WIRE PAYMENT ADVICE..xlsx

Overview

General Information

Sample Name:	ACH WIRE PAYMENT ADVICE..xlsx
Analysis ID:	339280
MD5:	a66a202e970df086cc265cb646127bfb
SHA1:	c8986173e16bb9b0703490afba594ec5eef08a4a
SHA256:	e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_25

Phishing site detected (based on image similarity)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Steals Internet Explorer cookies

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2516 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

iexplore.exe (PID: 1336 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s MD5: 4EB098135821348270F27157F7A84E65)

iexplore.exe (PID: 1028 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1336 CREDAT:275457 /prefetch:2 MD5: 8A590F790A98F3D77399BE457E01386A)

iexplore.exe (PID: 2792 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 4EB098135821348270F27157F7A84E65)

iexplore.exe (PID: 2904 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2792 CREDAT:275457 /prefetch:2 MD5: 8A590F790A98F3D77399BE457E01386A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZlFRrg5s[1].htm	JoeSecurity_HtmlPhish_25	Yara detected HtmlPhish_25	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ZlFRrg5s[1].htm	JoeSecurity_HtmlPhish_25	Yara detected HtmlPhish_25	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish_25

Show sources

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZlFRrg5s[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ZlFRrg5s[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://images.typeform.com/images/nXkRcNPp6wtg/background/large

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.82:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.82:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.117:443 -> 192.168.2.22:49186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.22:49195 -> 143.204.99.83:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49202 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 162.247.242.19 162.247.242.19
Source: Joe Sandbox View	IP Address: 143.204.99.83 143.204.99.83
Source: Joe Sandbox View	IP Address: 162.247.242.21 162.247.242.21

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD9543EC.jpeg

Jump to behavior

Source: unknown

DNS traffic detected: queries for: 24mbw17feyn.typeform.com

Source: vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	String found in binary or memory: http://www.jacklmoore.com/autosize
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s
Source: ZlFRrg5s[1].htm.3.dr, {2F918E46-561B-11EB-ADCF-ECF4BBB5915B}.dat.6.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Source: {2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT
Source: ~DFAAE8432BB923397E.TMP.6.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sNUMBER_OF_PROCESSORS=4OS=Windows_NTPath=C:
Source: {2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot
Source: {2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sz
Source: renderer.0f5a683b381b67dbbf89[1].js.3.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	String found in binary or memory: https://github.com/kof/animationFrame
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://images.typeform.com/images/CJr828dpN5yQ/image/default
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://images.typeform.com/images/FYUps4mFKPYK/image/default
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://images.typeform.com/images/nXkRcNPp6wtg/background/large
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/apple-touch-icon.png
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/browserconfig.xml
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-16x16.png
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-32x32.png
Source: imagestore.dat.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-32x32.png-
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon.ico
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/safari-pinned-tab.svg
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/site.webmanifest
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/form.9cd5d6381506e5950fe0.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/modern-renderer.36eec26e0148023415c0.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/renderer.0f5a683b381b67dbbf89.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~form.965f5dedbb854e83c6c8.js
Source: ZlFRrg5s[1].htm.3.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49200
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 49201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443

Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.82:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.82:443 -> 192.168.2.22:49173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.117:443 -> 192.168.2.22:49186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.22:49190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.168.2.22:49195 -> 143.204.99.83:443 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.22:49196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.218.160.124:443 -> 192.168.2.22:49198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.22:49202 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winXLSX@8/81@17/8

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$ACH WIRE PAYMENT ADVICE..xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRD9EA.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2792 CREDAT:275457 /prefetch:2
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1336 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2792 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1336 CREDAT:275457 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SOERHJ3M.txt			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NT7KOKIT.txt			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	Credentials In Files1	File and Directory Discovery1	Remote Services	Data from Local System1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	System Information Discovery2	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ACH WIRE PAYMENT ADVICE..xlsx	0%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bam.nr-data.net	0%	Virustotal		Browse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d296je7bbdd650.cloudfront.net	143.204.99.83	true	false		high
api.segment.io	34.218.160.124	true	false		high
d2citsn5wf4j9j.cloudfront.net	143.204.93.100	true	false		high
d2nvsmtq2poimt.cloudfront.net	143.204.93.16	true	false		high
bam.nr-data.net	162.247.242.21	true	false	0%, Virustotal, Browse	unknown
d2p6vz8nayi9a3.cloudfront.net	13.224.194.82	true	false		high
cdn.segment.com	unknown	unknown	false		high
renderer-assets.typeform.com	unknown	unknown	false		high
public-assets.typeform.com	unknown	unknown	false		high
js-agent.newrelic.com	unknown	unknown	false		high
images.typeform.com	unknown	unknown	false		high
24mbw17feyn.typeform.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://images.typeform.com/images/CJr828dpN5yQ/image/default	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/favicon-32x32.png	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/	ZlFRrg5s[1].htm.3.dr	false	high
http://www.apache.org/licenses/LICENSE-2.0	vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	false	high
https://images.typeform.com/images/nXkRcNPp6wtg/background/large	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/safari-pinned-tab.svg	ZlFRrg5s[1].htm.3.dr	false	high
https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT	{2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false	high
https://24mbw17feyn.typeform.com/to/ZlFRrg5sNUMBER_OF_PROCESSORS=4OS=Windows_NTPath=C:	~DFAAE8432BB923397E.TMP.6.dr	false	high
https://24mbw17feyn.typeform.com/to/ZlFRrg5s	ZlFRrg5s[1].htm.3.dr, {2F918E46-561B-11EB-ADCF-ECF4BBB5915B}.dat.6.dr	false	high
https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js	ZlFRrg5s[1].htm.3.dr	false	high
https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/favicon-16x16.png	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js	ZlFRrg5s[1].htm.3.dr	false	high
https://github.com/kof/animationFrame	vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	false	high
https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/renderer.0f5a683b381b67dbbf89.js	ZlFRrg5s[1].htm.3.dr	false	high
https://renderer-assets.typeform.com/vendors~form.965f5dedbb854e83c6c8.js	ZlFRrg5s[1].htm.3.dr	false	high
https://images.typeform.com/images/FYUps4mFKPYK/image/default	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/browserconfig.xml	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/site.webmanifest	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/favicon.ico	ZlFRrg5s[1].htm.3.dr	false	high
https://24mbw17feyn.typeform.com/to/ZlFRrg5sz	{2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false	high
https://public-assets.typeform.com/public/favicon/apple-touch-icon.png	ZlFRrg5s[1].htm.3.dr	false	high
https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot	{2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false	high
https://renderer-assets.typeform.com/form.9cd5d6381506e5950fe0.js	ZlFRrg5s[1].htm.3.dr	false	high
http://www.jacklmoore.com/autosize	vendors~form.965f5dedbb854e83c6c8[1].js.3.dr	false	high
https://renderer-assets.typeform.com/modern-renderer.36eec26e0148023415c0.js	ZlFRrg5s[1].htm.3.dr	false	high
https://public-assets.typeform.com/public/favicon/favicon-32x32.png-	imagestore.dat.3.dr	false	high
https://github.com/js-cookie/js-cookie	renderer.0f5a683b381b67dbbf89[1].js.3.dr	false	high
https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js	ZlFRrg5s[1].htm.3.dr	false	high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
162.247.242.19	unknown	United States	23467	NEWRELIC-AS-1US	false
143.204.93.117	unknown	United States	16509	AMAZON-02US	false
143.204.93.100	unknown	United States	16509	AMAZON-02US	false
143.204.99.83	unknown	United States	16509	AMAZON-02US	false
162.247.242.21	unknown	United States	23467	NEWRELIC-AS-1US	false
13.224.194.82	unknown	United States	16509	AMAZON-02US	false
143.204.93.16	unknown	United States	16509	AMAZON-02US	false
34.218.160.124	unknown	United States	16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339280
Start date:	13.01.2021
Start time:	19:45:47
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 21s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	ACH WIRE PAYMENT ADVICE..xlsx
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.winXLSX@8/81@17/8
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Browse link: https://24mbw17feyn.typeform.com/to/ZlFRrg5s Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 88.221.62.148, 104.18.27.71, 104.18.26.71, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 13.107.5.80, 204.79.197.200, 13.107.21.200, 152.199.19.161 Excluded domains from analysis (whitelisted): www.bing.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, api.bing.com, f4.shared.global.fastly.net, r20swj13mr.microsoft.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e-0001.e-msedge.net, go.microsoft.com, random.typeform.com.cdn.cloudflare.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, www-bing-com.dual-a-0001.a-msedge.net, api-bing-com.e-0001.e-msedge.net, cs9.wpc.v0cdn.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
143.204.99.83	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://teams-securelink-flow-docs.webflow.io/	Get hash	malicious	Browse
	https://app.tettra.co/teams/onedrive/pages/heres-the-document-rhonda-caudill-shared-with-you-securely?auth=99f40d326c66b31888e1073ccb65fa0c74cd4cbb1c3 0ef586940c232b4cf84316a7d62ed869cf77d99a689e9b02f3f1b	Get hash	malicious	Browse
	https://archbee.io/doc/syaAtOIVyAwfu2_qqrf7c/jBDG8LY6FS8pEAjch_Mpm&	Get hash	malicious	Browse
	https://proposalfiles-agreement.webflow.io/	Get hash	malicious	Browse
	https://metro-healths-mchc.webflow.io/	Get hash	malicious	Browse
	https://metro-healths-mchc.webflow.io/	Get hash	malicious	Browse
	https://covid19japan.com/	Get hash	malicious	Browse
	https://archbee.io/doc/gpDKj-ShASFFy7ljsO-eR/r7ztZd1NKEZHSePgJCywd	Get hash	malicious	Browse
	https://sks-high-performance-fax-message.webflow.io	Get hash	malicious	Browse
162.247.242.21	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	http://search.hwatchtvnow.co	Get hash	malicious	Browse
	https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=	Get hash	malicious	Browse
	https://bit.do/fLVUm	Get hash	malicious	Browse
	https://l.facebook.com/l.php?u=https%3A%2F%2Fbit.do%2FfLVUm%3Ffbclid%3DIwAR3_y5be7qgzc9rWXbeIQlHePNYF96mJvcjTtfijse-VyaDOGbdXhiymogA&h=AT2La9RfuL-CBpF75ix5HdI9ILnyapdVZIzXgRQt4G1Y7x5nZpCr9RLeZPnCT8_3vYaiFFnwir6t35RvMH3lJhYuYrzugBPtxdx4PUirtTUjKnczau25WjD4XcXiFnckifU	Get hash	malicious	Browse
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://nandirudraksh.com/wp-includes/nz	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	https://mshad4064.typeform.com/to/TEgIyNGg	Get hash	malicious	Browse
	https://newrfpsubmissioncall.typeform.com/to/Mfm0qNbE	Get hash	malicious	Browse
	ACH & WlRE REMlTTANCE ADVlCE.xlsx	Get hash	malicious	Browse
	https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary	Get hash	malicious	Browse
	ACH WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH - WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH - WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACHWlRE REMlTTANCE ADVlCE..xlsx	Get hash	malicious	Browse
	ACHWlRE REMlTTANCE ADVlCE..xlsx	Get hash	malicious	Browse
162.247.242.19	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack	Get hash	malicious	Browse
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse
	https://olhonabrasa.com.br/secure/zimbra/access/zimbra/index.php	Get hash	malicious	Browse
	ACH WIRE REMITTANCE COPY.xlsx	Get hash	malicious	Browse
	ACH WIRE REMITTANCE.xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT.xlsx	Get hash	malicious	Browse
	https://mmemicrosoftwebsss.typeform.com/to/sIZVMxGk	Get hash	malicious	Browse
	https://forums.iboats.com/forum/general-boating-outdoors-activities/boat-topics-and-questions-not-engine-topics/558373-need-help-from-all-my-tahoe-q4-guys-regaring-smart-tabs-sx	Get hash	malicious	Browse
	https://app.box.com/s/4qh80d5v0isn028co16h3leg3k11ku28	Get hash	malicious	Browse
	https://app.box.com/s/5gniwwclsyw9ejzutmi7mtewylcjhxai	Get hash	malicious	Browse
	https://ntmp-log.wowdigitech.com/ga/click/2-39854561-1849-12357-24298-27003-dbf48d5c17-74d2ecc202	Get hash	malicious	Browse
	https://app.box.com/s/uup6bxhgol9oof0zmwgzewd86gpayqrk	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
d2citsn5wf4j9j.cloudfront.net	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.111
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.94.129
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.90.86
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.93.43
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.110
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.4
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.111
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.68.126
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.93.43
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.110
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.47
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	143.204.208.47
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse	13.224.93.60
	https://mshad4064.typeform.com/to/TEgIyNGg	Get hash	malicious	Browse	13.224.93.116
	https://newrfpsubmissioncall.typeform.com/to/Mfm0qNbE	Get hash	malicious	Browse	13.224.93.116
	https://mcmms.typeform.com/to/Vtnb9OBC	Get hash	malicious	Browse	13.224.93.45
d296je7bbdd650.cloudfront.net	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	https://notification1.bubbleapps.io/version-test?debug_mode=true	Get hash	malicious	Browse	143.204.5.83
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.100.80
	https://target-care.webflow.io/	Get hash	malicious	Browse	13.224.100.80
	http://perpetual.veteran.az/673616c6c792e64756e6e654070657270657475616c2e636f6d2e6175	Get hash	malicious	Browse	65.9.58.129
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.99.83
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.100.80
	https://stevenscapitaladvisors.webflow.io/	Get hash	malicious	Browse	65.9.58.129
	https://stevenscapitaladvisors.webflow.io/	Get hash	malicious	Browse	65.9.58.129
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse	143.204.99.83
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.99.83
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.99.83
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.58.129
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.100.80
	http://secure-file-transfer-ver.webflow.io	Get hash	malicious	Browse	13.226.174.148
d2nvsmtq2poimt.cloudfront.net	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.87
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.109
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.88
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.98
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.94.83
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.90.37
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.93.102
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.20
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.8
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.87
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.98
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.68.116
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.61
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.119
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	143.204.208.81
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse	13.224.93.102
	https://mshad4064.typeform.com/to/TEgIyNGg	Get hash	malicious	Browse	13.224.93.75
api.segment.io	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.218.98.189
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.71.252.35
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	44.229.187.242
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.149.194.4
	https://notification1.bubbleapps.io/version-test?debug_mode=true	Get hash	malicious	Browse	52.43.118.59
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	52.35.191.167
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	52.11.35.251
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	52.37.21.144
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse	35.162.116.128
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	54.70.113.89
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	54.69.52.31
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	54.190.208.247
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	34.210.41.193
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	54.186.56.40
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	54.148.169.229
	https://secure-teams-storage.webflow.io/	Get hash	malicious	Browse	54.149.50.128
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	52.38.120.169
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	54.186.56.40
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	54.71.192.93
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse	52.33.248.165

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
NEWRELIC-AS-1US	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.18
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.19
	http://search.hwatchtvnow.co	Get hash	malicious	Browse	162.247.242.20
	https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=	Get hash	malicious	Browse	162.247.242.20
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	162.247.242.20
	https://bit.do/fLVUm	Get hash	malicious	Browse	162.247.242.21
	https://l.facebook.com/l.php?u=https%3A%2F%2Fbit.do%2FfLVUm%3Ffbclid%3DIwAR3_y5be7qgzc9rWXbeIQlHePNYF96mJvcjTtfijse-VyaDOGbdXhiymogA&h=AT2La9RfuL-CBpF75ix5HdI9ILnyapdVZIzXgRQt4G1Y7x5nZpCr9RLeZPnCT8_3vYaiFFnwir6t35RvMH3lJhYuYrzugBPtxdx4PUirtTUjKnczau25WjD4XcXiFnckifU	Get hash	malicious	Browse	162.247.242.21
	http://catalog.amsz.ua/1.php	Get hash	malicious	Browse	162.247.242.20
	http://perpetual.veteran.az/673616c6c792e64756e6e654070657270657475616c2e636f6d2e6175	Get hash	malicious	Browse	162.247.242.18
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	162.247.242.18
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	162.247.242.19
	http://view.e.business.officedepot.com/?qs=3fe5dee3fd6dc334e57f4fe8c13caa1dc833d1845b46e0df5e76d8dcd189c65840b833e5f8853ee5eca50625943bfd8b71f0d693bc12eda6d7c035c0df2243dc5fe3f7c370b5320b8fd654c8b827b865	Get hash	malicious	Browse	162.247.242.18
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.20
	https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack	Get hash	malicious	Browse	162.247.242.19
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.19
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.19
	https://nandirudraksh.com/wp-includes/nz	Get hash	malicious	Browse	162.247.242.20
AMAZON-02US	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138
	Purchase Order -263.exe	Get hash	malicious	Browse	52.58.78.16
AMAZON-02US	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138
	Purchase Order -263.exe	Get hash	malicious	Browse	52.58.78.16
AMAZON-02US	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138
	Purchase Order -263.exe	Get hash	malicious	Browse	52.58.78.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	Byrnes Gould PLLC.odt	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	BankSwiftCopyUSD95000.ppt	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	Monex_USD.doc	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.27970.rtf	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.31662.rtf	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	INV8222874744_20210111490395.xlsm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	FedEx 772584418730.doc	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.rtf	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	PURCHASE ORDER-34002174.doc	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.5396.rtf	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	n#U00b0 761.doc	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	swift 0182021.xls	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	Curriculo Laura.xlsm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	prints-eduardo-bolsonaro.docm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	Curriculo Laura.xlsm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124
	prints carlos bolsonaro.docm	Get hash	malicious	Browse	143.204.99.83 162.247.242.19 143.204.93.117 13.224.194.82 143.204.93.16 143.204.93.100 34.218.160.124

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
SSDEEP:	6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MP98E46N\24mbw17feyn.typeform[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1072818
Entropy (8bit):	5.172838307289395
Encrypted:	false
SSDEEP:	3072:r7ZZZNBGkKkaklkxkekWkQk4kW+uDFVKSmFitiI0djdKiWh0:RFitiI0djdKiWh0
MD5:	0FEB2730BB671D5959C08F77BE66CF4A
SHA1:	5DB7D7C9EC5C5DB931FA6624482E08FB69037555
SHA-256:	19CFA51B3B6934D53C847533DF49139D0C5AF5C1B4A1351B4255E2549AECCC7C
SHA-512:	6AF9BE529FB02A1E677CBF6FDA5389679F7C310C185D06B3BCD6F9DAA2A274F9697A330680C9B48E45B948CAFF9E20EA46C06F814C12BDAC84C2B67D4036AD63
Malicious:	false
Reputation:	low
Preview:	<root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610596029067-81" ltime="4012067552" htime="30861863" /><item name="debug" value="undefined" ltime="4097337552" htime="30861863" /><item name="segmentio.cb34ba69-b8f7-4589-90d8-a9cd65b780b7.inProgress" value="{}" ltime="4056907552" htime="30861863" /><item name="segmentio.cb34ba69-b8f7-4589-90d8-a9cd65b780b7.queue" value="[]" ltime="4054727552" htime="30861863" /><item name="segmentio.cb34ba69-b8f7-4589-90d8-a9cd65b780b7.ack" value="1610596037055" ltime="4092007552" htime="30861863" /><item name="segmentio.cb34ba69-b8f7-4589-90d8-a9cd65b780b7.reclaimStart" value="null" ltime="4092007552" htime="30861863" /><item name="segmentio.cb34ba69-b8f7-4589-90d8-a9cd65b780b7.reclaimEnd" value="null" ltime="4092007552" htime="30861863" /><item name="ajs_anonymous_id" value=""9838a8c0-2380-4721-af41-695942a99c27"" ltime="4058467552" htime="30861863" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610596029067-81" ltime=

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A5BAC63-561B-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24664
Entropy (8bit):	1.7945706429579977
Encrypted:	false
SSDEEP:	192:MgK/Kllpl09Jl47Wal47400l47SO+h3l4Dmsl4OQZ:MHiFuPo51eU
MD5:	9B65C8D0A9768FA070A9310B193973B4
SHA1:	C055021A3B92C23BD3F1649DE805173E4DF336C6
SHA-256:	8A835104B4F77374BB30A85C0CA91CB7F9A14F7263157122DE2EDE76D55C469F
SHA-512:	61328350BCF16CC270F44FAAF0BD2D51CC36CDE1839486EAD3B77A2851673B0EACA3E32220883841E237E7E1729CA671CD9538E33663FE767D3C29049804FDE4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F918E44-561B-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	38488
Entropy (8bit):	1.9028600415238053
Encrypted:	false
SSDEEP:	192:MyKZKJpa9Jxap0PaDLJ0+0pcod10Rbosg:M1ALaPQOy50PfIan
MD5:	2BF59D33A5BA926E2C81A2CAA3B5BBB6
SHA1:	BAC8C76A79EC5B834DBB4BD810CD615B818345AD
SHA-256:	998E2E1AB325CCDCCF5659DFABF7DDB846E46D662FBA7C22E045AB172DCF99A8
SHA-512:	A0DF63E0E207A7C2B59583DF2E3E51823628644C693830663FD2726B79D44BCFAE23C7AD43916ACCA0F59D1EF83BAE2301402EC3F81ABBAC03146A2A8E038115
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A5BAC65-561B-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27562
Entropy (8bit):	1.800023474028167
Encrypted:	false
SSDEEP:	192:MbKWbSJY7YFcFHpFCkJFDzF6YsXzvXSUTr:MGY2mYiFJFJFvF61XbXSUP
MD5:	BCF9F322A70538FDFE44872D215EFC6B
SHA1:	C1E07B54867CBBEEEC03699996C19AD421C9ABBA
SHA-256:	BAAE2DE265BD159D5AAB71AE0B63F4E78F05D466C971D623FE5F26E3DEE4BD41
SHA-512:	8B0337939CBD8D757461B2E9622B9E5CFD5C4135E7304E324C8DD177AC24A1CC716E278F63C0E2D7AD7BC5BE2F1037B3AB7BE9FD0500EA340E8A8A3B54F548E8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F918E46-561B-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27002
Entropy (8bit):	1.8799458466620422
Encrypted:	false
SSDEEP:	48:IvOGcpU7GwpNBG4pbfjUdG3HpkGfjU/sTGEpefjUOGSXp3fjU4YGBpXfjU8GF4pB:MSKVbTtdaGcUAB5bRZbosSIzo8UUz5r
MD5:	9D6D01F21F4B29D80E786D71B4A33863
SHA1:	762E9128F2B956E336BD0A67E964A5C347A06437
SHA-256:	1858D45662FA489CF10AFC103939F36529F39E4DA1BC32402E41C93D449AE069
SHA-512:	DE09AEB56B7CC441A7B5B124DD4A8AF1582D0F8B965D69CCD46324C8A57BC996B75FDD758D40E5234A04E6300B37ED0E9111D5D1F69BE7AFE15BE0B30385D14D
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F918E47-561B-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5867188904040586
Encrypted:	false
SSDEEP:	48:IvZGcpUQGwpNGG4pPWGrapgS1rGQpZ6G7HpCRsTGIpM2FQGApm:M/K4b2JYeS1F/V0R4alg
MD5:	4D84A24BCC58710983A8E4CD00046710
SHA1:	3FAF8FBF99524A026365F5F1B1DB686A820D121E
SHA-256:	9FF5E9A1A023722C752D423D78058E5BCFFC7E5F866AEF11AF78CB555E6E0BD9
SHA-512:	A7FDF9928A9E39E7831C4FB6CBC2143DBC4F3E6DC96A1B3705D4FD905A41EE08C78F15D35B4ED7B945D2230C8EE65818C6EC3663B8129B844EF6AD8B0A5985DF
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1241
Entropy (8bit):	7.245963793246759
Encrypted:	false
SSDEEP:	24:Yt4/pSym4kMz0v9Pb0B8EkKHUNnVqKy19szgpzGEMAp02Eflcaa:YUx0v9PoQ5VqKwspEe8
MD5:	0452FFCA235E91B4C6683ABAD06495D0
SHA1:	0E14A20E117844570CE8F9707D1E81489C4BA382
SHA-256:	B2849FCAB4A321D2833821D319F039A8567CB2E89C315559C4D45AEA70463AEC
SHA-512:	57457B321E4EF93C18A7F23D5EC63B1EE4DDECC191256A4E1F1C3250228E5BAF363A4FCB19488F14A4F5B9EBF9B114F5BA586FEA0DC0F6908DF3C06B7B08E780
Malicious:	false
Reputation:	low
Preview:	C.h.t.t.p.s.:././.p.u.b.l.i.c.-.a.s.s.e.t.s...t.y.p.e.f.o.r.m...c.o.m./.p.u.b.l.i.c./.f.a.v.i.c.o.n./.f.a.v.i.c.o.n.-.3.2.x.3.2...p.n.g.-....PNG........IHDR... ... ......s......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........tIME.......-......IDATH..MhTW...sn.5L..7!F..I...F..UQhT...........R(..jA..`Q....... IKM..A.I.Q'?..;o...t2If.~..x.{....C...2..P..C.>~..!0L......I...=\.W.-."I.K.H,r...V..!.v9Z?.ze..>.Ry.N..Jm..?....b..~..*..+O.i.).2}....1.BY.....L.(.aM.....?...f ..._.X...T.Z.f..S.{.#..{...Op.Y.87..X.9...[.,.$..Z\|oV{..c.\|#_c.. ....!.0..t.gs...X{c..6G.X.9....".e.........u4.",...G9'.NqN.....`..._..p.K[5..%.:0.7...zSh.7Q.........../L.2..2.x.Qj.....9 .$-.e88... ..G.YF.G....b.C.[%.u..c...q#.6..5....<...-...`.;..7..0....S.~.2....[...\|...:-.`....;..p.O....Z` .....>.4\|"\|........P}._...C.U....HX.5t.3..SH...R{U..^BV.=.m.vW.....>..i....oM.g...\}....v.j.n...'Z:..j...TP!U.NM.}..&.=x'3.B...w>..GE..8.....[r.9C/...d;.PH....3.m....[._ ......

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\analytics.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	356061
Entropy (8bit):	5.3421494353818195
Encrypted:	false
SSDEEP:	3072:X0GSREKFgJ8O0W8U2CtdZsE0nlZSfFp1Jv36yMtkcJsh+qykB:kGcEcfCtdZsE6lk7IuuC
MD5:	C972CB2152B4CA69E1AD84AD369E5D49
SHA1:	2D408DC4AA2394089E145D4619793835A5745AB4
SHA-256:	18FBDEDB7C4B401C5FFA1A76F429FEECEC9928679D485A0CE3F2EA90F709B61E
SHA-512:	3F3294A19D98A64C76929F3F098982B210D83E2FD55487B0B05010D5E073633770C697773682FE053A015CBAD3F316DE2211948F8D5DB2A0974E95BCD09D4FF6
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js
Preview:	!function(define){"function"==typeof define&&define.amd&&(define=undefined);!function(){function e(t,n,o){function i(r,s){if(!n[r]){if(!t[r]){var u="function"==typeof require&&require;if(!s&&u)return u(r,!0);if(a)return a(r,!0);var l=new Error("Cannot find module '"+r+"'");throw l.code="MODULE_NOT_FOUND",l}var d=n[r]={exports:{}};t[r][0].call(d.exports,function(e){return i(t[r][1][e]\|\|e)},d,d.exports,e,t,n,o)}return n[r].exports}for(var a="function"==typeof require&&require,r=0;r<o.length;r++)i(o[r]);return i}return e}()({1:[function(e,t,n){"use strict";var o=e("@segment/analytics.js-core"),i=e("@ndhoule/each");t.exports=function(e){i(function(e){o.use(e)},e);return o}},{"@ndhoule/each":32,"@segment/analytics.js-core":76}],2:[function(e,t,n){(function(n){"use strict";var o=e("@segment/send-json");t.exports=function(){for(var e=!1,t=!1,i=/.\/analytics\.js\/v1\/([^/])(\/platform)?\/analytics.*/,a=n.document.getElementsByTagName("script"),r=0;r<a.length;r++){var s=a[r].src,u=i.exec(s);i

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon-32x32[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	1069
Entropy (8bit):	7.54915864947209
Encrypted:	false
SSDEEP:	24:pym4kMz0v9Pb0B8EkKHUNnVqKy19szgpzGEMAp02Efl9:E0v9PoQ5VqKwspEeT
MD5:	4A35A27936C43081F0865E2E603DF15D
SHA1:	A6D584D829C87EFF74C08F770CD2EF78EE75742E
SHA-256:	DCAE3697C63FCB6AE03D2FD99FB96AF8B14848B71A259ED2E05DBCF5CEDEA5B2
SHA-512:	5DB18A7D2A60BD729F6F12E8A9B05F7A15E90C68CF3415993E8A5B1DB2B5BBA0D4B34B3F2A989E47C7495B9CF202703F0E50694E8865B0784A88EC1A40AF8787
Malicious:	false
Reputation:	low
IE Cache URL:	https://public-assets.typeform.com/public/favicon/favicon-32x32.png
Preview:	.PNG........IHDR... ... ......s......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........tIME.......-......IDATH..MhTW...sn.5L..7!F..I...F..UQhT...........R(..jA..`Q....... IKM..A.I.Q'?..;o...t2If.~..x.{....C...2..P..C.>~..!0L......I...=\.W.-."I.K.H,r...V..!.v9Z?.ze..>.Ry.N..Jm..?....b..~..*..+O.i.).2}....1.BY.....L.(.aM.....?...f ..._.X...T.Z.f..S.{.#..{...Op.Y.87..X.9...[.,.$..Z\|oV{..c.\|#_c.. ....!.0..t.gs...X{c..6G.X.9....".e.........u4.",...G9'.NqN.....`..._..p.K[5..%.:0.7...zSh.7Q.........../L.2..2.x.Qj.....9 .$-.e88... ..G.YF.G....b.C.[%.u..c...q#.6..5....<...-...`.;..7..0....S.~.2....[...\|...:-.`....;..p.O....Z` .....>.4\|"\|........P}._...C.U....HX.5t.3..SH...R{U..^BV.=.m.vW.....>..i....oM.g...\}....v.j.n...'Z:..j...TP!U.NM.}..&.=x'3.B...w>..GE..8.....[r.9C/...d;.PH....3.m....[._ .........%tEXtdate:create.2021-01-04T13:10:14+01:00yu.}...%tEXtdate:modify.2021-01-04T13:10:14+01:00.(g....WzTXtRaw profile type iptc..x.....qV((.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\form.9cd5d6381506e5950fe0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	227059
Entropy (8bit):	5.280936780615679
Encrypted:	false
SSDEEP:	3072:5hjrDWVbCG3oaMZ7wLNM5NTM20ZPL4BrWN0QzFI+VDvoDa9f:6Vb0aMsQlMBPLUr58dDvsm
MD5:	DD7F1393ACBF039DA8D9970914488D42
SHA1:	6471C4824923D895CCE1D956F1D93CC6C57AB9EF
SHA-256:	3DF9AAE60EBE3300471A343673C3771D554934DDA473CE495CD0539AEF8872A0
SHA-512:	C3E97929DABD62E75D54C47E5D6E59630407FF1FEA5BE94D4B2C8BC131541FAD1008D99294FE39887C468A951B951C0A4C2BF32DEA33901BEF1296CB336061F9
Malicious:	false
IE Cache URL:	https://renderer-assets.typeform.com/form.9cd5d6381506e5950fe0.js
Preview:	(window.webpackJsonp_name_=window.webpackJsonp_name_\|\|[]).push([[1],{236:function(e,t,n){"use strict";n.d(t,"a",(function(){return o})),n.d(t,"b",(function(){return a}));var r=n(10),o=function(){return{type:r.t,payload:{}}},a=function(){return{type:r.F,payload:{}}}},237:function(e,t,n){"use strict";n.d(t,"b",(function(){return o})),n.d(t,"a",(function(){return a}));var r=n(10);function o(e){return{type:r.A,payload:e}}function a(e){return{type:r.z,payload:e}}},238:function(e,t,n){"use strict";n.d(t,"b",(function(){return je})),n.d(t,"a",(function(){return Ee}));var r=n(80),o=n.n(r),a=(n(158),n(117)),c=n.n(a),i=n(3),u=n(26),s=n(75),l=n(6),p=n(505);n(442);var d=n(150),f=(n(24),n(506),n(507),n(608),n(20),n(13)),b=n.n(f),m=n(615),h=n.n(m),v=n(609),g=n.n(v),y=n(2),O=n.n(y),j=n(225),w=(n(22),n(29),n(472),n(84),n(208)),k=n.n(w),x=function(e){var t=e.split("-"),n=b()(t,3),r=n[0],o=n[1],a=n[2];if(!r\|\|!o\|\|!a)return!1;r=r.padStart(4,"0"),o=o.padStart(2,"0"),a=a.padStart(2,"0");var c=new Date("".co

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZlFRrg5s[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	124165
Entropy (8bit):	5.380626761533168
Encrypted:	false
SSDEEP:	1536:ZsWqzpZaX8ynI1Z4tG81pMH/+eA/7D5GccKppVCJ05S+obEIChnLd71UDWfeiynz:ZsWm3mIup7eDFnQyV8kAhvzwqy
MD5:	92BFEB5A4D6E58793D2F220ED20BC99A
SHA1:	C40D4F3B5C3F9E1EE3F70C2B36D4575F4169C49D
SHA-256:	BCC18DE8D008052D6BAD19E7EAF441443387FC0328A235901E3A337402607D7A
SHA-512:	98C15D32265FD0CCB1726C8FF88C568D0023D9C9245E2A07ED8EF23742E6CA48B628CCE2A17D88637C3F6E47C7B4FCADFDAAF4E7EBD41BB62E06DB94C2D9C48B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_25, Description: Yara detected HtmlPhish_25, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZlFRrg5s[1].htm, Author: Joe Security
Preview:	<!DOCTYPE html><html lang="en"><head><title>MlCR0S0FT 0FFlCE 365 - MAlL</title><meta charSet="utf-8"/><meta content="#434032" name="theme-color"/><meta content="width=device-width, initial-scale=1.0, viewport-fit=cover" name="viewport"/><meta content="Turn data collection into an experience with Typeform. Create beautiful online forms, surveys, quizzes, and so much more. Try it for FREE." name="description"/><meta content="ie=edge" http-equiv="x-ua-compatible"/><meta content="yes" name="apple-mobile-web-app-capable"/><meta content="noindex,nofollow" name="robots"/><meta content="no-referrer-when-downgrade" name="referrer"/><meta content="#000000" name="msapplication-TileColor"/><meta content="https://public-assets.typeform.com/public/favicon/browserconfig.xml" name="msapplication-config"/><link href="https://public-assets.typeform.com/public/favicon/apple-touch-icon.png" rel="apple-touch-icon" sizes="180x180"/><link href="https://public-assets.typeform.com/public/favicon/favicon-32x32.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\aa6e0ec721[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.340020120659463
Encrypted:	false
SSDEEP:	3:U3KTDW3MiqVkMWVrfUh:H6NukMWVr8h
MD5:	06DD80AEB628C60DC680BC7A4BEE6651
SHA1:	8C86EB7DDFF5E1E5D527BD7A41C9D3F6767E23E0
SHA-256:	5E864C2E3F674C60970513411EAEEEAFD2D615D842E65EC01D09CCFCB4A7B38D
SHA-512:	C6EE8252743A760AD7BEE017FF7A804B6E34236764BC5630289D5E4C7C15E38CB971F161821586F0235882FD581630F1531FD6396761BF1284581CD8C2CAC4C6
Malicious:	false
Preview:	NREUM.setToken({'stn':0,'err':1,'ins':1,'cap':0,'spa':1})

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
SSDEEP:	6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
IE Cache URL:	http://www.bing.com/favicon.ico
Preview:	.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\large[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	283919
Entropy (8bit):	7.970997679074108
Encrypted:	false
SSDEEP:	6144:DNmdUglMt7+XF0CDk8tZcIlpatPG27ZGAOl93b/myKU:DwrlMt7+XFXD9Z/paRGSZGnOXU
MD5:	0554F0D0A177ACFFDF74BD226B654D77
SHA1:	DB298AA8FA59397323F8ABC0D91E12F64E298988
SHA-256:	FF6D65827CC40A27DCAE15A090D56D3FB38536A3B76A3ED62732C86EC6F05AB0
SHA-512:	6EA26FF4BACBF426B403E1FCB19D5B17913B0560EF81AB937AECC9D55F6941DEF849C7506AD40A46F0E3DC77ABB53FEE5ABC6C5EC18FC084000829A6A1BD97D6
Malicious:	false
IE Cache URL:	https://images.typeform.com/images/nXkRcNPp6wtg/background/large
Preview:	.....C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......8....".......................................G........................!.1AQ."aq2....#BR..b.....$3r.CS.%4c..D...&Es..............................1.....................!..1AQ"a..2q.....B....R#.3............?..U]J..<..R.....T.1.,1@:0.rF..H.6..g;.DFLQT.T...W6.. ....P..1WQh.6.w...f....a.....J...R..T.@J.P..J.A1S.u1P..J.(....J.T...AT.^..U.&.W.,P....X.T2...j.Z.@V.TU.Z-......QO....c..4R.>.b<..1R.JP(.}j.;b....S.....b.q.Ed...j..sQ.9..dr.).S...T.c?.G.02....{5[e.....j....F.....:...M....5<:......j.(..zV.....K-...V.7.........J...0=.b...U....^......Ai...K.,.0.k..W........S.G.V.....R...9..<<uZ.=V...z..i=........z-M.J...).....M...S...C%`T.^(...J<U....S..b..zh....,U....D.X.x...J=5x...@U..Uy....I..&.....F.S.A.P.:..WR..UJ.x.R..W...&Qb.(h..T..1P..Q.@LT.]J.&T.@J.P..J...R....UGC@UJ:..%J.(.R.J..]J..XQT...L).8..t..@)..).)l*..

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\renderer.0f5a683b381b67dbbf89[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	547595
Entropy (8bit):	5.364917573850198
Encrypted:	false
SSDEEP:	6144:6dGbloGH/Oj9iAv4FulWwPfqz+5Z/jaZ6ZTDOY3hiuXrlx:4JpjfPZJeY31x
MD5:	0D4FA25B79D12FA4DFF120ACB7069AF8
SHA1:	A28C700592908992B0489B6CE9B269DDEC2860CC
SHA-256:	BC722206827BE6DA76A00C5B6362D0663B14264B9AFD0AFA672FED1E7E20DA85
SHA-512:	4EC4D441A31F69817F9A88C9B6B6CDF678D05AF8C21D79980543D9E10770972C24187234754DDC577EF634A1D189EC1FD74074827DA15CCAEF9ECC553B6ABF11
Malicious:	false
IE Cache URL:	https://renderer-assets.typeform.com/renderer.0f5a683b381b67dbbf89.js
Preview:	window.renderer=function(e){function t(t){for(var n,o,i=t[0],a=t[1],u=0,l=[];u<i.length;u++)o=i[u],Object.prototype.hasOwnProperty.call(r,o)&&r[o]&&l.push(r[o][0]),r[o]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);l.length;)l.shift()()}var n={},r={3:0};function o(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,o),r.l=!0,r.exports}o.e=function(e){var t=[],n=r[e];if(0!==n)if(n)t.push(n[2]);else{var i=new Promise((function(t,o){n=r[e]=[t,o]}));t.push(n[2]=i);var a,u=document.createElement("script");u.charset="utf-8",u.timeout=120,o.nc&&u.setAttribute("nonce",o.nc),u.src=function(e){return o.p+""+({0:"blocks-matrix",1:"form",2:"phonenumber",4:"vendors~attachment",5:"vendors~blocks-ranking",6:"vendors~form",7:"vendors~phonenumber"}[e]\|\|e)+"."+{0:"0544beec0e1a4e11a24a",1:"9cd5d6381506e5950fe0",2:"6ea5ec50b9fa21e816ff",4:"6e37d3fcdf703c1517e1",5:"f8aee16223a106724ea1",6:"965f5dedbb854e83c6c8",7:"32d78847

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ZlFRrg5s[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	124165
Entropy (8bit):	5.380626761533168
Encrypted:	false
SSDEEP:	1536:ZsWqzpZaX8ynI1Z4tG81pMH/+eA/7D5GccKppVCJ05S+obEIChnLd71UDWfeiynz:ZsWm3mIup7eDFnQyV8kAhvzwqy
MD5:	92BFEB5A4D6E58793D2F220ED20BC99A
SHA1:	C40D4F3B5C3F9E1EE3F70C2B36D4575F4169C49D
SHA-256:	BCC18DE8D008052D6BAD19E7EAF441443387FC0328A235901E3A337402607D7A
SHA-512:	98C15D32265FD0CCB1726C8FF88C568D0023D9C9245E2A07ED8EF23742E6CA48B628CCE2A17D88637C3F6E47C7B4FCADFDAAF4E7EBD41BB62E06DB94C2D9C48B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_25, Description: Yara detected HtmlPhish_25, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ZlFRrg5s[1].htm, Author: Joe Security
Preview:	<!DOCTYPE html><html lang="en"><head><title>MlCR0S0FT 0FFlCE 365 - MAlL</title><meta charSet="utf-8"/><meta content="#434032" name="theme-color"/><meta content="width=device-width, initial-scale=1.0, viewport-fit=cover" name="viewport"/><meta content="Turn data collection into an experience with Typeform. Create beautiful online forms, surveys, quizzes, and so much more. Try it for FREE." name="description"/><meta content="ie=edge" http-equiv="x-ua-compatible"/><meta content="yes" name="apple-mobile-web-app-capable"/><meta content="noindex,nofollow" name="robots"/><meta content="no-referrer-when-downgrade" name="referrer"/><meta content="#000000" name="msapplication-TileColor"/><meta content="https://public-assets.typeform.com/public/favicon/browserconfig.xml" name="msapplication-config"/><link href="https://public-assets.typeform.com/public/favicon/apple-touch-icon.png" rel="apple-touch-icon" sizes="180x180"/><link href="https://public-assets.typeform.com/public/favicon/favicon-32x32.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\aa6e0ec721[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	modified
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\aa6e0ec721[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.340020120659463
Encrypted:	false
SSDEEP:	3:U3KTDW3MiqVkMWVrfUh:H6NukMWVr8h
MD5:	06DD80AEB628C60DC680BC7A4BEE6651
SHA1:	8C86EB7DDFF5E1E5D527BD7A41C9D3F6767E23E0
SHA-256:	5E864C2E3F674C60970513411EAEEEAFD2D615D842E65EC01D09CCFCB4A7B38D
SHA-512:	C6EE8252743A760AD7BEE017FF7A804B6E34236764BC5630289D5E4C7C15E38CB971F161821586F0235882FD581630F1531FD6396761BF1284581CD8C2CAC4C6
Malicious:	false
Preview:	NREUM.setToken({'stn':0,'err':1,'ins':1,'cap':0,'spa':1})

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\default-firstframe[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 158 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4301
Entropy (8bit):	7.933099795148911
Encrypted:	false
SSDEEP:	96:DJsJ9I1DId7LovB7A/LIVh3wJSRhRAnGn6pfQDEk/3o:W77L2t6InwmgiyfQto
MD5:	7EDA9EC93D911B48A77B18FFAD77F7DC
SHA1:	1678B6CC7973C764289783D63A7797E1AE85DA99
SHA-256:	00BAB0371C61890A7EEEF86A0C1F0E4F037861C02E78EB1BE127CA00288F91E4
SHA-512:	7A6DF695ECFFE124E066672548AEBA8CD5E88140B5C2DA80153825544A6F44350A966A8006716076FDC972B778533268EA28033ADDC5446C3338668A047E71B7
Malicious:	false
IE Cache URL:	https://images.typeform.com/images/CJr828dpN5yQ/image/default-firstframe.png
Preview:	.PNG........IHDR.......0.............pHYs...........~.....IDATx..\.tU..b-3N.. :...A..$..r......Z....-.[.....,SWK[.T..U..Q;L....F^..IHB......$ ...#$.....o....%..W...............K...K...K....)..L...]..q.e.3s(..5.3.u..M.....W.....l....A.?...iG..VebB~:.!.{.y.e...t..^.Y..".o4ec.A.J......t}wS.Kj.........]i.R.t..8. ..5d.W.al!....[..a.a......?..u).-.........J;R.\....)........<..M.\..o....[.b..r<...%....D...go....m.b...?..lY....z:.t.H....w...Ui].U ~...h..2.O.{q{.._........S].O...s..>....T...W`.U.4J.b..C.EY.EO.....1.....F/.z...... .z.f...d.?p!>'..c.....*&..4...>.....i.O.....t-...0.....c...e{.....^.\..?..+...s...xZDY.......~.. .q.j......./.....#..Dc....[..g....V...>.X._.a.....9.z.....L..F.n.j..g...'...J><.`E....Vn..'..$.g^....`...#..e\o.x.16..a. .:....E...t ....xjI:FuzYA&n4..c..K......A<X..q+3p......NOw.o.p....ka...v#.5......s_.~&.v.hn..(.yW....0`Y:..H.`..._....pw-.o.........:U.....{.g.#..0f.A........).O$D.(.w[.c.Y.>#..lx>...t.N......7...7.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nr-1123.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	24380
Entropy (8bit):	5.3039076589847856
Encrypted:	false
SSDEEP:	384:yNeRyajOhmUdGa4PFaOy0hGF1Ux9EmiwbikgkYPMvFzoUMC0GPwi5MteM7gN+u:yNP0HgGa4P7x+XM9zoJmlGtGN+u
MD5:	7FFB242072196E9DB5F4F1BFBFA2ED7D
SHA1:	6CFD443F06C2D4E96E14765E045277B67DA0EEC5
SHA-256:	94CDF5B7F868883DE0E1248CD80B42DD84E3F38685F2B234747550C02190DC82
SHA-512:	371BCC019D60EDBC2DD331F379AC46951B6D8E50FCA25FC79062C02F4E78A6B41DC884C590FD2E8F47EDE8BC392F3A84B0CFE102386282504538BFD157848B17
Malicious:	false
IE Cache URL:	https://js-agent.newrelic.com/nr-1123.min.js
Preview:	!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '"+t+"'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){var o=n[t][1][e];return r(o\|\|e)},s,s.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i++)r(t[i]);return r}({1:[function(n,e,t){e.exports=function(n,e){return"addEventListener"in window?window.addEventListener(n,e,!1):"attachEvent"in window?window.attachEvent("on"+n,e):void 0}},{}],2:[function(n,e,t){function r(n,e,t,r,i){d[n]\|\|(d[n]={});var a=d[n][e];return a\|\|(a=d[n][e]={params:t\|\|{}},i&&(a.custom=i)),a.metrics=o(r,a.metrics),a}function o(n,e){return e\|\|(e={count:0}),e.count+=1,f(n,function(n,t){e[n]=i(t,e[n])}),e}function i(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.te.t,c:1}),e.c+=1,e.t+=n,e.sos+=nn,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function a(n,e){return

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LnkQ4hGmxTTD[1].png Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PNG image data, 131 x 109, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	11245
Entropy (8bit):	7.975358433194237
Encrypted:	false
SSDEEP:	192:mbz+31SP85NJJDasl02Sj6cPXana59Wh50KH83Yh7Ewnp4Un5To75yhoEbN:ONIlSB/aabCeHSEwnp4UnpoFhEbN
MD5:	9936A0F33BBE88F448A1E166B8CCD4A9
SHA1:	EBBE8544383B73EB0C8BA6733B3588F7781B5B23
SHA-256:	B0CF2B3D20750F69559365B1926CA243502BE1E58EFBCB45E8315C943BE1BCDF
SHA-512:	58BD2ECF7E1DADBC96DF63B01595C5B8E5E9301B5AC55645B6F36C4B831F39E89375476076CCCC20204B53960C153FBF1103710A74DC41EEBC23C5ABAD5814F0
Malicious:	false
IE Cache URL:	https://images.typeform.com/images/LnkQ4hGmxTTD
Preview:	.PNG........IHDR.......m..........+.IDATx..].x.U.^.H.d..f..l(b.......`......)...g..SJ...M.....bGQ." .;...M#$.......L.....s.Mvgvg.{.{.s.....V.....'.YR.s..?-e..V..t.......SE0..%...V..e............-.....r.[..=_..W......(.g..KC.....[...8.X..;`S .U..=.('.....S,..Z..Gq...........,..W...p._...o.?.>....c....?..........A....Q..].s....+..^..NOj..Y....%..3.&.n.......b..0...B.......!$G..rN....+.r..tL...M.(.{XY...F6....]RY....Y..XS=9$..k...k....$........S0.'c.~.....\|.z......A..)..._.#..QN....&.........P.U8..%.vM+....B..1.?..UP.....3..f......J.@.h....xc$..5...a>~....1..&.v^... ....f....5.C3.g.).c.#...\|_J........Z.jWO.f...9w.q...o(...&i%L....#V.\|.,..4M@.W..ZQ`.P..T.........5K...w..}.Jsj.ZR.W`x.f.3.\....C.J..*R...g..S2.qx...&N.yr.B...0..'......,....`:0A..%.\.A^%fa........y}.+..6i..fx..d..8..).e@..Uk.}...S..M8..}.:.Qk..K.S...[...H.T.Bh..i..\'..%..$Q..W....eI.....ru.._....ySy..t..ZR..b.V.:.M.........`:.9.L[.V...Mu...U.7X.....3.G..9......Z....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\aa6e0ec721[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\default[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 158 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4301
Entropy (8bit):	7.933099795148911
Encrypted:	false
SSDEEP:	96:DJsJ9I1DId7LovB7A/LIVh3wJSRhRAnGn6pfQDEk/3o:W77L2t6InwmgiyfQto
MD5:	7EDA9EC93D911B48A77B18FFAD77F7DC
SHA1:	1678B6CC7973C764289783D63A7797E1AE85DA99
SHA-256:	00BAB0371C61890A7EEEF86A0C1F0E4F037861C02E78EB1BE127CA00288F91E4
SHA-512:	7A6DF695ECFFE124E066672548AEBA8CD5E88140B5C2DA80153825544A6F44350A966A8006716076FDC972B778533268EA28033ADDC5446C3338668A047E71B7
Malicious:	false
IE Cache URL:	https://images.typeform.com/images/CJr828dpN5yQ/image/default
Preview:	.PNG........IHDR.......0.............pHYs...........~.....IDATx..\.tU..b-3N.. :...A..$..r......Z....-.[.....,SWK[.T..U..Q;L....F^..IHB......$ ...#$.....o....%..W...............K...K...K....)..L...]..q.e.3s(..5.3.u..M.....W.....l....A.?...iG..VebB~:.!.{.y.e...t..^.Y..".o4ec.A.J......t}wS.Kj.........]i.R.t..8. ..5d.W.al!....[..a.a......?..u).-.........J;R.\....)........<..M.\..o....[.b..r<...%....D...go....m.b...?..lY....z:.t.H....w...Ui].U ~...h..2.O.{q{.._........S].O...s..>....T...W`.U.4J.b..C.EY.EO.....1.....F/.z...... .z.f...d.?p!>'..c.....*&..4...>.....i.O.....t-...0.....c...e{.....^.\..?..+...s...xZDY.......~.. .q.j......./.....#..Dc....[..g....V...>.X._.a.....9.z.....L..F.n.j..g...'...J><.`E....Vn..'..$.g^....`...#..e\o.x.16..a. .:....E...t ....xjI:FuzYA&n4..c..K......A<X..q+3p......NOw.o.p....ka...v#.5......s_.~&.v.hn..(.yW....0`Y:..H.`..._....pw-.o.........:U.....{.g.#..0f.A........).O$D.(.w[.c.Y.>#..lx>...t.N......7...7.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\urlblockindex[1].bin Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	1.6216407621868583
Encrypted:	false
SSDEEP:	3:PF/l:
MD5:	FA518E3DFAE8CA3A0E495460FD60C791
SHA1:	E4F30E49120657D37267C0162FD4A08934800C69
SHA-256:	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
SHA-512:	D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
Malicious:	false
IE Cache URL:	https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin
Preview:	.p.J2...........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vendors~form.965f5dedbb854e83c6c8[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	418096
Entropy (8bit):	5.702124589125958
Encrypted:	false
SSDEEP:	3072:hO203o4PRjCe7bmD2NF1q2ZG8njVKG85sLGU115ZZQjOurJgR8rrjoP7Gwc4/:hUCkbm6r1q23nkGEsLGgt0a5PKwB
MD5:	6F33B62669DF8B6E094E941BB2F1BB39
SHA1:	D2A46B58E82E30176BDAF55CD018FC89AB9F0C23
SHA-256:	645A6486495927D9FC72EDF35C46B50C990F3DCED2101C79F753F6FA8EC11E16
SHA-512:	D0BDB5C7E927C49908667D60B967D75A0D3D7E05FE09A1F24ED13C2F7E411B6D9B57E140CDD7FE742F3ED7A6364EE6AEB8FC1DB1116364F3B6309A4DE30FC482
Malicious:	false
IE Cache URL:	https://renderer-assets.typeform.com/vendors~form.965f5dedbb854e83c6c8.js
Preview:	(window.webpackJsonp_name_=window.webpackJsonp_name_\|\|[]).push([[6],Array(429).concat([function(e,t,n){"use strict";n.d(t,"a",(function(){return R})),n.d(t,"b",(function(){return v})),n.d(t,"c",(function(){return A})),n.d(t,"d",(function(){return q})),n.d(t,"e",(function(){return l})),n.d(t,"f",(function(){return H})),n.d(t,"g",(function(){return K})),n.d(t,"h",(function(){return P})),n.d(t,"i",(function(){return D})),n.d(t,"j",(function(){return X})),n.d(t,"k",(function(){return re})),n.d(t,"l",(function(){return ae})),n.d(t,"m",(function(){return ne})),n.d(t,"n",(function(){return ce})),n.d(t,"o",(function(){return M})),n.d(t,"p",(function(){return j})),n.d(t,"q",(function(){return L})),n.d(t,"r",(function(){return F})),n.d(t,"s",(function(){return N})),n.d(t,"t",(function(){return le})),n.d(t,"u",(function(){return ee})),n.d(t,"v",(function(){return Z})),n.d(t,"w",(function(){return J})),n.d(t,"x",(function(){return z})),n.d(t,"y",(function(){return oe})),n.d(t,"z",(function(){retur

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD9543EC.jpeg Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 816x1056, frames 3
Category:	dropped
Size (bytes):	65057
Entropy (8bit):	7.714453186203319
Encrypted:	false
SSDEEP:	768:WbZakMgV6yb0BGmdBGAUx3BZP3tUL4dbsaPaVOZIBeSGrS0GUysJEWznmkXHGdhc:WQbgQywBGmkla+bsaCaWyVvXmkXwhH8
MD5:	89776C76604B8117DFD73CA3604286AB
SHA1:	097D88821166432D9C8EF52CF807353BCC34952F
SHA-256:	5F43444269E5E9E7D1B94660AD93B9CCFED6622A1D415BDE414D478526A3F5D2
SHA-512:	68C2826235479DC52C10A6EAF078BA3FA0D77120517D608A69349258F5C3646382431CCDA4AEEBCA1026EE877AE180F06E44E6FDD6888681C660D053EA3427BA
Malicious:	false
Preview:	......JFIF.....`.`.....C....................................................................C....................................................................... .0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(

C:\Users\user\AppData\Local\Temp\~DF1438C06CD593C8C1.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29745
Entropy (8bit):	0.8302299960444566
Encrypted:	false
SSDEEP:	48:LypvIzGvX3Qxmx2zGvX3awxSaSrasFgs/Defh2y:LypvjX3Q4fX3awxSaSrlF37efh9
MD5:	D6C02A79454EFEBF6F998C62FA1F44B8
SHA1:	24B1B3BBB9E9B8ADC27CCA3C47E73CD8B26BA2F3
SHA-256:	F3AF504CDCFA3AA0DFA4DBE2CEC0197B09E1290F2C56DD7CF675321D8CB8A7FC
SHA-512:	45E32674EDC2E892D9D0F55E003BD805DB908E0B97671EF7F21083252A4B86246DC604B2BB3D54FF83B7F1E215412113BC04BAF0B3187899813367146DA77779
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF758405FF2DB93ED8.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35323
Entropy (8bit):	1.837049069735822
Encrypted:	false
SSDEEP:	192:LyPvgbX9wblVRDz43cq1F8F1bYFEFaHTF+FrHsXSU:LyPvY9iVRYsq1F8FaFEFWTF+F7sXSU
MD5:	A55AE6B83B3E42D9033DB8941262BACE
SHA1:	15AFCFCC3891BAECADA47E88C2ECE126AF158E33
SHA-256:	76C606B494E2F1784A624854F8AB255DDFE027332AD23976B0C00E4F9E1BCA68
SHA-512:	BFA68D0E8E663F102D817AFE80B58520B5FEE2202F95811DF2B7D50930D91948A5E72132EE8CA38DDBAD41F096777C52152D63412E9E2DEAEF440E1B94A2B2F9
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ...........................................'.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAAE8432BB923397E.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35359
Entropy (8bit):	3.2773903696680775
Encrypted:	false
SSDEEP:	768:31HYEbNIG0dn2s4EwHYEbNIG0dn2s4EoHYEbNIG0dn2s4EwtT1XNIG0dn2s4E910:Dt
MD5:	C3B66F74B903273FB75AB4EFB7EEFAEF
SHA1:	2CF9F5BA973CA1C7E9004DFA47B4115E26B5C950
SHA-256:	31AC6AFEC3A95D167A123B808F12BBA8E38B0B1CD4CCB273EE154591B27374FC
SHA-512:	831B1027B096CF84AA6320D392E859473D9C044FC8F9020C79336548F6A99504C3B16848631DD3673FB8D520B0082392A99DCC0F5F4F1FE79401C1CDEBA1D45B
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ...........................................`.......................................................`...............................................................................................................................................................................................................................p....................................................... .............................................................................................................................................................................................................................. .......................................................`.......................................................0...............................................................................................................0..............

C:\Users\user\AppData\Local\Temp\~DFB61A021F64F16CCB.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	1.4347864649604056
Encrypted:	false
SSDEEP:	48:LyWGz35vyGLX3Z0qI06GvX3f0zZtftsWt8ZNVW3t83t8t83o:Lyl35v1X3ZXIeX3f25y2x
MD5:	652AC7B0CE5C73E17290B0727B4603D8
SHA1:	377B6BA360853D3EE6FEFE5159DC48B610AC01FC
SHA-256:	5724AFF98E1686A857129639B03113869A0A3DE0606ED70EA2275964FD52C8BA
SHA-512:	B1C176B330417A6902F23AED4B70C682871EBFEF829364BF780AED2BA46D9838942C1352A89F87DC11D178FEE8C75BA5E5E39BAA5A09D1D6BF1B5849A4748388
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ........................................9D.'.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFED3B607D918E1FC7.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	12965
Entropy (8bit):	1.5595226657656143
Encrypted:	false
SSDEEP:	48:LykG/T9vyGW5TdlyqIly6GMcSOSgSEKoEg9Uly9z/TeXWz/SFSg:LyrT9vMTdlJIl0BhnZylY7eWG
MD5:	77CDC0D2A7A1E84FF61BA20E42DCA57A
SHA1:	BBF427D46B837C882D3448FA49E9ED01CD4415BE
SHA-256:	F29BCA4AE8E70FE16FFF04D1D70BFF2A7ADE8EB1DF3AF0FE00A4E11CF250F77A
SHA-512:	EA70F218FF347C9D0C7B3C9F38B7F8B7C5B534D044433A70BC9E31A8190F04A37EAD0B6AF1A6137F198005A3964EB4C8384F3B01BFD2D59B212D340732346205
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ...........................................'.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0IVJZWGF.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0M389YWH.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	312
Entropy (8bit):	4.726694248955823
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/kNR3GZTV1WSC5sJ:KidGSUuyst0QfCKZaTV+o/qaTVSm
MD5:	DB41E8AD01B95F42697D13A2A2CFA4FF
SHA1:	BB2594B78C16035820310432C75AD7458F246D14
SHA-256:	4F94A7E3C52DDBEEC53B7E6EB61BBD1766067CDD1EE8886D9F8AAD3BDA3D63A0
SHA-512:	A3CB75383340045648E63BA4E7A7CD5B49142E23AF62657ECAFBC3C1B8B167A800FA9CF19198908D9EAB8E6535DF35877F1D6CFF66DAF8EECB3E7E22E02178E5
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs%3Acookies.true.typeform.com/.1600.1742691456.30935289.4019005598.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0ZAK4VQK.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.707263341461544
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV/dFkiaaTVgSf:LGNuy2p6KZy/601mdFkPpSf
MD5:	0922553DB55B875A35E5BB6636D35680
SHA1:	38D37260B6566EE745CDF0DBCFF0E3A3C745F165
SHA-256:	FB61D86BD124EC3850957D026C3B71DEFA0E987BCF056E9759C26ED386F54BD3
SHA-512:	94CF62563C9DF22FF82A6FE537453445A5866B1FE1C6AECD024F5820EAAF7988FB993FF21DC66E8E82DF953ED3CD1AAD1E3E5FA14FEC69CB16DA2C4C9A4117A4
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4054573660.30861863..ajs_user_id.17518972.typeform.com/.1600.1772691456.30935289.4050985654.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\20VGRT90.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	4.704139743582235
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/sWr3GZTV1WSC9b:KidGSUuyst0QfCKZaTV+o/s2aTVY
MD5:	40C1920BA013673688039D6EAE82C6E3
SHA1:	61324E4193F75471A29F591C12E141793FA87D75
SHA-256:	3D159707EF26F226857520AE889EE6FE0338891B3F307D3BCBF8272885E3AEFB
SHA-512:	7C54604E7240133D544272DD097C2E7B9E0F645D1A5645EF189D355D16FBED63F671E5B3A2447317F89E84CB453D9EB2B6B3E7A36005714F123BDE340578B8D5
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs%3Atest.true.typeform.com/.1600.1742691456.30935289.4019629599.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\20ZR2Y7K.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\2JSRVNIO.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3I7TV12Q.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3TOYTGUQ.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	433
Entropy (8bit):	4.7406348798210445
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV+saTVw:LGNuy2p6KZy/6019sj
MD5:	D555E1AD74D72DB2A2D19179673CEA99
SHA1:	1009ED6DA8B48B52C9839FB2C2F61DCF16691B71
SHA-256:	407A1B3CFEBC0D8BA56B5DF4D03C5E08B956C14E85DF04351B74A9C9B7969B10
SHA-512:	86F68695F483D5B6DD22D842097BB065BF2181CD464BF0711F25BB6891ABB0901C17375737229256181AF1B6CD309A583AD2379931EB3EE587B019AEE32E394C
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs%3Acookies.true.typeform.com/.1600.1822691456.30935289.4097654736.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\61WDY4FD.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6JXJQNR2.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6OV9DG0T.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.705987098465265
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVacSWiaaTVgSf:LGNuy2p6KZy/6013PWPpSf
MD5:	0AD62076DA5374AF0B01C8CC93EA4DF6
SHA1:	16F7A5FCB39F95A66FD6D3CE8608B34DCBB30AE4
SHA-256:	B3ABC6C2AE3A694CF11FE827AFBBCD9217655C5BAC48B290EEDE91B71B5EC9FF
SHA-512:	B170E7327C9BF58404B2F3C64A31646A5504D9709216C0443C04220E871046B2CB85FEF8642A07D88ECA386B07CFACFEC73D32E099A8012B589E91EDE0856393
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1752691456.30935289.4030549618.30861863..ajs_user_id.17518972.typeform.com/.1600.1772691456.30935289.4050985654.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\8KKQ3SO9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	353
Entropy (8bit):	4.7025495373060595
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZF:KidGSUuyst0QfCKZaTV+o/60VaKaTVUA
MD5:	801603A0070532B2201FDC45343A2337
SHA1:	0454A868C6EBCC43966345C9058C241B252BCE50
SHA-256:	A4131791D476D56A571D93F52BE1D4E2EB43E593828879DB1090AE7123C75661
SHA-512:	FB98F20402D66599B9AA5C4354FF53DE856F2266ABBAE617BF68C66ADEAA666E7DA6FD8BF950228BFCA13D371F5408FC47C79ABD7CA5CE4891BA316341405D19
Malicious:	false
IE Cache URL:	typeform.com/
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1862691456.30935289.4132648798.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\8TA4U5CQ.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.7061116046885605
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVsiaaTVw:LGNuy2p6KZy/601JP7
MD5:	88CF2B5F9EB402F5AE1772BBAA2E97CC
SHA1:	5183725DDCF59A0DCBB08EFB1518BFA238059899
SHA-256:	F03D57E2FC6DB2C949FE31833FE7B8D3F974F504D3BC6691F7C685ED02B52295
SHA-512:	10C3F61DE63E20F7989486C8669C043C35FDA9454466C27BEA20F5C4EC97AD0ECFEDD99F7AF2DD1837DA14CC1E27E6AA1A70F2E51636EB796030F1834D15B685
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1822691456.30935289.4098278737.30861863..ajs_user_id.17518972.typeform.com/.1600.1822691456.30935289.4098278737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CDYV1254.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.702633798922483
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/ciaaTVGKS0VaKaTVGKY:LGNuy2p6KZy/cPwS01wY
MD5:	C89EB5CE2CB90FA694F8F801A66D0A6C
SHA1:	3B2504C547FAACC09081036E1EA098FBD9EEE209
SHA-256:	34CD01677BD830188A0500C3D6A76DBC586B232A80562C1B5142C9406B71A8B1
SHA-512:	422C33C885195DE35FAEEAD739BB86169E7FC42B0F2F40FA492290B571D42A230D082B83A858E773CAE2ED7D86B3A2F42553B3AEF745D9BA55252C296BBE09CA
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_user_id.17518972.typeform.com/.1600.1742691456.30935289.4020097600.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1742691456.30935289.4020097600.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CJCZ07BY.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.706647069440039
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV+eiaaTVw:LGNuy2p6KZy/6019eP7
MD5:	30A11F812167CDA15D41435790E280A5
SHA1:	E30AF84CEF31E8A9659F28517E24020B3B9856AE
SHA-256:	ABDB8DA7C1392D7E5CC952DED660D8F10394B00CAB8D276D36063FABC2B80661
SHA-512:	7F1429F419B1B0FD755D8BDC27BC3C08745806F3D30595768756BD00FB4AF8336C3638B1A4DB02321F0F0D8256EFC0F7928CE996EE98AD35634224F03C922627
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs_user_id.17518972.typeform.com/.1600.1822691456.30935289.4098278737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DFX1YDJF.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.703824741689355
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVlxiaaTVw:LGNuy2p6KZy/601ExP7
MD5:	B5A4C720F4C2CE34E28E41543F889DF6
SHA1:	B7D8C8E323032F85D8FFD5E51901B0F6750CE9E9
SHA-256:	61108A610490B749211B5ECEC8FC0A09219CD4100C2FE9F522A339F8510A1B94
SHA-512:	D4CF03C2BD40775E22455EAB969434B0454A54D06440391B37E0D8F7F53ED80A55578D59D0CCADF39C8F15B1E1FB57AC1BF5E3457CDCEB41135F93C168621304
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1832691456.30935289.4101604744.30861863..ajs_user_id.17518972.typeform.com/.1600.1822691456.30935289.4098278737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EUI3WW1C.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.698264655757748
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVyiaaTVe+t:LGNuy2p6KZy/601DPKt
MD5:	4C544802ED616B137FFA4686ADC427D5
SHA1:	3400FC82D955020C60DDD7A801C3BCF50E9A20B0
SHA-256:	3D568AF31C8DF45853CF78BD512820E1378EC124C28C79BAA447946B88E4068E
SHA-512:	32FE4673BEAF50F022ADDB2682A0FBB8A52FD5356FAD6B6EB65809C777FB3047ED438668FDF3E61518E5FE1F0049429601E6BECEC9F9C51AD6EC354FDD61931D
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1862691456.30935289.4132492798.30861863..ajs_user_id.17518972.typeform.com/.1600.1852691456.30935289.4125628786.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FO0K0RAI.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.417859370177965
Encrypted:	false
SSDEEP:	3:GmM/ABHlGPJr2DfTMBSqJGGESMMvEDWu+bsvSRUG:XM/kEPJmdqJGRVGAWu+bstG
MD5:	95EDA434ED981A9197227DE82435E323
SHA1:	6F81601EC4DF276EFC88EA8FED79E83C4DC92ACA
SHA-256:	181B3644BB8D88004157BD701E9D77F177E6B9F8013AA34F2CFD30A0D3E8CF71
SHA-512:	88A1BE0C7593C874740E35F56A8FB8CE0A38A3B1CA5D591D01376AE7D8E195BD54D3F30E3E38D64143AB1360D912B694A0228B4C3A8FD41F04F7D9A8E26A92FD
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HGL2IKT9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	312
Entropy (8bit):	4.724894726767308
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/kNR3GZTV1WSC9b:KidGSUuyst0QfCKZaTV+o/qaTVY
MD5:	6CAA692953BF0C8F2CDF6B8B6402190E
SHA1:	837A1F2A30116612C5738FA6017CA5574D92699C
SHA-256:	901271A3EFC68EDA24E691957BD8C6A61CA4ABCD259DF1FE54A1850CC1D4E543
SHA-512:	270498A88C14A7D13A3921EACB7B8A259B1E5ADFAAA1982FAD354B86F58EBCC81A7A35D9FC05FEE0E717B6DDBC3DA48F1B78CB199ED429789116867C8D00F319
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs%3Acookies.true.typeform.com/.1600.1742691456.30935289.4019629599.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IDC3M5RT.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	4.72590788010807
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV++2aTVw:LGNuy2p6KZy/6019+2j
MD5:	D2E58225E79F0EBACBB7CD7D511F2BF7
SHA1:	087B765055F1ADBB4735EA0A5EEC970F1B0F3884
SHA-256:	025F65F057D476E03035D34A4404D6D10E6650F8D712A9B154FEF274A4288F0A
SHA-512:	97300B76F193027E704BDCC9E299090567D56F83B79293DEAB8B62DE92030B56FD669B5687F5B407FCC3E3AD2656802D4E8AA7F90E75B89F1D21A17E791AB6BF
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs%3Atest.true.typeform.com/.1600.1822691456.30935289.4097654736.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IK6H81ZK.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	314
Entropy (8bit):	4.673023662532751
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/cqRaGZTV1WSCmG:KidGSUuyst0QfCKZaTV+o/ciaaTVC
MD5:	68E0E2F3A41400708B15B8FE09419B57
SHA1:	45FA50F6F46126B4117E70E99F7E8AA25752DF64
SHA-256:	924DA37A89EA34F37788F531A365DB7ED3C6BA548C8E9368AE6BCA1F6B60164B
SHA-512:	46F8A8C7130AF431A8E5B689207DB49705E15F4E6C5DACFE5D42DEC19D2274ECBC51CE0D9AE91711BEAE1DC2DF147756DE23DA316097D7465582773EE1B18416
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_user_id.17518972.typeform.com/.1600.1742691456.30935289.4019941600.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IL8SJ34U.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IPFZMVJQ.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\IT4P7ORN.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\J1D31LDS.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KG6F2H5K.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.701726308717184
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVew0fiaaTVe+t:LGNuy2p6KZy/601VfPKt
MD5:	650317DE8FA8710007CD91445B6BF873
SHA1:	DE995C9C175F0969096DE0F3E4ACAE68C013BADD
SHA-256:	AD303F135E4D77FFC15E0184AD85636CED956675D158128D2CAD36EAC7C24E78
SHA-512:	77047F64C2A19B62E01354637C68C3F0DD3E01FE7FA1CB06C7072F599F9D6B370D01566526301B8823AC3976FB02CA10E2A226BDC8A86051E466B66F9AD32CB1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1852691456.30935289.4125784786.30861863..ajs_user_id.17518972.typeform.com/.1600.1852691456.30935289.4125628786.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\LFP879B1.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.707318823664892
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZ+:KidGSUuyst0QfCKZaTV+o/60VaKaTVXM
MD5:	45CBEE475BDBBD880681109858D83994
SHA1:	F99C804EB5FCCEDB2ABA7AB9EA8564BC332E2817
SHA-256:	84CF9DBCA2B7544B54D0F91BA2E7E59568F0133247D8B9E0D30F21D300B2B56A
SHA-512:	750104424B929808BF75456B71C8E93E7C1427CF7748EEAB7B23AA3F065CBA3EE2F940E7ACBEAF1A00AC45EE2E9FBE490779F4B21959066BDD52E0CB033A6A42
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058161667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\MOMILS89.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	4.728436058745765
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV++2aTVUy:LGNuy2p6KZy/6019+29y
MD5:	06C3FD56EC18A7E05E4CC459BD6E631F
SHA1:	571DFA2D95FB17C4E9A78919EEC6F0477071B3ED
SHA-256:	8B982FFEA4270BC3A996F0CE5DFA0B9C0B8C9BBA94F7398CC605232AC5D8692C
SHA-512:	BA63C93EDEDA8D34AFC1CF2A9AB4017604FE34041C31B949E2AFDD831001BFC5F09AE1F920293B7A408CBE4787457887748F8B391C158C897334EDBB7C25ABA0
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs%3Atest.true.typeform.com/.1600.1822691456.30935289.4097810737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\MTREOOEZ.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.707048197668383
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZe:KidGSUuyst0QfCKZaTV+o/60VaKaTVlC
MD5:	8DE66F3A726934A10B7755CCB5D67670
SHA1:	D8D4D9CF1307CA728E865E16E0624A0D413249F1
SHA-256:	9D2E86ED8A6DA5E6662C5CA4AB675323C658A0B90BDFE84485D7C24806F2D6EA
SHA-512:	1D1DD4B9F7E3020FAEF45B193BC6C79524C96F2C31C9DE944B8BA785B675BC2F5463F38B50D0C79E37FF58A29EBF0D16469A5EF98647B7E5F80645FF650D2EDB
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1832691456.30935289.4105348751.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NRHJVC8T.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.707386024185628
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZ/:KidGSUuyst0QfCKZaTV+o/60VaKaTVlz
MD5:	E81D734B1FCBDFE55507D930748AECFF
SHA1:	2D5E93066F521D149385E516A155A847678E4207
SHA-256:	EE9C70EEC2D6D993DFF3B4E4DCD4B184A31F1D626E37D2A482BB61515186FEF5
SHA-512:	C866E03F5957089369EBAB094FD16D042E0B232F458F875F3467EBD57F6958AD5AFB0DB4E0264BDA1107B400D181173E7E1BE3E9505B315009B3321EC4DA72D9
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1832691456.30935289.4105036750.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NT7KOKIT.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.707442850012128
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVwiaaTVgSf:LGNuy2p6KZy/601tPpSf
MD5:	144F167F8140D782EEDCAC5AD7986EBB
SHA1:	3972297227497D63BF1873E7D6643202C3CD87CA
SHA-256:	997FA2BBEF23350325C03CEB3D4B46C428D59ECA277D013297CF34CB2222997E
SHA-512:	920631D0478B6D18C2B01E1F6F65E96479C6447A8264171F4EEB68D99137A050129189142B05F53BE4E3F1EDA4B59CE0B4A52AC9103DA7BE98AB78A24E3523DC
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1772691456.30935289.4051141654.30861863..ajs_user_id.17518972.typeform.com/.1600.1772691456.30935289.4050985654.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NXN0QX3L.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\O325M35W.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	4.705857640054748
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/sWr3GZTV1WSCs8:KidGSUuyst0QfCKZaTV+o/s2aTVW
MD5:	1A14E55B8CA406624DEC70B1F98EC3B8
SHA1:	93898C5433EC0652968B69741E029BF145FCD700
SHA-256:	D5F5AC97BD8F98F77FA81A3B226453CAEE69DDF63CB8DFF3AD68B85C1B8E7F4C
SHA-512:	90C256363E4922FD9F35790FBF3B17F9A9E2DC8E6DA1D851F836ECB5BBC44DAA421478C734B359AA0977B2D1BCC7991713DD39C879454EDFBF237163E7759875
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs%3Atest.true.typeform.com/.1600.1742691456.30935289.4018693597.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\O5WLZZI9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.700526389838617
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTVlQZy2iaaTVe+t:LGNuy2p6KZy/601EQy2PKt
MD5:	EB33756BC4FC7CDBEF016A7E562003DB
SHA1:	4DC0A0FC0D315B6C855A5103C06DC4D42E946766
SHA-256:	367AB5B0512907D1D16B6EF6C1BF4F99E029884AB7B4E97FC8C683B2EDBEC42E
SHA-512:	50C10A6F3A8E27EF4B3A13589D269642A24934BD4C08BF7916E48B95B42B6B5A751A3A971E08680E8505E7DFACABF7856E9AB32AF3679C1984E8F2F835219B8D
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1832691456.30935289.4105348751.30861863..ajs_user_id.17518972.typeform.com/.1600.1852691456.30935289.4125628786.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\PJ2O3HFW.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	4.709348728834961
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/sWr3GZTV1WSCS5:KidGSUuyst0QfCKZaTV+o/s2aTVD5
MD5:	5F8A4B5C600E6D1690A3B4D16E1A355C
SHA1:	8FEE60E6D59A7BDE8D4CCC538D23EFC8A117E52C
SHA-256:	3E643CDF576F0548AA6CB8094AF8A64B250F0BDC03AA6AF5669D1BA9D1D072F6
SHA-512:	3E5E4EA3EDF7B46B5A64BD66B6C4F2B6CEFC4A96C48DD2B69076B5A39B7C8527706BCF0729764F9DE739A1B9B2497E454A1E5A4B5D89F04DC9ACAF0F5CBC37C1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs%3Atest.true.typeform.com/.1600.1742691456.30935289.4019785599.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\QBDTY3Q9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.662837578113477
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/A:KidGSUuyst0QfCKZaTV+o/A
MD5:	3EF0339F03A4425295164DDA3DDE1368
SHA1:	FC51C7C6507F1D16C1EBB6C8FE7FDF769FE2ACCC
SHA-256:	85C9EFFDEBEEE1748FBBD2ABDAEA75D3829C54A994C918C613B9B85C5C83AFBD
SHA-512:	3EA677AD25814C53503D3C169294D724F06BD282479319C69958CF133342A7B5B64A144D32EE07D1C14CC58576AD277BE8250E387DAAE78159E6394F29B737E1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\QCLD38DA.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	4.726632958022089
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV++2aTVV:LGNuy2p6KZy/6019+2+
MD5:	CC7CF5FC648D0D1598ADA57A94434AA5
SHA1:	9468812ECA51CE66D876144B14DB5A46CDE34FF6
SHA-256:	5BE4D947522CB9A23CE114D9BBB51967610EDEEE748685FFC1446352A3A1633C
SHA-512:	2ECD5BCB13134D8EC93CC8F66710BDF01C3FBFC75EEDAE0214D1CBCE97C08BBE8F140891B5D998BE21B95317908E68CCF379ED844DF9763F314D372C63905EE0
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs%3Atest.true.typeform.com/.1600.1822691456.30935289.4097966737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SBLHQOIP.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SOERHJ3M.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.707729096804714
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZ/:KidGSUuyst0QfCKZaTV+o/60VaKaTVau
MD5:	97A8EF10C7F9DC9D25DDE34BEDDCEDF9
SHA1:	8344C01FD0CF93A10E6EC8C502AFC4D28A57DDB5
SHA-256:	57889D868D75B6C3F2C3299190D46F6803AEA9626226E117332310D17DD3333F
SHA-512:	E4BCAB4E7E070753851B046EE77909F70E2C8FCD49C3AA5E6472D1CE259330AA92D8CFE881B9716F8023B9EEC3E67B98F6924998E8E9E2781D3CDCB82EC92139
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1752691456.30935289.4030549618.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\T3CDDEHF.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.709511143270765
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZz:KidGSUuyst0QfCKZaTV+o/60VaKaTVam
MD5:	9AC6374B69A83CBFC51587D9D4F2076B
SHA1:	51E784F69944965EE559D967132050EFE29DD8D0
SHA-256:	F154CF5DB3D7931ED46B50488ED7569FDA1ED1210811017AC29F18B5EB4E8760
SHA-512:	1DB65A3745379E6AD72CA2C3AE51995EB7C063593681C605D26EEF6F13755961F86459650DE37B272B771FA71213530056CD32CB6C1951E8DD953A7D6612C93D
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1752691456.30935289.4029457616.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U74ZC1PI.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	433
Entropy (8bit):	4.7431455422095175
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/60VaKaTV+saTVUy:LGNuy2p6KZy/6019s9y
MD5:	2BFF1F65355783A1531F2C4DC19F8DA7
SHA1:	914850697BE1AA8D7743414EED9BD35F8D49EC77
SHA-256:	913E31FBEFEC5B23E5A8141BC20083168B06296A30CAF3E313142F7FBB20C4EC
SHA-512:	D03980D18FBB23E38D985668FFC7C0A9508EBE1E9E3ADCDE689F3C8BA6E3BF07C5C553906B59CD4CA772E2B30C78712B8AE6BA3472DF66AA0444E0856EBD38F1
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863..ajs%3Acookies.true.typeform.com/.1600.1822691456.30935289.4097810737.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UX73PCEA.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.703441673132386
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZs:KidGSUuyst0QfCKZaTV+o/60VaKaTVy
MD5:	90F2935C33A6FA3DC44213C761D40BF4
SHA1:	1A0E0E7ED14913B5AF3CCB497F8F310083142258
SHA-256:	C8F156C7DC5AF032A4B7FC3A263570713AF835721DC7F739D6DFCF320AE85E7F
SHA-512:	4E4F6A681F924B3DCAF9E31BB1C1641CBEB1057EC70AC69E195162E75BB1F52624B1C72081E5ACCBBC35B6CDE53C8448525D9EC6614BF58E534D6052D5D489C7
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1862691456.30935289.4132492798.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\W26Z2KXF.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XFXUYCDI.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	4.705391024002795
Encrypted:	false
SSDEEP:	12:KidGSUuyst0QfCKZaTV+o/ciaaTVGKS0VaKaTVac0Tt:LGNuy2p6KZy/cPwS013/t
MD5:	A2A35411BD766F80A28E513D79EE0924
SHA1:	28681FD35C19C7ABE930227711C09299CA41DA88
SHA-256:	17A467F744B342D256DA03BF4D260A63B974220D1A99235A8E38B95F2127AF07
SHA-512:	043B287B73E92C9E670C51C97DF16F910A6D7A64B0ADEF8D52F2E0990FB358C16F4CC6120BB6F6FF2DC6697005DBCEE998610F3DE1DB891756AE2B115A11CCE9
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_user_id.17518972.typeform.com/.1600.1742691456.30935289.4020097600.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1752691456.30935289.4025713610.30861863..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Y04L61FE.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\YV9AB3P8.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	4.710723179562695
Encrypted:	false
SSDEEP:	6:XM/kEPJmdqJGRVGAWu+bstJ6Qf7utjLKSGGZTV+zWSCz/iQw82EVIRdTUcSWqGZd:KidGSUuyst0QfCKZaTV+o/60VaKaTV+e
MD5:	E1162312D687B46C9B53B353DE16E301
SHA1:	E78B37F7DE9DC22A46CC6DDACDA895DE5D178BD3
SHA-256:	B5E571F7AD99AB715E44509F09F6AF8298BADB5A1ABC7A33929F5E5E88E926B5
SHA-512:	F33A631495D85F78134D895E74EF8D5CC98798B2BEDD64C9239D8761219C0E5208AC8EFF6E21CDA3EC81B5339BDD4D72C5CFE5316447A4F9050051C92F5E3619
Malicious:	false
Preview:	__cfduid.dd3f2dbd68a2ca615ca6f48afd8de54451610563626.typeform.com/.9729.1976283392.30867823.3994034461.30861863..attribution_user_id.459ccab1-7cfc-4534-a53e-7cf4f40ab5be.typeform.com/.1601.1742691456.30935289.4012068549.30861863..ajs_anonymous_id.%229838a8c0-2380-4721-af41-695942a99c27%22.typeform.com/.1600.1782691456.30935289.4058317667.30861863.*.

C:\Users\user\Desktop\~$ACH WIRE PAYMENT ADVICE..xlsx Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.657144801353107
TrID:	Excel Microsoft Office Open XML Format document (40004/1) 83.33% ZIP compressed archive (8000/1) 16.67%
File name:	ACH WIRE PAYMENT ADVICE..xlsx
File size:	76184
MD5:	a66a202e970df086cc265cb646127bfb
SHA1:	c8986173e16bb9b0703490afba594ec5eef08a4a
SHA256:	e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
SHA512:	c4abfe1cb7af45bcde87899efc3d07ce1f54395140ce2709b95608113af6c65ea4aa7d4b763b1fdf67599f42502684dfb33db161be6f0a13b81be3cc861f0e52
SSDEEP:	1536:ExGP/kQbgQywBGmkla+bsaCaWyVvXmkXwhHFo:Ec3FgQxFklapal0o
File Content Preview:	PK..........!..0. ............[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	e4e2aa8aa4b4bcb4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:47:07.407351971 CET	49169	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.410696030 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.447460890 CET	443	49169	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.447895050 CET	49169	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.449310064 CET	49169	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.450583935 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.451316118 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.452441931 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.489398956 CET	443	49169	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.492459059 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.492731094 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.492778063 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.492820024 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.492892981 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.492952108 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.492986917 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.495008945 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.495105982 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.503200054 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.504796028 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.504797935 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.543466091 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.543992043 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.544229031 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.544672966 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.544718981 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.544961929 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.545542955 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.545594931 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.545955896 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.550813913 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.585639000 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.585757017 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586524010 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586582899 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586600065 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.586618900 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586658955 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.586684942 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.586863041 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586904049 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586941957 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.586961985 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.587011099 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.587017059 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.588885069 CET	443	49171	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.588954926 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.590507984 CET	443	49172	143.204.93.16	192.168.2.22
Jan 13, 2021 19:47:07.590579033 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.590742111 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.596309900 CET	49171	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.598953009 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.599029064 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.600264072 CET	49172	443	192.168.2.22	143.204.93.16
Jan 13, 2021 19:47:07.604747057 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.604799986 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.604820967 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.604841948 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.604851007 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.604882002 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.604887962 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.604923010 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.605755091 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.605798006 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.605813980 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.605843067 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.606877089 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.606920958 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.606930971 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.606964111 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.608052015 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.608093023 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.608107090 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.608129025 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.609213114 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.609255075 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.609293938 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.609318972 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.610287905 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.610330105 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.610348940 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.610368013 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.611422062 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.611470938 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.611470938 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.611516953 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.612617970 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.612665892 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.612672091 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.612706900 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.613708019 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.613749027 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.613764048 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.613797903 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.614044905 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.614865065 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.614906073 CET	443	49170	143.204.93.100	192.168.2.22
Jan 13, 2021 19:47:07.614922047 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.614947081 CET	49170	443	192.168.2.22	143.204.93.100
Jan 13, 2021 19:47:07.615952969 CET	443	49170	143.204.93.100	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:47:04.923662901 CET	52197	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:04.990915060 CET	53	52197	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:05.817106962 CET	53099	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:05.891108990 CET	53	53099	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:07.337433100 CET	52838	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:07.405807972 CET	53	52838	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:07.440407038 CET	61200	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:07.499675035 CET	53	61200	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:08.873878002 CET	49548	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:08.880367041 CET	55627	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:08.934850931 CET	53	49548	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:08.938484907 CET	53	55627	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:08.955236912 CET	56009	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.016503096 CET	53	56009	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.481096983 CET	61865	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.483639002 CET	55171	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.485786915 CET	52496	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.488255978 CET	57564	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.490792990 CET	63009	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.496982098 CET	59319	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.529042006 CET	53	61865	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.533761978 CET	53	52496	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.538903952 CET	53	63009	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.542911053 CET	53	55171	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.546803951 CET	53	57564	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.547729015 CET	53	59319	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.579379082 CET	53070	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.627582073 CET	53	53070	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:09.754112959 CET	59770	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:09.815798044 CET	53	59770	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:10.779612064 CET	61523	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:10.827527046 CET	53	61523	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:11.969679117 CET	62791	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:12.030611992 CET	53	62791	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:13.020054102 CET	50667	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:13.083024025 CET	53	50667	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:13.742928028 CET	54129	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:13.778390884 CET	65329	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:13.803513050 CET	53	54129	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:13.834510088 CET	53	65329	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:14.534379959 CET	60718	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:14.590641975 CET	53	60718	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:15.670964956 CET	49157	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:15.727325916 CET	53	49157	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:16.514332056 CET	57391	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:16.573770046 CET	53	57391	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:16.931571960 CET	61858	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:16.939551115 CET	62500	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:16.979547024 CET	53	61858	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:16.998184919 CET	53	62500	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:17.548583031 CET	51652	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:17.599356890 CET	53	51652	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.248311043 CET	62762	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.248939991 CET	56905	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.250207901 CET	54609	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.250734091 CET	58101	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.280294895 CET	64329	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.280853987 CET	64881	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:18.296308041 CET	53	62762	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.296716928 CET	53	56905	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.300858021 CET	53	54609	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.301318884 CET	53	58101	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.328727007 CET	53	64881	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:18.331171036 CET	53	64329	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:35.617083073 CET	55327	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:35.669298887 CET	53	55327	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:36.626749992 CET	55327	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:36.674827099 CET	53	55327	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:36.843590975 CET	59150	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:36.894450903 CET	53	59150	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:37.640629053 CET	55327	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:37.688410997 CET	53	55327	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:37.843580008 CET	59150	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:37.894292116 CET	53	59150	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:38.858803034 CET	59150	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:38.874804974 CET	63439	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:38.918030977 CET	53	59150	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:38.935759068 CET	53	63439	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:39.653357983 CET	55327	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:39.701288939 CET	53	55327	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:40.869931936 CET	59150	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:40.929248095 CET	53	59150	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:43.662879944 CET	55327	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:43.711039066 CET	53	55327	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:44.340032101 CET	65040	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:44.391036987 CET	53	65040	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:44.880675077 CET	59150	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:44.940246105 CET	53	59150	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:45.482326984 CET	65040	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:45.533267021 CET	53	65040	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:46.539890051 CET	65040	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:46.593079090 CET	53	65040	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:48.546336889 CET	65040	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:48.597316980 CET	53	65040	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:52.555694103 CET	65040	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:52.606595993 CET	53	65040	8.8.8.8	192.168.2.22
Jan 13, 2021 19:47:59.574275970 CET	61369	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:47:59.622219086 CET	53	61369	8.8.8.8	192.168.2.22
Jan 13, 2021 19:48:00.578566074 CET	61369	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:48:00.626853943 CET	53	61369	8.8.8.8	192.168.2.22
Jan 13, 2021 19:48:01.589411020 CET	61369	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:48:01.637581110 CET	53	61369	8.8.8.8	192.168.2.22
Jan 13, 2021 19:48:03.601468086 CET	61369	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:48:03.649457932 CET	53	61369	8.8.8.8	192.168.2.22
Jan 13, 2021 19:48:07.610747099 CET	61369	53	192.168.2.22	8.8.8.8
Jan 13, 2021 19:48:07.658643961 CET	53	61369	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 19:47:05.817106962 CET	192.168.2.22	8.8.8.8	0xe101	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.337433100 CET	192.168.2.22	8.8.8.8	0xe37e	Standard query (0)	renderer-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.440407038 CET	192.168.2.22	8.8.8.8	0x68d6	Standard query (0)	images.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.873878002 CET	192.168.2.22	8.8.8.8	0xe5c	Standard query (0)	public-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.880367041 CET	192.168.2.22	8.8.8.8	0xf9f4	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.955236912 CET	192.168.2.22	8.8.8.8	0x3e74	Standard query (0)	cdn.segment.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.579379082 CET	192.168.2.22	8.8.8.8	0xed5a	Standard query (0)	bam.nr-data.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.754112959 CET	192.168.2.22	8.8.8.8	0x275	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:11.969679117 CET	192.168.2.22	8.8.8.8	0x71dd	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.020054102 CET	192.168.2.22	8.8.8.8	0xc6cc	Standard query (0)	images.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.778390884 CET	192.168.2.22	8.8.8.8	0xb225	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:14.534379959 CET	192.168.2.22	8.8.8.8	0xe313	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:15.670964956 CET	192.168.2.22	8.8.8.8	0xb503	Standard query (0)	renderer-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.514332056 CET	192.168.2.22	8.8.8.8	0x9e56	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.931571960 CET	192.168.2.22	8.8.8.8	0xd2a1	Standard query (0)	bam.nr-data.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.939551115 CET	192.168.2.22	8.8.8.8	0x8175	Standard query (0)	cdn.segment.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.548583031 CET	192.168.2.22	8.8.8.8	0xfcb3	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 19:47:05.891108990 CET	8.8.8.8	192.168.2.22	0xe101	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:07.405807972 CET	8.8.8.8	192.168.2.22	0xe37e	No error (0)	renderer-assets.typeform.com	d2citsn5wf4j9j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:07.405807972 CET	8.8.8.8	192.168.2.22	0xe37e	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.100	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.405807972 CET	8.8.8.8	192.168.2.22	0xe37e	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.91	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.405807972 CET	8.8.8.8	192.168.2.22	0xe37e	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.109	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.405807972 CET	8.8.8.8	192.168.2.22	0xe37e	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.122	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.499675035 CET	8.8.8.8	192.168.2.22	0x68d6	No error (0)	images.typeform.com	d2nvsmtq2poimt.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:07.499675035 CET	8.8.8.8	192.168.2.22	0x68d6	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.16	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.499675035 CET	8.8.8.8	192.168.2.22	0x68d6	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.76	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.499675035 CET	8.8.8.8	192.168.2.22	0x68d6	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.30	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:07.499675035 CET	8.8.8.8	192.168.2.22	0x68d6	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.934850931 CET	8.8.8.8	192.168.2.22	0xe5c	No error (0)	public-assets.typeform.com	d2p6vz8nayi9a3.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:08.934850931 CET	8.8.8.8	192.168.2.22	0xe5c	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.82	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.934850931 CET	8.8.8.8	192.168.2.22	0xe5c	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.11	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.934850931 CET	8.8.8.8	192.168.2.22	0xe5c	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.7	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.934850931 CET	8.8.8.8	192.168.2.22	0xe5c	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.9	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:08.938484907 CET	8.8.8.8	192.168.2.22	0xf9f4	No error (0)	js-agent.newrelic.com	f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:09.016503096 CET	8.8.8.8	192.168.2.22	0x3e74	No error (0)	cdn.segment.com	d296je7bbdd650.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:09.016503096 CET	8.8.8.8	192.168.2.22	0x3e74	No error (0)	d296je7bbdd650.cloudfront.net		143.204.99.83	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.627582073 CET	8.8.8.8	192.168.2.22	0xed5a	No error (0)	bam.nr-data.net		162.247.242.21	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.627582073 CET	8.8.8.8	192.168.2.22	0xed5a	No error (0)	bam.nr-data.net		162.247.242.19	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.627582073 CET	8.8.8.8	192.168.2.22	0xed5a	No error (0)	bam.nr-data.net		162.247.242.18	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.627582073 CET	8.8.8.8	192.168.2.22	0xed5a	No error (0)	bam.nr-data.net		162.247.242.20	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		34.218.160.124	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		54.70.109.173	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		54.200.56.207	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		52.25.204.187	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		52.39.24.11	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		52.11.35.251	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		54.218.116.118	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:09.815798044 CET	8.8.8.8	192.168.2.22	0x275	No error (0)	api.segment.io		52.37.21.144	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:12.030611992 CET	8.8.8.8	192.168.2.22	0x71dd	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:13.083024025 CET	8.8.8.8	192.168.2.22	0xc6cc	No error (0)	images.typeform.com	d2nvsmtq2poimt.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:13.083024025 CET	8.8.8.8	192.168.2.22	0xc6cc	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.083024025 CET	8.8.8.8	192.168.2.22	0xc6cc	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.76	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.083024025 CET	8.8.8.8	192.168.2.22	0xc6cc	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.16	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.083024025 CET	8.8.8.8	192.168.2.22	0xc6cc	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.30	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:13.834510088 CET	8.8.8.8	192.168.2.22	0xb225	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:14.590641975 CET	8.8.8.8	192.168.2.22	0xe313	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:15.727325916 CET	8.8.8.8	192.168.2.22	0xb503	No error (0)	renderer-assets.typeform.com	d2citsn5wf4j9j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:15.727325916 CET	8.8.8.8	192.168.2.22	0xb503	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.100	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:15.727325916 CET	8.8.8.8	192.168.2.22	0xb503	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.91	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:15.727325916 CET	8.8.8.8	192.168.2.22	0xb503	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.109	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:15.727325916 CET	8.8.8.8	192.168.2.22	0xb503	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.122	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.573770046 CET	8.8.8.8	192.168.2.22	0x9e56	No error (0)	js-agent.newrelic.com	f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:16.979547024 CET	8.8.8.8	192.168.2.22	0xd2a1	No error (0)	bam.nr-data.net		162.247.242.21	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.979547024 CET	8.8.8.8	192.168.2.22	0xd2a1	No error (0)	bam.nr-data.net		162.247.242.19	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.979547024 CET	8.8.8.8	192.168.2.22	0xd2a1	No error (0)	bam.nr-data.net		162.247.242.18	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.979547024 CET	8.8.8.8	192.168.2.22	0xd2a1	No error (0)	bam.nr-data.net		162.247.242.20	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:16.998184919 CET	8.8.8.8	192.168.2.22	0x8175	No error (0)	cdn.segment.com	d296je7bbdd650.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:47:16.998184919 CET	8.8.8.8	192.168.2.22	0x8175	No error (0)	d296je7bbdd650.cloudfront.net		143.204.99.83	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		34.218.160.124	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		54.70.109.173	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		54.200.56.207	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		52.25.204.187	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		52.39.24.11	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		52.11.35.251	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		54.218.116.118	A (IP address)	IN (0x0001)
Jan 13, 2021 19:47:17.599356890 CET	8.8.8.8	192.168.2.22	0xfcb3	No error (0)	api.segment.io		52.37.21.144	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 19:47:07.495008945 CET	143.204.93.100	443	192.168.2.22	49170	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:07.588885069 CET	143.204.93.16	443	192.168.2.22	49171	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:07.590507984 CET	143.204.93.16	443	192.168.2.22	49172	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:07.757075071 CET	143.204.93.100	443	192.168.2.22	49169	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:09.289458036 CET	143.204.99.83	443	192.168.2.22	49177	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:09.289458036 CET	143.204.99.83	443	192.168.2.22	49177	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:09.289975882 CET	13.224.194.82	443	192.168.2.22	49175	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:09.306145906 CET	143.204.99.83	443	192.168.2.22	49178	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:09.306145906 CET	143.204.99.83	443	192.168.2.22	49178	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:09.918521881 CET	13.224.194.82	443	192.168.2.22	49173	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:10.488671064 CET	34.218.160.124	443	192.168.2.22	49181	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:10.488671064 CET	34.218.160.124	443	192.168.2.22	49181	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:10.715477943 CET	34.218.160.124	443	192.168.2.22	49182	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:10.715477943 CET	34.218.160.124	443	192.168.2.22	49182	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:13.171099901 CET	143.204.93.117	443	192.168.2.22	49186	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:15.826742887 CET	143.204.93.100	443	192.168.2.22	49189	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:15.847388029 CET	143.204.93.100	443	192.168.2.22	49190	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:47:17.139348984 CET	143.204.99.83	443	192.168.2.22	49195	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:17.139348984 CET	143.204.99.83	443	192.168.2.22	49195	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:17.164912939 CET	143.204.99.83	443	192.168.2.22	49196	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:17.164912939 CET	143.204.99.83	443	192.168.2.22	49196	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:18.014334917 CET	34.218.160.124	443	192.168.2.22	49197	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:18.014334917 CET	34.218.160.124	443	192.168.2.22	49197	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:18.271810055 CET	34.218.160.124	443	192.168.2.22	49198	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:18.271810055 CET	34.218.160.124	443	192.168.2.22	49198	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:30.947421074 CET	162.247.242.19	443	192.168.2.22	49199	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:30.947421074 CET	162.247.242.19	443	192.168.2.22	49199	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:30.995343924 CET	162.247.242.19	443	192.168.2.22	49200	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:30.995343924 CET	162.247.242.19	443	192.168.2.22	49200	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:38.284270048 CET	162.247.242.19	443	192.168.2.22	49201	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:38.284270048 CET	162.247.242.19	443	192.168.2.22	49201	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:38.311465025 CET	162.247.242.19	443	192.168.2.22	49202	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 13, 2021 19:47:38.311465025 CET	162.247.242.19	443	192.168.2.22	49202	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		7dcce5b76c8b17472d024758970a406b

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2516 Parent PID: 584

General

Start time:	19:46:40
Start date:	13/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13feb0000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 2792 Parent PID: 584

General

Start time:	19:47:04
Start date:	13/01/2021
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x13fd30000
File size:	814288 bytes
MD5 hash:	4EB098135821348270F27157F7A84E65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: iexplore.exe PID: 2904 Parent PID: 2792

General

Start time:	19:47:05
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2792 CREDAT:275457 /prefetch:2
Imagebase:	0x1160000
File size:	815304 bytes
MD5 hash:	8A590F790A98F3D77399BE457E01386A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: iexplore.exe PID: 1336 Parent PID: 2516

General

Start time:	19:47:13
Start date:	13/01/2021
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Imagebase:	0x13fd30000
File size:	814288 bytes
MD5 hash:	4EB098135821348270F27157F7A84E65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: iexplore.exe PID: 1028 Parent PID: 1336

General

Start time:	19:47:14
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1336 CREDAT:275457 /prefetch:2
Imagebase:	0x1160000
File size:	815304 bytes
MD5 hash:	8A590F790A98F3D77399BE457E01386A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report ACH WIRE PAYMENT ADVICE..xlsx

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: EXCEL.EXE PID: 2516 Parent PID: 584

General

Analysis Process: iexplore.exe PID: 2792 Parent PID: 584

General

Analysis Process: iexplore.exe PID: 2904 Parent PID: 2792

General

Analysis Process: iexplore.exe PID: 1336 Parent PID: 2516

General

Analysis Process: iexplore.exe PID: 1028 Parent PID: 1336

General

Disassembly