Play interactive tour

Edit tour

Analysis Report ACH WIRE PAYMENT ADVICE..xlsx

Overview

General Information

Sample Name:	ACH WIRE PAYMENT ADVICE..xlsx
Analysis ID:	339280
MD5:	a66a202e970df086cc265cb646127bfb
SHA1:	c8986173e16bb9b0703490afba594ec5eef08a4a
SHA256:	e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_25

Document exploit detected (process start blacklist hit)

Phishing site detected (based on image similarity)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

System is w10x64

EXCEL.EXE (PID: 6688 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)

chrome.exe (PID: 1380 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://24mbw17feyn.typeform.com/to/ZlFRrg5s' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6924 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,8369915553311949587,2127772347523126301,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

iexplore.exe (PID: 5540 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5644 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm	JoeSecurity_HtmlPhish_25	Yara detected HtmlPhish_25	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish_25

Show sources

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://images.typeform.com/images/nXkRcNPp6wtg/background/large

Matcher: Found strong image similarity, brand: Microsoft

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\1380_672153427\LICENSE.txt

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.7:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.7:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.69.177.146:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.69.177.146:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49807 version: TLS 1.2

Software Vulnerabilities:

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe

Source: Joe Sandbox View	IP Address: 162.247.242.19 162.247.242.19
Source: Joe Sandbox View	IP Address: 143.204.99.83 143.204.99.83
Source: Joe Sandbox View	IP Address: 162.247.242.21 162.247.242.21

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: msapplication.xml0.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf2252194,0x01d6e9dd</date><accdate>0xf2252194,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf2252194,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf22c4865,0x01d6e9dd</date><accdate>0xf22c4865,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.15.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf22c4865,0x01d6e9dd</date><accdate>0xf22c4865,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: Ruleset Data.19.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.19.dr	String found in binary or memory: www.facebook.com/ad.*^ajaxpipe^ equals www.facebook.com (Facebook)
Source: Ruleset Data.19.dr	String found in binary or memory: www.facebook.com/ad.*^ajaxpipe^^ equals www.facebook.com (Facebook)
Source: Ruleset Data.19.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: 24mbw17feyn.typeform.com

Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: msapplication.xml.15.dr	String found in binary or memory: http://www.amazon.com/
Source: vendors~form.965f5dedbb854e83c6c8[1].js.16.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.15.dr	String found in binary or memory: http://www.google.com/
Source: vendors~form.965f5dedbb854e83c6c8[1].js.16.dr	String found in binary or memory: http://www.jacklmoore.com/autosize
Source: msapplication.xml2.15.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.15.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.15.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.15.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.15.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.15.dr	String found in binary or memory: http://www.youtube.com/
Source: 000003.log4.19.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://24mbw17feyn.typeform.com
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5s
Source: History Provider Cache.19.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5s2
Source: ~DFB3BDB7BE4BDCE439.TMP.15.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT
Source: History.19.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sMlCR0S0FT
Source: {1BFCE4E9-55D1-11EB-90EB-ECF4BBEA1588}.dat.15.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot
Source: ~DFB3BDB7BE4BDCE439.TMP.15.dr	String found in binary or memory: https://24mbw17feyn.typeform.com/to/ZlFRrg5sz
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, manifest.json0.19.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://accounts.google.com
Source: Ruleset Data.19.dr	String found in binary or memory: https://adwords.google.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.cortana.ai
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.office.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.onedrive.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://api.segment.io
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, manifest.json0.19.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://apis.google.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://augloop.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cdn.entity.
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://cdn.segment.com
Source: 5b4c207083ca8268_0.19.dr	String found in binary or memory: https://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.19.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.19.dr	String found in binary or memory: https://content.googleapis.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentities
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cortana.ai
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cortana.ai/api
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://cr.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://directory.services.
Source: ea1248e2-0a9f-4741-8e90-d8c262f479e6.tmp.20.dr, 20e2898a-d285-4d9f-8d10-b7e7f4aba100.tmp.20.dr, f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://dns.google
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: manifest.json0.19.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.19.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.19.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: renderer.0f5a683b381b67dbbf89[1].js.16.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: vendors~form.965f5dedbb854e83c6c8[1].js.16.dr	String found in binary or memory: https://github.com/kof/animationFrame
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://graph.windows.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://graph.windows.net/
Source: manifest.json0.19.dr	String found in binary or memory: https://hangouts.google.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://images.typeform.com
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://images.typeform.com/images/CJr828dpN5yQ/image/default
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://images.typeform.com/images/FYUps4mFKPYK/image/default
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://images.typeform.com/images/nXkRcNPp6wtg/background/large
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://login.windows.local
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://management.azure.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://management.azure.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://messaging.office.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ncus-000.contentsync.
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ncus-000.pagecontentsync.
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://officeapps.live.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://ogs.google.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://onedrive.live.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://outlook.office.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: manifest.json.19.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://play.google.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://public-assets.typeform.com
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/apple-touch-icon.png
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/browserconfig.xml
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-16x16.png
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-32x32.png
Source: imagestore.dat.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon-32x32.png-
Source: Favicons.19.dr, ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/favicon.ico
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/safari-pinned-tab.svg
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://public-assets.typeform.com/public/favicon/site.webmanifest
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://redirector.gvt1.com
Source: 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://renderer-assets.typeform.com
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/form.9cd5d6381506e5950fe0.js
Source: 06e7ddbb9e13886c_0.19.dr	String found in binary or memory: https://renderer-assets.typeform.com/modern-form.49de46ab5c7ed7587b97.js
Source: 45f83ee2a5dff1fd_0.19.dr, ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/modern-renderer.36eec26e0148023415c0.js
Source: 75b6d577ef7e1c2b_0.19.dr	String found in binary or memory: https://renderer-assets.typeform.com/modern-vendors~form.d4cf4f8fd90b06b3c412.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/renderer.0f5a683b381b67dbbf89.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~form.965f5dedbb854e83c6c8.js
Source: ZlFRrg5s[1].htm.16.dr	String found in binary or memory: https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: manifest.json.19.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://settings.outlook.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://ssl.gstatic.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://store.office.com/addinstemplate
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://store.officeppe.com/addinstemplate
Source: messages.json87.19.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json87.19.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://tasks.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://templatelogging.office.com/client/log
Source: 06e7ddbb9e13886c_0.19.dr	String found in binary or memory: https://typeform.com/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://wus2-000.contentsync.
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://wus2-000.pagecontentsync.
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, manifest.json0.19.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.19.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.19.dr	String found in binary or memory: https://www.google.com;
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.19.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.19.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.19.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.19.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.19.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.19.dr	String found in binary or memory: https://www.gstatic.com;
Source: D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	String found in binary or memory: https://www.odwebp.svc.ms

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.100:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.7:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.194.7:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.99.83:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.69.177.146:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.69.177.146:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.93.16:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.247.242.19:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.190.208.247:443 -> 192.168.2.4:49807 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.expl.winXLSX@45/224@18/11

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{C4007B88-B1AD-451C-A9F5-4D7CE7C996E8} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://24mbw17feyn.typeform.com/to/ZlFRrg5s'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,8369915553311949587,2127772347523126301,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://24mbw17feyn.typeform.com/to/ZlFRrg5s'
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,8369915553311949587,2127772347523126301,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\1380_672153427\LICENSE.txt

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Exploitation for Client Execution1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ACH WIRE PAYMENT ADVICE..xlsx	0%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bam.nr-data.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://ofcrecsvcapi-int.azurewebsites.net/	0%	Virustotal		Browse
https://ofcrecsvcapi-int.azurewebsites.net/	0%	Avira URL Cloud	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	Virustotal		Browse
https://officeci.azurewebsites.net/api/	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://asgsmsproxyapi.azurewebsites.net/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d296je7bbdd650.cloudfront.net	143.204.99.83	true	false		high
api.segment.io	54.69.177.146	true	false		high
d2citsn5wf4j9j.cloudfront.net	143.204.93.100	true	false		high
d2nvsmtq2poimt.cloudfront.net	143.204.93.16	true	false		high
bam.nr-data.net	162.247.242.21	true	false	0%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	108.177.126.132	true	false		high
d2p6vz8nayi9a3.cloudfront.net	13.224.194.7	true	false		high
clients2.googleusercontent.com	unknown	unknown	false		high
cdn.segment.com	unknown	unknown	false		high
renderer-assets.typeform.com	unknown	unknown	false		high
public-assets.typeform.com	unknown	unknown	false		high
js-agent.newrelic.com	unknown	unknown	false		high
images.typeform.com	unknown	unknown	false		high
24mbw17feyn.typeform.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.diagnosticssdf.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://login.microsoftonline.com/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://shell.suite.office.com:1443	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://autodiscover-s.outlook.com/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js	ZlFRrg5s[1].htm.16.dr	false		high
https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js	ZlFRrg5s[1].htm.16.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://public-assets.typeform.com/public/favicon/favicon-16x16.png	ZlFRrg5s[1].htm.16.dr	false		high
https://cdn.entity.	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js	ZlFRrg5s[1].htm.16.dr	false		high
https://24mbw17feyn.typeform.com/to/ZlFRrg5sMlCR0S0FT	History.19.dr	false		high
https://api.addins.omex.office.net/appinfo/query	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://wus2-000.contentsync.	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://powerlift.acompli.net	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://typeform.com/	06e7ddbb9e13886c_0.19.dr	false		high
https://lookup.onenote.com/lookup/geolocation/v1	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://cdn.segment.com	885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false		high
https://cortana.ai	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://public-assets.typeform.com/public/favicon/browserconfig.xml	ZlFRrg5s[1].htm.16.dr	false		high
https://public-assets.typeform.com/public/favicon/site.webmanifest	ZlFRrg5s[1].htm.16.dr	false		high
https://cloudfiles.onenote.com/upload.aspx	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://entitlement.diagnosticssdf.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://api.aadrm.com/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://public-assets.typeform.com	885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false		high
https://images.typeform.com	885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false		high
https://ofcrecsvcapi-int.azurewebsites.net/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://public-assets.typeform.com/public/favicon/apple-touch-icon.png	ZlFRrg5s[1].htm.16.dr	false		high
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://api.microsoftstream.com/api/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot	{1BFCE4E9-55D1-11EB-90EB-ECF4BBEA1588}.dat.15.dr	false		high
https://cr.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js	5b4c207083ca8268_0.19.dr	false		high
https://portal.office.com/account/?ref=ClientMeControl	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
http://www.reddit.com/	msapplication.xml4.15.dr	false		high
https://ecs.office.com/config/v2/Office	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://graph.ppe.windows.net	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://res.getmicrosoftkey.com/api/redemptionevents	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://powerlift-frontdesk.acompli.net	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://tasks.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://officeci.azurewebsites.net/api/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://dns.google	ea1248e2-0a9f-4741-8e90-d8c262f479e6.tmp.20.dr, 20e2898a-d285-4d9f-8d10-b7e7f4aba100.tmp.20.dr, f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp.20.dr, 885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://store.office.cn/addinstemplate	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://wus2-000.pagecontentsync.	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://globaldisco.crm.dynamics.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s	ZlFRrg5s[1].htm.16.dr	false		high
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://store.officeppe.com/addinstemplate	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://dev0-api.acompli.net/autodetect	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.odwebp.svc.ms	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top	ZlFRrg5s[1].htm.16.dr	false		high
https://api.powerbi.com/v1.0/myorg/groups	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://web.microsoftstream.com/video/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://graph.windows.net	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://dataservice.o365filtering.com/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://renderer-assets.typeform.com	885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false		high
https://officesetup.getmicrosoftkey.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://analysis.windows.net/powerbi/api	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://prod-global-autodetect.acompli.net/autodetect	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://24mbw17feyn.typeform.com/to/ZlFRrg5sz	~DFB3BDB7BE4BDCE439.TMP.15.dr	false		high
https://outlook.office365.com/autodiscover/autodiscover.json	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
http://www.youtube.com/	msapplication.xml7.15.dr	false		high
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://public-assets.typeform.com/public/favicon/favicon-32x32.png-	imagestore.dat.16.dr	false		high
https://github.com/js-cookie/js-cookie	renderer.0f5a683b381b67dbbf89[1].js.16.dr	false		high
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
http://weather.service.msn.com/data.aspx	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://apis.live.net/v5.0/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js	ZlFRrg5s[1].htm.16.dr	false		high
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.19.dr	false		high
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://api.segment.io	885d0152-61f9-4bc2-8f6d-3463cb597828.tmp.20.dr	false		high
https://management.azure.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://public-assets.typeform.com/public/favicon/favicon-32x32.png	ZlFRrg5s[1].htm.16.dr	false		high
https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT	~DFB3BDB7BE4BDCE439.TMP.15.dr	false		high
https://incidents.diagnostics.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://clients.config.office.net/user/v1.0/ios	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js	ZlFRrg5s[1].htm.16.dr	false		high
https://insertmedia.bing.office.net/odc/insertmedia	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://o365auditrealtimeingestion.manage.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://outlook.office365.com/api/v1.0/me/Activities	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://api.office.net	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://incidents.diagnosticssdf.office.com	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://asgsmsproxyapi.azurewebsites.net/	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false	Avira URL Cloud: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	D4DE5721-EBA8-4504-8FEE-A00A3563C20B.0.dr	false		high
https://github.com/kof/animationFrame	vendors~form.965f5dedbb854e83c6c8[1].js.16.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
13.224.194.7	unknown	United States	16509	AMAZON-02US	false
162.247.242.19	unknown	United States	23467	NEWRELIC-AS-1US	false
54.190.208.247	unknown	United States	16509	AMAZON-02US	false
143.204.93.100	unknown	United States	16509	AMAZON-02US	false
143.204.99.83	unknown	United States	16509	AMAZON-02US	false
162.247.242.21	unknown	United States	23467	NEWRELIC-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
108.177.126.132	unknown	United States	15169	GOOGLEUS	false
143.204.93.16	unknown	United States	16509	AMAZON-02US	false
54.69.177.146	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339280
Start date:	13.01.2021
Start time:	19:55:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 48s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	ACH WIRE PAYMENT ADVICE..xlsx
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.expl.winXLSX@45/224@18/11
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Browse link: https://24mbw17feyn.typeform.com/to/ZlFRrg5s Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.255.188.83, 168.61.161.212, 40.88.32.150, 52.109.32.63, 52.109.88.37, 52.109.12.23, 51.104.139.180, 92.122.213.194, 92.122.213.247, 52.155.217.156, 20.54.26.129, 2.20.142.210, 2.20.142.209, 88.221.62.148, 104.18.27.71, 104.18.26.71, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 108.177.119.138, 108.177.119.139, 108.177.119.101, 108.177.119.113, 108.177.119.100, 108.177.119.102, 173.194.69.84, 108.177.119.94, 172.217.218.113, 172.217.218.139, 172.217.218.100, 172.217.218.101, 172.217.218.138, 172.217.218.102, 173.194.188.234, 173.194.69.95, 108.177.119.95, 108.177.126.95, 108.177.127.95, 172.217.218.95, 152.199.19.161, 108.177.126.94, 173.194.188.70, 173.194.164.108, 173.194.151.121, 74.125.104.87, 173.194.182.198, 173.194.188.198, 74.125.110.102, 173.194.151.73, 173.194.187.41, 74.125.173.230, 173.194.188.38, 20.190.129.130, 40.126.1.142, 20.190.129.133, 40.126.1.145, 40.126.1.128, 20.190.129.2, 20.190.129.17, 40.126.1.130, 20.49.150.241, 51.104.136.2, 51.124.78.146, 40.127.240.158 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, r3.sn-4g5edn7y.gvt1.com, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, r1---sn-4g5ednsl.gvt1.com, skypedataprdcoleus15.cloudapp.net, random.typeform.com.cdn.cloudflare.net, clients2.google.com, r1.sn-4g5ednsr.gvt1.com, login.live.com, r4.sn-4g5e6nsd.gvt1.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, officeclient.microsoft.com, watson.telemetry.microsoft.com, www.gstatic.com, au-bg-shim.trafficmanager.net, r1.sn-4g5ednz7.gvt1.com, content-autofill.googleapis.com, r1---sn-4g5e6nss.gvt1.com, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, www.googleapis.com, r3---sn-4g5edn7y.gvt1.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, r5---sn-4g5ednsk.gvt1.com, r1---sn-4g5ednle.gvt1.com, dub2.current.a.prd.aadg.trafficmanager.net, blobcollector.events.data.trafficmanager.net, r1.sn-4g5ednsl.gvt1.com, clients.l.google.com, r4---sn-4g5e6nsd.gvt1.com, r1---sn-4g5ednse.gvt1.com, europe.configsvc1.live.com.akadns.net, cs9.wpc.v0cdn.net, r1---sn-4g5ednz7.gvt1.com, au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, r1.sn-4g5e6nss.gvt1.com, r6.sn-4g5e6ney.gvt1.com, a1449.dscg2.akamai.net, r1---sn-4g5ednsd.gvt1.com, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, iecvlist.microsoft.com, go.microsoft.com, redirector.gvt1.com, r1.sn-4g5ednle.gvt1.com, r3---sn-4g5e6nes.gvt1.com, nexus.officeapps.live.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r1.sn-4g5ednse.gvt1.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, r5.sn-4g5ednsk.gvt1.com, accounts.google.com, ie9comview.vo.msecnd.net, prod.configsvc1.live.com.akadns.net, f4.shared.global.fastly.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, a767.dscg3.akamai.net, r1.sn-4g5ednsd.gvt1.com, r3.sn-4g5e6nes.gvt1.com, login.msa.msidentity.com, r1---sn-4g5ednsr.gvt1.com, skypedataprdcoleus17.cloudapp.net, config.officeapps.live.com, go.microsoft.com.edgekey.net, r6---sn-4g5e6ney.gvt1.com, settingsfd-prod-weu1-endpoint.trafficmanager.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
143.204.99.83	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://teams-securelink-flow-docs.webflow.io/	Get hash	malicious	Browse
	https://app.tettra.co/teams/onedrive/pages/heres-the-document-rhonda-caudill-shared-with-you-securely?auth=99f40d326c66b31888e1073ccb65fa0c74cd4cbb1c3 0ef586940c232b4cf84316a7d62ed869cf77d99a689e9b02f3f1b	Get hash	malicious	Browse
	https://archbee.io/doc/syaAtOIVyAwfu2_qqrf7c/jBDG8LY6FS8pEAjch_Mpm&	Get hash	malicious	Browse
	https://proposalfiles-agreement.webflow.io/	Get hash	malicious	Browse
	https://metro-healths-mchc.webflow.io/	Get hash	malicious	Browse
	https://metro-healths-mchc.webflow.io/	Get hash	malicious	Browse
	https://covid19japan.com/	Get hash	malicious	Browse
	https://archbee.io/doc/gpDKj-ShASFFy7ljsO-eR/r7ztZd1NKEZHSePgJCywd	Get hash	malicious	Browse
	https://sks-high-performance-fax-message.webflow.io	Get hash	malicious	Browse
162.247.242.21	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	http://search.hwatchtvnow.co	Get hash	malicious	Browse
	https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=	Get hash	malicious	Browse
	https://bit.do/fLVUm	Get hash	malicious	Browse
	https://l.facebook.com/l.php?u=https%3A%2F%2Fbit.do%2FfLVUm%3Ffbclid%3DIwAR3_y5be7qgzc9rWXbeIQlHePNYF96mJvcjTtfijse-VyaDOGbdXhiymogA&h=AT2La9RfuL-CBpF75ix5HdI9ILnyapdVZIzXgRQt4G1Y7x5nZpCr9RLeZPnCT8_3vYaiFFnwir6t35RvMH3lJhYuYrzugBPtxdx4PUirtTUjKnczau25WjD4XcXiFnckifU	Get hash	malicious	Browse
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://nandirudraksh.com/wp-includes/nz	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	https://mshad4064.typeform.com/to/TEgIyNGg	Get hash	malicious	Browse
	https://newrfpsubmissioncall.typeform.com/to/Mfm0qNbE	Get hash	malicious	Browse
	ACH & WlRE REMlTTANCE ADVlCE.xlsx	Get hash	malicious	Browse
	https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary	Get hash	malicious	Browse
	ACH WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH - WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH - WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACHWlRE REMlTTANCE ADVlCE..xlsx	Get hash	malicious	Browse
13.224.194.7	http://www.rejuvenatemedicalspa.net	Get hash	malicious	Browse
162.247.242.19	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse
	https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack	Get hash	malicious	Browse
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse
	https://olhonabrasa.com.br/secure/zimbra/access/zimbra/index.php	Get hash	malicious	Browse
	ACH WIRE REMITTANCE COPY.xlsx	Get hash	malicious	Browse
	ACH WIRE REMITTANCE.xlsx	Get hash	malicious	Browse
	ACH WIRE PAYMENT.xlsx	Get hash	malicious	Browse
	https://mmemicrosoftwebsss.typeform.com/to/sIZVMxGk	Get hash	malicious	Browse
	https://forums.iboats.com/forum/general-boating-outdoors-activities/boat-topics-and-questions-not-engine-topics/558373-need-help-from-all-my-tahoe-q4-guys-regaring-smart-tabs-sx	Get hash	malicious	Browse
	https://app.box.com/s/4qh80d5v0isn028co16h3leg3k11ku28	Get hash	malicious	Browse
	https://app.box.com/s/5gniwwclsyw9ejzutmi7mtewylcjhxai	Get hash	malicious	Browse
	https://ntmp-log.wowdigitech.com/ga/click/2-39854561-1849-12357-24298-27003-dbf48d5c17-74d2ecc202	Get hash	malicious	Browse
54.190.208.247	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
54.190.208.247	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse
143.204.93.100	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
d2citsn5wf4j9j.cloudfront.net	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	143.204.93.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.111
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.94.129
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.90.86
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.93.43
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.110
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.4
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.111
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.27
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.68.126
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.93.43
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.110
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.47
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	143.204.208.47
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse	13.224.93.60
	https://mshad4064.typeform.com/to/TEgIyNGg	Get hash	malicious	Browse	13.224.93.116
	https://newrfpsubmissioncall.typeform.com/to/Mfm0qNbE	Get hash	malicious	Browse	13.224.93.116
d296je7bbdd650.cloudfront.net	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.5.83
	https://notification1.bubbleapps.io/version-test?debug_mode=true	Get hash	malicious	Browse	143.204.5.83
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.100.80
	https://target-care.webflow.io/	Get hash	malicious	Browse	13.224.100.80
	http://perpetual.veteran.az/673616c6c792e64756e6e654070657270657475616c2e636f6d2e6175	Get hash	malicious	Browse	65.9.58.129
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.99.83
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.100.80
	https://stevenscapitaladvisors.webflow.io/	Get hash	malicious	Browse	65.9.58.129
	https://stevenscapitaladvisors.webflow.io/	Get hash	malicious	Browse	65.9.58.129
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse	143.204.99.83
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.99.83
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.99.83
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	143.204.5.83
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.58.129
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.100.80
d2nvsmtq2poimt.cloudfront.net	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	143.204.93.16
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.87
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.109
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.88
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.98
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	13.224.94.83
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	143.204.90.37
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	13.224.93.102
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.20
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	143.204.90.8
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.87
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	13.226.169.98
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	65.9.68.116
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	13.224.93.75
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.61
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	143.204.208.119
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	143.204.208.81
	https://tenderdocsrfp.typeform.com/to/RVzhstxV	Get hash	malicious	Browse	13.224.93.102
api.segment.io	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	34.218.160.124
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.218.98.189
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.71.252.35
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	44.229.187.242
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.149.194.4
	https://notification1.bubbleapps.io/version-test?debug_mode=true	Get hash	malicious	Browse	52.43.118.59
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	52.35.191.167
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	52.11.35.251
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	52.37.21.144
	https://aud-amplified.unicornplatform.com/	Get hash	malicious	Browse	35.162.116.128
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	54.70.113.89
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	54.69.52.31
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	54.190.208.247
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	34.210.41.193
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	54.186.56.40
	ACH WIRE PAYMENT REMITTANCE ._ (002).xlsx	Get hash	malicious	Browse	54.148.169.229
	https://secure-teams-storage.webflow.io/	Get hash	malicious	Browse	54.149.50.128
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	52.38.120.169
	ACH & WIRE PAYMENT.xlsx	Get hash	malicious	Browse	54.186.56.40
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse	54.71.192.93

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	34.218.160.124
	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138
NEWRELIC-AS-1US	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	162.247.242.21
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.18
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	162.247.242.19
	http://search.hwatchtvnow.co	Get hash	malicious	Browse	162.247.242.20
	https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=	Get hash	malicious	Browse	162.247.242.20
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse	162.247.242.20
	https://bit.do/fLVUm	Get hash	malicious	Browse	162.247.242.21
	https://l.facebook.com/l.php?u=https%3A%2F%2Fbit.do%2FfLVUm%3Ffbclid%3DIwAR3_y5be7qgzc9rWXbeIQlHePNYF96mJvcjTtfijse-VyaDOGbdXhiymogA&h=AT2La9RfuL-CBpF75ix5HdI9ILnyapdVZIzXgRQt4G1Y7x5nZpCr9RLeZPnCT8_3vYaiFFnwir6t35RvMH3lJhYuYrzugBPtxdx4PUirtTUjKnczau25WjD4XcXiFnckifU	Get hash	malicious	Browse	162.247.242.21
	http://catalog.amsz.ua/1.php	Get hash	malicious	Browse	162.247.242.20
	http://perpetual.veteran.az/673616c6c792e64756e6e654070657270657475616c2e636f6d2e6175	Get hash	malicious	Browse	162.247.242.18
	https://iofs.typeform.com/to/vj4hQ0pX	Get hash	malicious	Browse	162.247.242.18
	https://documentaxxxxxxxxckcnq009sos.typeform.com/to/jLMhWTCn	Get hash	malicious	Browse	162.247.242.19
	http://view.e.business.officedepot.com/?qs=3fe5dee3fd6dc334e57f4fe8c13caa1dc833d1845b46e0df5e76d8dcd189c65840b833e5f8853ee5eca50625943bfd8b71f0d693bc12eda6d7c035c0df2243dc5fe3f7c370b5320b8fd654c8b827b865	Get hash	malicious	Browse	162.247.242.18
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.20
	ACH_WIRE_REMITTANCE_PAYMENT_ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.20
	https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack	Get hash	malicious	Browse	162.247.242.19
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.19
	ACH & WIRE REMITTANCE PAYMENT ADVICE.xlsx	Get hash	malicious	Browse	162.247.242.19
AMAZON-02US	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	34.218.160.124
	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138
AMAZON-02US	ACH WIRE PAYMENT ADVICE..xlsx	Get hash	malicious	Browse	34.218.160.124
	13-01-21.xlsx	Get hash	malicious	Browse	18.195.87.136
	NEW 01 13 2021.xlsx	Get hash	malicious	Browse	54.254.26.94
	PO85937758859777.xlsx	Get hash	malicious	Browse	52.58.78.16
	rB26M8hfIh.exe	Get hash	malicious	Browse	3.9.11.11
	PO#218740.exe	Get hash	malicious	Browse	52.58.78.16
	FtLroeD5Kmr6rNC.exe	Get hash	malicious	Browse	3.14.169.138
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	52.58.78.16
	5DY3NrVgpI.exe	Get hash	malicious	Browse	52.58.78.16
	cGLVytu1ps.exe	Get hash	malicious	Browse	18.183.7.206
	pHUWiFd56t.exe	Get hash	malicious	Browse	52.51.72.229
	BSL 01321 PYT.xlsx	Get hash	malicious	Browse	3.23.184.84
	mssecsvr.exe	Get hash	malicious	Browse	54.103.115.211
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	34.213.143.100
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	13.226.169.25
	quotation.exe	Get hash	malicious	Browse	52.212.68.12
	6OUYcd3GIs.exe	Get hash	malicious	Browse	3.13.31.214
	Consignment Details.exe	Get hash	malicious	Browse	52.58.78.16
	anydesk (1).exe	Get hash	malicious	Browse	54.194.255.175
	Shipping Documents PL&BL Draft.exe	Get hash	malicious	Browse	3.14.169.138

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	DataServer.dll	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	nsaCDED.dll	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	cremocompany-Invoice_216083-xlsx.html	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	#U03bd#U03bf#U0456#U0441#U0435m#U0430#U0456l202114170492f#U0433#U03bfm+19796076561 19796076561.HTM	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	VANGUARD PAYMENT ADVICE.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	PolicyUpdate.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	2CBPOfVTs5QeG8Z.exe	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	#U266b Audio_47720.wavv - - Copy.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	PortionPac Chemical Corp..html	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	l0sjk3o.dll	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	COMFAM INVOICE.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	P396143.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	sfk_setup.exe	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	P166824.htm	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	e-card.htm .exe	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	e-card.jpg .exe	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
	Payment.exe	Get hash	malicious	Browse	143.204.99.83 13.224.194.7 162.247.242.19 143.204.93.16 143.204.93.100 54.69.177.146
b32309a26951912be7dba376398abc3b	https://r0qp15r0b1rq05rrpbqbrpq5.s3-eu-west-1.amazonaws.com/Ap3dX.html#joetorre@gmail.com	Get hash	malicious	Browse	54.190.208.247
	https://blog.dericoin.com/wp-includes/shell/ivd/office/office/voicemail/index.php	Get hash	malicious	Browse	54.190.208.247
	http://www.secured-mailsharepoint.online/	Get hash	malicious	Browse	54.190.208.247
	https://alijafari6.wixsite.com/owa-projection-aspx	Get hash	malicious	Browse	54.190.208.247
	http://search.hwatchtvnow.co	Get hash	malicious	Browse	54.190.208.247
	https://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	54.190.208.247
	http://quickneasyrecipes.co	Get hash	malicious	Browse	54.190.208.247
	https://ddghbbf.r.af.d.sendibt2.com/tr/cl/AZ_fzMJRsE3xIeU_QcnTrJNmrQopncatDd-eovbR7xYq9ypiIqtwKWyrTIIdxNfdZBUhEo89L97BvoqW-m0AK8lpY_G1A0R4-OqWFWF7yqRk6IwWGjYQTbxdkNXIPZafVx__3xwAI7RkCXl8CJrNWoLoVVIyiYf1YWtibYMuXAbvq5KxrlLw-G3RcpVIiID2f-TlZx3vckcUFNx1IBpr5JamUxI3ckvzVYmWJV1yS8ZgSAUq_5FOmOxjsnNrYCXLNFt9Ew	Get hash	malicious	Browse	54.190.208.247
	https://donkoontzdds-my.sharepoint.com:443/:o:/p/paula/EpkEAfrMo1VPgFsywG5EnMwBbr42_dHD8h4N6RCWcat9eA?e=5%3a3JiMMt&at=9	Get hash	malicious	Browse	54.190.208.247
	https://austalusa.mightymenofdavid.org/787423?bWlrZS5iZWxsQGF1c3RhbHVzYS5jb20=&&mic#8487?bWlrZS5iZWxsQGF1c3RhbHVzYS5jb20=&7523891&7523891&7523891&7523891	Get hash	malicious	Browse	54.190.208.247
	https://www.edexdeals.com/collections/medical-equipments	Get hash	malicious	Browse	54.190.208.247
	http://p4fxv.info/D3c2Hp2HMI	Get hash	malicious	Browse	54.190.208.247
	https://www.canva.com/design/DAERo5igDNg/4RY_OP3NTUsbjoalCMtZLQ/view?utm_content=DAERo5igDNg	Get hash	malicious	Browse	54.190.208.247
	https://protect-us.mimecast.com/s/JFIWCVON1NCzq3ggtGInaq	Get hash	malicious	Browse	54.190.208.247
	https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.9499katheige.buttbrothersgroup.com%2f%3fVGH%3da2F0aGVpZ2VAd2NjdWNyZWRpdHVuaW9uLmNvb3A%3d&c=E,1,ltSrt2AaJ8-S_58_41jn_nVZjtrZcUJ9VdfgsP12W46O_R6IKdR3KtEWFbEOjrT1SWc5iDMSCu_En-xJAD5q0JnWFr_L3osRw1Vy4JjVvAGbSTphkVGAXf_rtOA,&typo=1	Get hash	malicious	Browse	54.190.208.247
	https://www.dropbox.com/s/1jk3ia2o2kx0p1n/Invitation_2036.doc?dl=1	Get hash	malicious	Browse	54.190.208.247
	https://aftersync.com/blog/rightqlik-quick-access-to-common-operations-on-qlikview-files	Get hash	malicious	Browse	54.190.208.247
	https://gaandt.quip.com/QLStAIvBA1Tg/File-Review	Get hash	malicious	Browse	54.190.208.247
	https://omoolowo001.github.io/myfirstrepo/YWNjb3VudHNfbG9nindex.html?scriptID=35662936635352205&cookies=MC4xOTUyNjY0OTg0MzM0NTQ0NQ&token=81117470799998&email=jeaton@nlcmutual.com	Get hash	malicious	Browse	54.190.208.247
	https://www.canva.com/design/DAEQ9_qXSjI/W-4vWOSA8PP5TXC7Nx9niA/view?utm_content=DAEQ9_qXSjI&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink&d=DwMFAg	Get hash	malicious	Browse	54.190.208.247
37f463bf4616ecd445d4a1937da06e19	#U03bd#U03bf#U0456#U0441#U0435m#U0430#U0456l202114170492f#U0433#U03bfm+19796076561 19796076561.HTM	Get hash	malicious	Browse	143.204.93.16
	J04gSlH5wR.exe	Get hash	malicious	Browse	143.204.93.16
	rufus-2.9.exe	Get hash	malicious	Browse	143.204.93.16
	Invoice-ID43739424297.vbs	Get hash	malicious	Browse	143.204.93.16
	#U266b Audio_47720.wavv - - Copy.htm	Get hash	malicious	Browse	143.204.93.16
	Customer_Receivables_Aging_20210112_2663535345242424242.exe	Get hash	malicious	Browse	143.204.93.16
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.93.16
	Listings.exe	Get hash	malicious	Browse	143.204.93.16
	Transferencia,pdf.exe	Get hash	malicious	Browse	143.204.93.16
	Dhl Client Invoice.exe	Get hash	malicious	Browse	143.204.93.16
	64D5aP6jQz.exe	Get hash	malicious	Browse	143.204.93.16
	P396143.htm	Get hash	malicious	Browse	143.204.93.16
	Code.exe	Get hash	malicious	Browse	143.204.93.16
	UbisoftInstaller.exe	Get hash	malicious	Browse	143.204.93.16
	New inquiry CON 20-10630.exe	Get hash	malicious	Browse	143.204.93.16
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	143.204.93.16
	RLFGB8pdA6.exe	Get hash	malicious	Browse	143.204.93.16
	MPnIQlfxon.exe	Get hash	malicious	Browse	143.204.93.16
	tyoO13LUym.exe	Get hash	malicious	Browse	143.204.93.16
	ORDER#9403.exe	Get hash	malicious	Browse	143.204.93.16

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\06bc3361-d8cd-49e4-8179-fa6669ef9440.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	163454
Entropy (8bit):	6.0821784698693815
Encrypted:	false
SSDEEP:	3072:376mDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:r6mS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	566B404FF26D796AC556916A80AF35FA
SHA1:	2A5D0CD01E100DCC2C20C9FA11E2F2F94312C273
SHA-256:	841C0A02F367C1B5789071DC6F8BE82B2137CEE711C41E88B65CBF052190F3A6
SHA-512:	0DF5E35AB6017DE00B44F3CB9E234A711B267E6F15C73776B475652D09BCF4F9230A33C3F102876A30C4DDA3D225C90D667753BCC9DC0712EDD542DA07A623AC
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\0793a687-1f65-4732-8b2a-c195738cb07c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155606
Entropy (8bit):	6.053347325468977
Encrypted:	false
SSDEEP:	3072:tmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:tmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	5AD7AE596ED9E356A781EE893999A1A4
SHA1:	8E6D0CCA57400980116A3F41DD34C9BBF41D6E8D
SHA-256:	9735398B2CDECD95D4244B90CBD0CB4A087B054248549AA490D5CF8FE79F5FD4
SHA-512:	5EDDD11D40AB87A8007A90EBB656CA13B8CBB5B0C1F2F42A482246F1C872E5AF4BA72DAB72BE1E234FCE6A113AB6D07FBA7F80E40104C98664D43049F4D55D09
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\0daa239f-c2f1-497f-a03b-d83a2dde088f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.744676991544969
Encrypted:	false
SSDEEP:	384:TTwfTRC8Fh2DyN7rwvXN3g/1IHRoGcbr2h/44xwVdA1crmXmGRiNzfTQOdNfNi1b:sqV1GsM8Ye/9xJ0/rSgKfxzNN
MD5:	8BB3CF3883C6130D80E6C69B8099C987
SHA1:	6F7921012E3F04FAB9796A647761FE3E51FD5532
SHA-256:	F1CCCB0B1A2451950ACD12D1129EE64808FE51AA2A4AF58362F75DC219D5965D
SHA-512:	16C077B3591B8F50EDBF5333AED428733B658D95AB28E7350DC518C0037073323B458B82CA5C46EA81797370D739F0DAF5925EFB73C66F3DB530DC90977928AA
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n.....8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\2142d810-d0fd-4283-982d-74e4029f24e3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	154982
Entropy (8bit):	6.051866350294612
Encrypted:	false
SSDEEP:	3072:+mDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:+mS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	74B2E4383A7E316040728A4742216CF5
SHA1:	D9D8F8231F1F40110B68386DB67C00F6E0B31408
SHA-256:	1C49431095D44F8823B96C55A172B5A5EEE7325C7EAD41BF055BC33ED51D51CD
SHA-512:	077F149FD085C348912D74317FBC20A981238A9E39E853E870AD9764AD748F026E70FD46DB3A5E545675868F9520BB54F340117602CC74CB62BCE6DD5A07EA85
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\25d33ad3-8e2d-4c82-ac05-468efc067692.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7454651066985143
Encrypted:	false
SSDEEP:	384:lTwfTRC8JWhNVOUDyN7rwvXN3g/1IHRoGcbr2h/44xwVdA1crmXmGRiNzfTQOdNG:5uqV1GsM8Ye/9xJ0/rSgKfxzN5
MD5:	DA52EA7D8158685C529D1F4BDF471186
SHA1:	F4AA7AA4631E6DD711EF7252D2AC33345BC7BD3B
SHA-256:	8C8529C65126361E66B960B700F36466F4A63794F17EDA280F76C246A0FF3666
SHA-512:	CAD0B4D6500B6BD525BBB7C87F1C281930828EE7C80463920E9A5540B5952B553572940BC610C9EB432BBD25F785E7680428614B4F5F61903C57984107B192E8
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n.....8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\3778490d-51e1-4011-a535-4e5c5b24193b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155172
Entropy (8bit):	6.052354492086619
Encrypted:	false
SSDEEP:	3072:CmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:CmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	1308F6571D09BA46EC573D4D2481142C
SHA1:	EE74888910021EE499C344B54BC7A20F7DCCFDC0
SHA-256:	EA1910307920BB3487C34AF6F351C611D9966897A7BB9F7B0D77D867CE2ECF30
SHA-512:	56DA836BBB0762C9F6B5517DE0B89F8DB50DD531F340BB31752A7B98D35D4A89735ECA12E6DC89D6908A93FBA62D12DE64175E9E9561AC25149E1287877F98E1
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\39c4aff4-8de1-4f02-8578-c2433955c8e4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155784
Entropy (8bit):	6.053766359389846
Encrypted:	false
SSDEEP:	3072:tmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:tmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	4A1546D83461EEDEB04C7F3BFCDE149C
SHA1:	B8AC74BD5A21A44D7B7957E3C5C35F31492AADFF
SHA-256:	9951ABC8C0EC110EE6A4596C4B4842689468434520AFDA5CAE7D5328F8A6FCDD
SHA-512:	D19208353DC5E46D64198777818282DA6CFCDFC373C6EE4753728521DB6955973126DAC0B4E8CBD9F84374495D66331B98C65E3B69745DF182813B68CFD9919E
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\748b0c34-1a12-4268-bcec-551967eff599.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.745137253444628
Encrypted:	false
SSDEEP:	384:VTwfTRC8JWhNVOUDyN7rwvXN3g/1IHRoGcbr2h/44xwVdA1crmXmGSIiNzfTQOdp:JuqV1GsQ8Ye/9xJ0/rSgKfxzNE
MD5:	052FD12CCA3A39872B3E4C95DF27E105
SHA1:	6501AE64A56D485F9840CA362948BD6DB6CC7032
SHA-256:	96D96766C13EEE5EF87DDDA5EAB90D2C6A38B15F3C1A78322826799A51062EC1
SHA-512:	157DEB8C5DD3EE52250B2FBA33F2336832B2D077C5983AE2511F52B9BCDAE37E3EEA28508CAAABAFE09E59C2E17BBBDFA8B66709D6A021BBBA09F9F7117611E6
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n.....8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXwgs0oRL6twgs0oRL6twgs0oRLn:+taRL+taRL+taRLn
MD5:	E6C1693D9F0F6B6E878D098FBFD4C92A
SHA1:	D9D2708143B4A3BA5D14DFED59DCB6B88DF172D9
SHA-256:	E9DA6B8F6549D084D8740EB4C25755989B057EBF4F36B5E526F34DFFAB7500CF
SHA-512:	19B28BFE66708B294AB033C2F87D219E1C29D4F9363AC92E89B9406F6E2ACB13AD5DF73DD7E163D1ADEC0AF89C42DA112AE153EB23378EC29302F91192B7C5A9
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	sdPC.....................UO..E.D.Q.o....sdPC.....................UO..E.D.Q.o....sdPC.....................UO..E.D.Q.o....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05835c44-982c-44b5-913a-2d082b35336b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5702
Entropy (8bit):	5.174279688669538
Encrypted:	false
SSDEEP:	96:nI6E4/ljJfTIIVb5k0JCKL8hkoz1BfbOTlVuHn:nIj4/ljJUIth4KmkMt
MD5:	1CB8D35BC188717EEFD4262A5C49479F
SHA1:	837DE3E7D12A863EB3065EE4BD05288DA79F2AD1
SHA-256:	9E23734E2BB5EFA7E50F04E72A281EB1D701A0B11190B09E9E6ABBD03531EE03
SHA-512:	64B1ECCFE95F1452D2DF2737CA95ADFC7BBD97A4E22006982A75BAD1732016A0F8E3BA844DA534D5ED8E632830551085E78F924C706E12FE3E237852709EA19F
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13255037829929298","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245924509391818","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"bookmark_bar":{"show_on_all_tabs":false},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","2042016"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05f90d01-05c6-4c9e-8eee-cd2c527f665c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	21282
Entropy (8bit):	5.5529336224122225
Encrypted:	false
SSDEEP:	384:Uyt1LltBXl1kXqKf/pUZNCgVLH2HfDDrU+HG1nZAM0kki4l:XLlbl1kXqKf/pUZNCgVLH2Hf/rUuG1nw
MD5:	4387E5A46190AA6416DE13C99D116A27
SHA1:	133C8A35A1436606FD8599CE18A46DBF5886009E
SHA-256:	2627D5E700B950B18B6F381BAA9BAED9812BD9EA844C18A0EED2590D27183317
SHA-512:	F61288799971E01111F13B96B9592ED0BF70265DC2C181CE349A761481CB6DADB65DE6485B7939BBF8D9DDFB83A46521C21427B41005C44163F2FED8EC94C488
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13255037829691839","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\275d7afb-2a2f-471c-8364-036aeb480a2a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5701
Entropy (8bit):	5.174206283948734
Encrypted:	false
SSDEEP:	96:nIIE4/ljJfTIIVb5k0JCKL8hkoz1BfbOTlVuHn:nIN4/ljJUIth4KmkMt
MD5:	F5E4C6457699F461A6FE1D27EFE31C0D
SHA1:	31853BF1D331E97E5F71537AD1842FCB5166BBFD
SHA-256:	2B64C351CE0459D3F4F068D6505B9B74A8BE8BE83C6AD76B81E151F37EC070C9
SHA-512:	73662EF90B9041FBAB72E93E03461773B229615FD92EF270D2215CFC9A78B7DDACD00EB43960CE6B99D5BF1CD4400B96F117D93B12D593E60B86946DE4FBE41B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13255037829929298","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245924509391818","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"bookmark_bar":{"show_on_all_tabs":false},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","2042016"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\433510f9-d009-4436-b79d-8362dbef739a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5701
Entropy (8bit):	5.174206283948734
Encrypted:	false
SSDEEP:	96:nIIE4/ljJfTIIVb5k0JCKL8hkoz1BfbOTlVuHn:nIN4/ljJUIth4KmkMt
MD5:	F5E4C6457699F461A6FE1D27EFE31C0D
SHA1:	31853BF1D331E97E5F71537AD1842FCB5166BBFD
SHA-256:	2B64C351CE0459D3F4F068D6505B9B74A8BE8BE83C6AD76B81E151F37EC070C9
SHA-512:	73662EF90B9041FBAB72E93E03461773B229615FD92EF270D2215CFC9A78B7DDACD00EB43960CE6B99D5BF1CD4400B96F117D93B12D593E60B86946DE4FBE41B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13255037829929298","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245924509391818","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"bookmark_bar":{"show_on_all_tabs":false},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","2042016"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7db05ec8-0ce4-444f-9033-de204e61a328.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1208
Entropy (8bit):	5.5721152883881855
Encrypted:	false
SSDEEP:	24:Ym6H0UhsSTG1KUeiXzkq/HeUeTOWTgU+INzUeTOY7wUBaRUeiQ:Ym6UUhyKUeiYqPeUe+UxUeRwU0UeP
MD5:	038C9BA12B4C97898049EF433DFF650B
SHA1:	5E7C09CCE929F93DE8E9A02BB96941BC1F54D1FC
SHA-256:	30F7B74647CBE126A7B3076AD83D1C025E598EF6F6E307B4C1FD6E8B9953E630
SHA-512:	2DF2036572C183F89CA7DBDEEC70666C5B098C2F9A66D60FEC808C5959E2E6C03D1872ED98DC8BFF918B716067282353B3BC7D877FF6C70EB1C89719B5309F95
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1632986995.029294,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601450995.029298},{"expiry":1632986994.959502,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601450994.959505},{"expiry":1632987007.31909,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601451007.319093},{"expiry":1642100236.388618,"host":"1/zjiYri6DU3r37mBZ7oBJ2QCdrcSIxwuCKUJU8sykU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1610564236.388622},{"expiry":1632987013.78633,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601451013.786337},{"expiry":1642100234.445751,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_ob

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\885d0152-61f9-4bc2-8f6d-3463cb597828.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2438
Entropy (8bit):	4.840689261246433
Encrypted:	false
SSDEEP:	48:Y2nzMK6qDHGXCtwWsiRS2/HT6xsLkqoasLZyKsP3zs/MHDNsiYhbw:JnzMKxDHGXCO402/HT6wjo5Z6+GDNsHm
MD5:	ECABC917A0BF95E26BAEF095FB646C78
SHA1:	8C3B46711333EA9E6D33F178516BBB5B9D273E04
SHA-256:	5287418E5B64A99A0476FE60160C84197DCCE01E1FAD3D67098879520359475C
SHA-512:	0893BD81FDDD3B085E13DAC77EB4CEECE0C61B6D898675D8F9B301631A3038EFECDE8209422B81685925C6A05E2613A18FEA8B0CDBCAAC0710546D4A4169AF16
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13257629834445695","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"isolation":[],"server":

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8fcd80dd-fcff-4532-9690-4adef02e9067.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.246658054978358
Encrypted:	false
SSDEEP:	6:m21Ln+q2Pwkn23iKKdK9RXXTZIFUtpd1qZmwPd1TNVkwOwkn23iKKdK9RXX5LJ:fLn+vYf5Kk7XT2FUtpPq/PPTNV5Jf5KU
MD5:	F7645EB6DBA0E73C92A66399CB5129ED
SHA1:	31F59B51A2B9CC51FEF161D7650EDC452F04376D
SHA-256:	7ACED30F982265946A2553AA8BF29E3E1783E2A1A61D635C41AE2A3FE27A1FD7
SHA-512:	7B3E4F184BDCA9D31EB654489FFE8CE31AF8E0AE9E0029628B39F3E40216C64B7838B6A8F78B7FBD6B718F7B05811F3AB46560A707B06001E884DF79A7AAF984
Malicious:	false
Preview:	2021/01/13-19:57:16.937 1b9c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/01/13-19:57:16.938 1b9c Recovering log #3.2021/01/13-19:57:16.939 1b9c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.233882842953956
Encrypted:	false
SSDEEP:	6:m21Gy3+q2Pwkn23iKKdKyDZIFUtpd1GoVZZmwPd1G9VkwOwkn23iKKdKyJLJ:fGy3+vYf5Kk02FUtpPGW/PPG9V5Jf5K1
MD5:	A28AE4A7EFC7F0A79A8AA79ACEA6871A
SHA1:	7A98ADE3D61E5DB242910B883D4620BA8A309540
SHA-256:	DEF2E1E960C8D48678E542CB9F3232090012DF92C7C862F74D4F89FD95108E4A
SHA-512:	81E6196997D09288E05405B3CC10996DDD882FBE6A110411A59B3FE6D0381E1E95C09D1E908B273E358133D26B21623E96B4E01F3E8BC68C59CCC4B5214FBD5D
Malicious:	false
Preview:	2021/01/13-19:57:16.920 1b9c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/01/13-19:57:16.924 1b9c Recovering log #3.2021/01/13-19:57:16.925 1b9c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\06e7ddbb9e13886c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.458711255279954
Encrypted:	false
SSDEEP:	6:mpXYxRQ3GjXGLqPTgf0nGGCb9SZNQ2/9yZe+NaK6t:sYQ3+cM8UGHMNQjZG
MD5:	FA7BFFBF949EA74FDD0BDCE08E354E22
SHA1:	77EE8BC2D993F7B3A282823A1D4969EF718E73F5
SHA-256:	E8542CCAC2B453D05D341253A9B38B062174D3A389C29C8B7B300DFEDD3B7E9E
SHA-512:	1477D81CDEC614AFC097D6A151F8F0C38BECD78400BF2198DD3D5B757DC20F4F5C4A3CED62144D192E46271FFB67105CEED6703804D5B848830E1EFCE935F8EE
Malicious:	false
Preview:	0\r..m......c...P.7....._keyhttps://renderer-assets.typeform.com/modern-form.49de46ab5c7ed7587b97.js .https://typeform.com/....b./.............p........h.....W@......y.v.~.f...\|;..r.A..Eo......4Ty..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\45f83ee2a5dff1fd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	235
Entropy (8bit):	5.490957465177054
Encrypted:	false
SSDEEP:	6:mlr6EYxRQ3GjXc7BAMdWsGGBdGSWl2WIAPvH4ruD/ZK6t:cYQ3+cVASWsG5F9PvH4C7T
MD5:	F9EC40D72118EF0CD09EC101FD6D1867
SHA1:	C85FFCBBDE63EFD7399E5DDC4833014C0BDD5C3E
SHA-256:	C43A88A9224C039B8C7B6485CA56CB42FD9B61B44A81F0860DACDD687B1D0B60
SHA-512:	68867162701EB8EA0D1744D40D32B621AD7ABED738F266862958F6838B7696BA64ED59B8A6CA7922D0B5434DD94B568C99DABD35CFD6E77FF6F75BFFE151A370
Malicious:	false
Preview:	0\r..m......g...U......._keyhttps://renderer-assets.typeform.com/modern-renderer.36eec26e0148023415c0.js .https://typeform.com/..b./............._.......SmN..u..0..g.s......@....w4.l..f.A..Eo.......I...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b4c207083ca8268_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	248
Entropy (8bit):	5.641110938635516
Encrypted:	false
SSDEEP:	6:mhYEfLcJJrmYeDWS4yKv3UGGsl9SYgyIgfNzchjBK6t:If4vr4KxxEGjDbNwVb
MD5:	6624DC21954FC23C1C6E2515A2ACA9A8
SHA1:	BD8A75ECBC2D5CE8FFC3879444700659952E6FDE
SHA-256:	AFBA029A61D586BC04E4B15EE982BE51A33EE484170B826EC87C6B91CF34BCF7
SHA-512:	471D683F846058ACFD2BD9B3A64A9DE879B4E73DDDFB6F6CA88F07045109FA493697D681282A43EAE6D6934F7D838020BF08CC9ADD28FB7DA30EBC8DEA6A7F45
Malicious:	false
Preview:	0\r..m......t...ie......_keyhttps://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js .https://typeform.com/...b./....................../v...%]m.. .0vi...$.+...^....A..Eo......h..~.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75b6d577ef7e1c2b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	239
Entropy (8bit):	5.518323589752072
Encrypted:	false
SSDEEP:	6:mUJOYxRQ3GjXsXZMi0GGy9SqWX/qa5K47g/ZK6t:p7Q3+sT0GtrWX/q4gT
MD5:	47DCEFFA6D4705CEAA694DC3E4B74AD9
SHA1:	0E0507C0014D27872F6AE46355B66BA7F707136C
SHA-256:	B60A63F0C2F8F3130B239FDD23F20DE324D654A435542B375E0244649869E2A1
SHA-512:	BCFE42E73996CAAD53CA239B3760636AF87AA2CBCD3669132425CE34E1685475489B82D4D95BC55D8F7621A4ED1A4E3E400ECF6466E2DC34C74CCB858CFFDDE3
Malicious:	false
Preview:	0\r..m......k......c...._keyhttps://renderer-assets.typeform.com/modern-vendors~form.d4cf4f8fd90b06b3c412.js .https://typeform.com/....b./.............I.......y...Q..V>.z....C:....9....P}MD..A..Eo...... .>U.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	x86 executable not stripped
Category:	dropped
Size (bytes):	336
Entropy (8bit):	4.953572328887045
Encrypted:	false
SSDEEP:	3:QHFjgsl8vp++J1o+q5TvPZdGJ+FFdgEJ+FR9Iptlll5/lOptlllKL8ftlll0l0qo:cGjx+SVq5LB7CDcTxzPawAfyDntM
MD5:	C448E13A82A02A7E39BEB88AD065C001
SHA1:	23707A1DEDC851CE7823B4D1C8576BF7704C5C42
SHA-256:	446E7D8184AF4CFE194CDE66BD2D192ECE0F779D08A3A41C9368D89B25C59461
SHA-512:	FE3E2656726CA7F5ACF32BC2FB34D529396268E1702B3512A5E6B2BE5D2FCE1195B3E0F6EED6CC595727643B00B51147AA3D25382A7EC38A830C1BCFB154EC62
Malicious:	false
Preview:	H...V<.Soy retne........................h..p L[....b./.........+.~.w.u....b./.........l...........b./.............>.E....b./..........^}.Np....4&../..........-..0..x..4&../............/...3...&../.........I....uW....&../............Q.i....&../..........6,2.+.g...&../..........D....3...&../.........4T/f.C3....&../............b./.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.4553218862189417
Encrypted:	false
SSDEEP:	48:TekLLOpEO5J/Kn7UxUd3IfT6ZvYfvoNpEhm:dNwla3IL4BNpEhm
MD5:	2F202BC0C479C817F7DB41C4FCF4B02B
SHA1:	24C6272592D7FECB03857183533597878EEF2D2B
SHA-256:	A151A33870AC77488C675A274D84C75F2D8AED5B97E777E942D52F14CD23B46A
SHA-512:	0EA993F36253B5C8AD916B778A8FD1E5817A2189EBC1730C49619C427A2E99AE8F916FE5E25686C9A116F063CC3CCEB58FD91AB4E108279936A5C0CBE0D370BF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9738461012986404
Encrypted:	false
SSDEEP:	24:Nse9H6pf1H1oNoqLbJLbXaFpEO5bNmISHn06Uwm8:NsbfvoNoq5LLOpEO5J/Kn7UN8
MD5:	B8433C5566FDC581C4D34283D78B4656
SHA1:	10AE91F9C10156503A3FD690AB460E3740C1A79D
SHA-256:	5305ADFD87ECF6881F9AB087E9FCF2D73E0FDD2D5777798D6936EB814F8204A9
SHA-512:	17A08BE8041A2E1C2A8FE3E2CB5DE6FC5B5D67F8D9DCF58DF24D8D6F59D6E67190613DF441E368BA44DF8B0D9DC26088172772040EFE263081A7E0C6C68FC6CE
Malicious:	false
Preview:	......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	970
Entropy (8bit):	3.386130592828688
Encrypted:	false
SSDEEP:	24:34SSXUzVh56G3asbejlWk56G3z6lrlrlr:345QwcqjU7Xxxr
MD5:	B52898027E3B01ACC385E08CC996250A
SHA1:	6FE46CD917CA406C3B531D0380DF87FEEE30180D
SHA-256:	76DA33FF04BDAF7CD88A50E6CBDFD254DB92AB31967C79C9ACBAFCA5CDAD956D
SHA-512:	5BA779A7394DD8A202E364D726A63E6385A4FEA8AB1AE9D3AF2C4047CCE6C4BD2FDBA4596AC86DCBE7920F00AA9210AF3AB00734B174BF10D7061846D3B9D2EF
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...1f0555eb_2742_4e44_a3b4_1b9260be3798......................'.............................5..0.......&...{730C75E3-B87A-4292-818B-DC8F984D08AE}.............a..\...........,...https://24mbw17feyn.typeform.com/to/ZlFRrg5s....................................................h.......`........................................................O......O.............................................`...,...h.t.t.p.s.:././.2.4.m.b.w.1.7.f.e.y.n...t.y.p.e.f.o.r.m...c.o.m./.t.o./.Z.l.F.R.r.g.5.s.................................8.......0.......8....................................................................... .......................................................,...https://24mbw17feyn.typeform.com/to/ZlFRrg5s.....h..b./.....................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlX:qTCT
MD5:	51A2CBB807F5085530DEC18E45CB8569
SHA1:	7AD88CD3DE5844C7FC269C4500228A630016AB5B
SHA-256:	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
SHA-512:	B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
Malicious:	false
Preview:	.f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.2620608407973135
Encrypted:	false
SSDEEP:	6:m21WFeNOq2Pwkn23iKKdK8aPrqIFUtpd1aFsZmwPd1ZPkwOwkn23iKKdK8amLJ:fXNOvYf5KkL3FUtpPV/PP95Jf5KkQJ
MD5:	9C48C7C12EC1DF5759A3A719F12C8BDC
SHA1:	50562EFBC3D6DFCAF5E9A7AFADAF2D1DE3BA824D
SHA-256:	348C9C5598F64663D55C799485E8FC70563F774A1B9DE145FE60169BC660E0FC
SHA-512:	BA38E19FA1E4CA4B9010AFA5FB23AAA4AB9C6E296194462A47DB3F88763201AF85EEC969045852D88E92BF9E580BF140E04F07C236134ADE654A41A23AB83766
Malicious:	false
Preview:	2021/01/13-19:57:17.284 1bf4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/01/13-19:57:17.288 1bf4 Recovering log #3.2021/01/13-19:57:17.299 1bf4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	513
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	C92EABB217D45C77F8D52725AD3758F0
SHA1:	43B422AC002BB445E2E9B2C27D74C27CD70C9975
SHA-256:	388C5C95F0F54F32B499C03A37AABFA5E0A31030EC70D0956A239942544B0EEA
SHA-512:	DFD5D1C614F0EBFF97F354DFC23266655C336B9B7112781D7579057814B4503D4B63AB1263258BDA3358E5EE9457429C1A2451B22261A1F1E2D8657F31240D3C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.246849753792277
Encrypted:	false
SSDEEP:	6:m21v0Yq2Pwkn23iKKdK8NIFUtpd1v0eJZmwPd1vKkwOwkn23iKKdK8+eLJ:f8YvYf5KkpFUtpPn/PPy5Jf5KkqJ
MD5:	8C2DC57CC6722046FED0682E821FC5EB
SHA1:	C630D0892C8E4E46F9274C423E2ED7C250B16F48
SHA-256:	D6C43840DCC7EA2919E8D83D3BE790164633913733DCE4FFA222BEC3CED0B9E3
SHA-512:	21160E764C4359F7D3372B2D08B9AE787F4F3ECCDFB1780747E55A87C0A1BF5BC3C1121915992E3DD29F4CF1EAF7C675498B76A34590FC2361F5D482E13737C1
Malicious:	false
Preview:	2021/01/13-19:57:11.964 1bf4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/01/13-19:57:11.965 1bf4 Recovering log #3.2021/01/13-19:57:11.966 1bf4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	17938
Entropy (8bit):	6.061511031838911
Encrypted:	false
SSDEEP:	384:ahlZ97TC4hNLFkQF/4H/vo3c93yaM5ZAVGnLMeP3rrBsuzfccHyfXRH0MVEPT:ahlvS2Fk5ooNM5Zg+YePRgpXRHLVA
MD5:	58E0F46E53B12F255C9DCFD2FC198362
SHA1:	24E3904DED013ED70FFC033CFA4855FBB6C41C19
SHA-256:	F82EEF4F80D86F5DEF0F40F91FFB6453E1706CA5FD8A7172EDB19C4B17E2F330
SHA-512:	1AC83CDFF124E4C0281FBBFC0A919AA177F1524AB85434D82E5A87DDDF7CAC26A761C5E6249566626054C62D6B0F46A51AAC1F6E64C260F50832AE1D5F0A49BC
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["vyABSKu1ssLnoQtj8Nqw6CjEthL33alh0QYBLzRg9+E=","DGWrOFQ2mF53Fk3FM5jLCV5sKg1DgRTF750mXhpKaoM=","f8vmSL13lL5/sEk/UBo2z9BTE1au+kMnftvxebWlLfQ=","g6BagkGM3fYVfhX6pe9v+WIhrxb6KJyr1H8KEdf3iQc=","6GdjKPovCi9TAL74Kj/R6GzGC1RVsWCb0lMtrG41ElU=","vttVT0ok78296FZBpoJgEIMmZmATBpKLrC5wr6RiPIg=","5dwwmOMAg6GXh2x6hn99MsZgiXJCxgTnwFdiMmcl2/0=","lQFxytI8i5cYLqNLbSnc45XXd/jEIuKwO1nAvNh5/WE=","qETF6aAOXwVcduPggf/FGrY8l2ALwdIswKxFJWG2JpQ=","+fjs95t/ESSgtcK9SzZOIcY/aemUr2I/yYI07esfjbk=","H+r4m51qI4G0z8YtAibc3/AGYvPK9qT14BbGvmM4/y4=","Qz4vtomAqVrAeKIcJ/zbVi5yDpFiY+F7tP/FTdoAKwU=","k110zqa69JMO5T4RH/nBdkCVX9I/98Gd7K2dnRuyFyg=","+QrRx4Pz8wbz4ef9ch1Q2aAQDZbv0r64NMyj9z0qaaE=","6q/tcYekY7TN66ZdPx4ALLcteRLQJqFy0wgcIqL6fFU=","djipPPtOAFsToDpKDbadLJLGQiCzTkN2qsRbzvKijBo=","uHEm1DVxHADroGNWHjmdfpdNUgtHXDQ0zfTmdqtJgYo=","1C2E0Gz2nqKFG3ghcQEVyiTYI4rTYNnrpsHQY9J7BfI=","swYZ8T85/4tzx26dfC0RKxMiHwnjqJoxtn0Mb8NdcjI=","AuXwavx8SOtkgFhnRlnM4roIw243Ryh2ktL0QZRDLoE=","oG0S5XUkjBtAHts9X+uQt5MTsf

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	2.2442458383663575
Encrypted:	false
SSDEEP:	96:tBCiE1YFz2ZDQB7wK/bPzEwYXtIWU+6xki:7cYIZMFwuYwmtJ63
MD5:	AEAF8EBDE3C6EF630AA72615FAFA29A4
SHA1:	F6E02F440062208365E6C2F8B697C3DED4881692
SHA-256:	AB64DF5EC28D01885C7569F3F63E7F82C0E0C63F5634572C688B8350CE8011C8
SHA-512:	9F41AE9140CF74E2C71C694FFAF50E764228034A1DFB5B0C96A39B9D44AE1E9974CE47BFB8FF48DF93067834878E6C0FDAA7CE2A28AD2808DC265B3653F0B69C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16972
Entropy (8bit):	0.8132154457746228
Encrypted:	false
SSDEEP:	24:AMqol/KQDxyLjtVxh0GY/l1rWR1PmCx9fZjsBX+T6Uwnt3n:VSSCBmw6fUe3n
MD5:	43CB24131E15A3A85C7583DA6DE58C45
SHA1:	78D1D8FBB05C908AEE3E94C4F9E9F8B24D1E3D93
SHA-256:	2DCD20A4F9D93F87843EE95515DD9C6D3077DE88CB459CE1FF4B6006694D298B
SHA-512:	01D8C929FDC763E3524B8570CFE553E9E9A16A41915F0DF5429504278866667F6AE78D6BC40900893BF1BA4C6844A8F572F94291872EBF5180B3C568052E7DDD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.2952124712408635
Encrypted:	false
SSDEEP:	6:m21/I1N+q2Pwkn23iKKdK25+Xqx8chI+IFUtpd1Tu8mZmwPd1IiVkwOwkn23iKKN:f/In+vYf5KkTXfchI3FUtpPThm/PPIiy
MD5:	ECE2D2F562FFBD2537FCE87DEF4633EA
SHA1:	0D90F028A25B74CB9FC6E2ED369D3F46A0DFD945
SHA-256:	1B1A367ADB0A8337E7E88D6A690C6B021FCDE6FE607FD74960A593C0DC52383E
SHA-512:	E66BC74C5092EAA5C209BBD49A2AED0A63E0898A298B6F6F3BF7B18797EF33BE97FA0DAD8CFC53B44D61826DBAAB6916A866E49EC2EA057170FEFB02CC51219C
Malicious:	false
Preview:	2021/01/13-19:57:16.846 1b9c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/01/13-19:57:16.860 1b9c Recovering log #3.2021/01/13-19:57:16.861 1b9c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.261956077846899
Encrypted:	false
SSDEEP:	6:m21JN+q2Pwkn23iKKdK25+XuoIFUtpd1FZmwPd1pVkwOwkn23iKKdK25+XuxWLJ:fD+vYf5KkTXYFUtpPF/PPpV5Jf5KkTXp
MD5:	08B7517692E2E6571D7DDB03285C509A
SHA1:	922414105470DCB3589923121E24C778F534AC1D
SHA-256:	A66AC1EEE166F6085D8601A4CC4F360DC1735A1B6790BD2D3443C0D502708F7E
SHA-512:	F6D1A797D4EDB72CEB02910D351C64C014934EBB0D3EED8B21AA715230B4595D787171DF959A71C4761233763FFB1E2C8283375805414A221D821BD2E0430011
Malicious:	false
Preview:	2021/01/13-19:57:16.836 1b9c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/01/13-19:57:16.838 1b9c Recovering log #3.2021/01/13-19:57:16.838 1b9c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.265356308428281
Encrypted:	false
SSDEEP:	6:m21kN+q2Pwkn23iKKdKWT5g1IdqIFUtpd1vZmwPd1vVkwOwkn23iKKdKWT5g1I3e:fkN+vYf5Kkg5gSRFUtpPv/PPvV5Jf5Kg
MD5:	92A21436285532CF67D251B54BDD9B2A
SHA1:	6CF8BE1E67727408F566E050D0C75597DF24367B
SHA-256:	08A4035B2670A4AB2F5DC4FDE8D182481052E5FBA08CDBDB1A1F4049A5AD4B4A
SHA-512:	5D7E34EDFE8CF1E5340ADEDC6E85ED23FF8658F83DD9F886DE866E634955429DA934F4B18AE60FC8D073ED1410380CB107E6CE25C56C58B1A337E77B33F03404
Malicious:	false
Preview:	2021/01/13-19:57:16.819 1b9c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/01/13-19:57:16.821 1b9c Recovering log #3.2021/01/13-19:57:16.821 1b9c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	modified
Size (bytes):	296
Entropy (8bit):	0.45488079341118026
Encrypted:	false
SSDEEP:	3:8Efl7Vyu:8KT
MD5:	EB8CCC9C0299C83F983B3201DB3CD505
SHA1:	13E74C80B3DEEC0E767A01C3C36F1A83EF1BDD5C
SHA-256:	A29047FFE660E032C0EE1EA4D0DAFA48C7EA15135CA0D5A82756B6CF95D9DC46
SHA-512:	E5021820657889E796BA89252786FA0485B1C18DDDD8866ACCD889D8ED3EBF0D841982E8E6C212BF45F1EAD71BBE247827BEE39DBAC635B6DFAA6EA5F0A70B63
Malicious:	false
Preview:	.'..(.....................................................................................................................................................................................................................................................................#.b./.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1142641275723986
Encrypted:	false
SSDEEP:	12:TL+A/H6f6K36G3C0z2LZHNuQ/AGI/UOKK36G3q:TLxA6G3dSLZtup6G3q
MD5:	E229919F73CFE641DE9833512928A390
SHA1:	C2647E316353BDBBB58AE07B015744DA252A1905
SHA-256:	CF66A45EE55FF8793DDF750962942179025796AE1AB8167FDDB117E353A12683
SHA-512:	A3D92A27167F6067771638A7F09F692BDA10D4791034BCBFC611E253A543309C22902D70DCC26F009BF73E47EADF1350586B1DE7B72F2B5B847E213A21AB4BF3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	715
Entropy (8bit):	5.308575315631728
Encrypted:	false
SSDEEP:	12:UyQuCIqR8jKVszbL88wUr7EUQZkNCPpTNkzBBk778B/xgskZBa9sdat1arf6K36a:UyQGbL8w6yCpwY78BJgskfa9imor56GB
MD5:	41AD984C72058F69551C87C7859BCA3A
SHA1:	F17805B99E83DE08427FD22DD2E56840C0BCABFC
SHA-256:	E1C479C0378F2B27243F2A3D618DDF3A944D7D9DCA23445B1CAA5652CEBE8962
SHA-512:	50AC9B907E93618FBA864D7BBD36DC1E2AA31C4122723B6D61849EF887B479F152D91E33EB881BB85366D69C5E87AB988D22506A9FBD372A8C817D9FD205C06A
Malicious:	false
Preview:	............"Q....0fflce..24mbw17feyn..365..com..https..mall..mlcr0s0ft..to..typeform..zlfrrg5sy......0fflce......24mbw17feyn......365......com......https......mall......mlcr0s0ft......to......typeform......zlfrrg5s..2.........0.........1........2........3........4........5.........6........7........a........b........c..........e..........f............g........h........l...........m............n........o..........p.........r..........s..........t...........w........y.........z...:\............................................................................................Bo...k...... ......,https://24mbw17feyn.typeform.com/to/ZlFRrg5s2.MlCR0S0FT 0FFlCE 365 - MAlL:..............J.............!$......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.11707830194902678
Encrypted:	false
SSDEEP:	12:czgaqLBj/54M3lig4nMWQASjG9LsBQZ8fOa:uqLB2M3kBf1NsTfb
MD5:	89863400D10CF771A616724B3797D1AF
SHA1:	20A8EF5F28EE08090BA6DBCC7BFC49DB2023FEF9
SHA-256:	67FC2563C22257299DDB530B9AE5E913677439FD17597ACCD6297C00A0257AD6
SHA-512:	2474886D7C5079D7AC9BCE8D12578C4585E9B67A300D149F73CE5776F0AFE7D2BFE729BCD0C4FE749762B62C194CA3A112B64D5B88B4223C1E59BD69F5A29F7D
Malicious:	false
Preview:	..............>.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4768
Entropy (8bit):	5.6952462330552285
Encrypted:	false
SSDEEP:	96:K2GVy4PUna7nnMbpdbz5GWwbQ5fgGarS01O:PMdPUnynn6pd/5GWwE5fgXo
MD5:	FB2F0DDFE42F10683D1C55F2205E1A7F
SHA1:	92AFBBF05DCC7EEAE0F01DDD5F44B659F51CD962
SHA-256:	35C6A0820CFBB2F4E31C6FB00EE046F5F2EE911E62CBCDEE443422B775737585
SHA-512:	650FC46B30516414B025E31F3CFA2D02D9828324E904D56FDA8C12D24FFA33927FCFC4A6D7D09A8B3D94D61E010E036C81F97751D4D903233246C4620DCB7E0B
Malicious:	false
Preview:	.Ky.Z..*............%META:https://24mbw17feyn.typeform.com............5_https://24mbw17feyn.typeform.com..ZlFRrg5s-visitorId..ZlFRrg5s-1610564235916-14.3_https://24mbw17feyn.typeform.com..ajs_anonymous_id'."55a25761-e23f-4095-ac07-f5925c049aee".(_https://24mbw17feyn.typeform.com..debug..undefined.U_https://24mbw17feyn.typeform.com..segmentio.4f545e35-70b0-406a-b141-24c492698e60.ack..1610564240278.\_https://24mbw17feyn.typeform.com..segmentio.4f545e35-70b0-406a-b141-24c492698e60.inProgress..{}.W_https://24mbw17feyn.typeform.com..segmentio.4f545e35-70b0-406a-b141-24c492698e60.queue..[].\_https://24mbw17feyn.typeform.com..segmentio.4f545e35-70b0-406a-b141-24c492698e60.reclaimEnd..null.^_https://24mbw17feyn.typeform.com..segmentio.4f545e35-70b0-406a-b141-24c492698e60.reclaimStart..null.G_https://24mbw17feyn.typeform.com..37a13278-611a-451a-97d6-e797759fc919.._https://24mbw17feyn.typeform.com..__storejs__./_https://24mbw17feyn.typeform.com..ajs_group_id.7_https://24mbw17feyn.typeform.com.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.178589959530347
Encrypted:	false
SSDEEP:	6:m2EQWM+q2Pwkn23iKKdK8a2jMGIFUtpdWG1ZmwPdSMQWMVkwOwkn23iKKdK8a2jz:mQ+vYf5Kk8EFUtpEG1/PtQV5Jf5Kk8bJ
MD5:	5081D784A6DB2D71DD1662208828C20D
SHA1:	22776F2821F947E5368613D2D94C03A1819D7621
SHA-256:	0BC22A7110FAB9997D15F52A80906C48F47FCB3BC8A72C49A025448C3517D8A2
SHA-512:	031CE74D89B3A66F8F47021A87DB8ED8C01EE4F308040FADA748CC100B89EA8D2A2ACE6C3480F1A1E17CD94565FAA415E9C9A993926E306FB1AA953510FC34A1
Malicious:	false
Preview:	2021/01/13-19:57:09.774 19ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/01/13-19:57:09.776 19ac Recovering log #3.2021/01/13-19:57:09.777 19ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.2106009135186495
Encrypted:	false
SSDEEP:	6:m27cMq2Pwkn23iKKdKgXz4rRIFUtpd19ZmwPd1PkwOwkn23iKKdKgXz4q8LJ:lxvYf5KkgXiuFUtpJ/PD5Jf5KkgX2J
MD5:	F88F5BA73C1B16D05B601A7C7CA26E9F
SHA1:	9DF7C0322A048CE6714E734D9534172A9B012A64
SHA-256:	F2840649BB1067F3FBC71AAFAE5219D64838BAE2746011B91EEBA3B07372ABD3
SHA-512:	F0F49E204E4B2AEC71D64F596D70E796895A6D6A858F1E43B65D36A846E6B5D1940D9B18949EBECABBFA59DF61D91AD0D165C3A30002453ED94A8BF8F5B6A13A
Malicious:	false
Preview:	2021/01/13-19:57:09.974 1994 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/01/13-19:57:09.975 1994 Recovering log #3.2021/01/13-19:57:09.975 1994 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljl:5ljljljljl
MD5:	181ED05FAE6D31CDBFC2680CB632F859
SHA1:	B6391180B7167969686A3986E06D975F4CE67FAD
SHA-256:	62150C5EA1D8CFDE4916440F9662C32F3DCC1207BBC5441536D121EC683607E4
SHA-512:	40D79847C0420FA9395511DAA271B735ABD60CB55983F23DBF9552E56AAE1D915058D6D236D37D433FA7B16567957DB2C515BDB61B9032003914FF34EFA26BB5
Malicious:	false
Preview:	..&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.160667215019383
Encrypted:	false
SSDEEP:	6:m2RO3+q2Pwkn23iKKdKrQMxIFUtpdYyWZmwPdYRVkwOwkn23iKKdKrQMFLJ:XO3+vYf5KkCFUtppW/PUV5Jf5KktJ
MD5:	EE68DDCF5AC1ABC7910589623F7090E9
SHA1:	63909843EA29D6B3608F395547EAA707782176B7
SHA-256:	AFF34505DF5460BFA05133C0DA4BDF02037F93B06CB2AD14DADEF7DF4CF7A132
SHA-512:	B31F02500CAB5AA545C5FC819AFDE8FDC1DC9E091A41A54E4A8079858C6685EC876D88A6FFB3F00AB07F0A080585CBC846300C24FC35A6441C3C404BEB0CBC8F
Malicious:	false
Preview:	2021/01/13-19:57:09.924 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/01/13-19:57:09.926 1a3c Recovering log #3.2021/01/13-19:57:09.926 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.147410437388126
Encrypted:	false
SSDEEP:	6:m2QFEi+q2Pwkn23iKKdK7Uh2ghZIFUtpdUFvAWZmwPdHGiVkwOwkn23iKKdK7Uh9:yyi+vYf5KkIhHh2FUtpGVAW/PBGiV5JA
MD5:	D662414DBAD9107A7D77E7D2FB28D27D
SHA1:	90C2C66F21605BFA6D11E823EA2EB795CA914551
SHA-256:	A38BF9027A4F5E723402324B81466750A0A48B994F997937E95152EDD8A1B404
SHA-512:	FA22BD3A4BFEF152EC3D85E6CB94B5734CEA008FE852E827C2A20AA041FE892791D152FF565E81F0EC57EAAF3A139B381BC19347228792D65FC544505F09B55F
Malicious:	false
Preview:	2021/01/13-19:57:09.692 1acc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/01/13-19:57:09.696 1acc Recovering log #3.2021/01/13-19:57:09.699 1acc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.239016844011088
Encrypted:	false
SSDEEP:	6:m2Xi+q2Pwkn23iKKdKusNpV/2jMGIFUtpdc4WZmwPdSiVkwOwkn23iKKdKusNpV0:hi+vYf5KkFFUtp/W/PnV5Jf5KkOJ
MD5:	F299D11E5EFA15DCA0F05657ED96644A
SHA1:	50B98E182485CFB68A88C8919CE506DAFDB4F1B0
SHA-256:	A57C138442A948BC5AA1C0BBCE7D9963F0769E98761FF0A76A2F161D2B5643D3
SHA-512:	605B3109D9E56F34843BBB988CBA15E7C683518C7446DD153B6602291EF42830A9E20C2726B58D6253AF7EBF31E6B45C501C835E506DA544DE0E06D25E21EC4B
Malicious:	false
Preview:	2021/01/13-19:57:09.939 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/01/13-19:57:09.955 1a3c Recovering log #3.2021/01/13-19:57:09.956 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.285561347422506
Encrypted:	false
SSDEEP:	6:m22t+q2Pwkn23iKKdKusNpqz4rRIFUtpd35ZmwPdtVkwOwkn23iKKdKusNpqz4qG:lvYf5KkmiuFUtp3/PR5Jf5Kkm2J
MD5:	9F34BC5EAE3FF05B4F1821D968390BB2
SHA1:	8CC2D145353DDE698C50D15D8EF082B0E17978CF
SHA-256:	23C9E52BE888E1F6ABB42B191D9E6296F2BF2BB02E248209B862B0D54B1F3734
SHA-512:	F5B7726FF590A77DE6E03E5AF11E55453515C3B19C89E1ED9177300B15206B514323C870EA63E08150B3EE32D4499E0367F43A98F7EFE8C589360356F859F297
Malicious:	false
Preview:	2021/01/13-19:57:09.978 18d8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/01/13-19:57:09.979 18d8 Recovering log #3.2021/01/13-19:57:09.980 18d8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.256954122918816
Encrypted:	false
SSDEEP:	6:m2rTYVq2Pwkn23iKKdKusNpZQMxIFUtpdRtgZmwPdRtIkwOwkn23iKKdKusNpZQq:NYVvYf5KkMFUtpbtg/PbtI5Jf5KkTJ
MD5:	C75E417B359D9F2AF575C9D2D08A0027
SHA1:	E141707FEF81693623E5EF944818946E5B8F0AA0
SHA-256:	6BF9F7ECF101556C827AA0DA6D4C12EFEA63DBBD7296BB5D8FCCD9B2ED7D57A6
SHA-512:	79488F3BD4D3E521F9628B30C79C005CC0AB82448CC71E1D19016FBAC6423F710864F5F286DA73E22B190F0369E2029516A1940BB2DD6AEDCB1C593C8DD8CAA2
Malicious:	false
Preview:	2021/01/13-19:57:25.991 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/01/13-19:57:25.992 1b60 Recovering log #3.2021/01/13-19:57:25.992 1b60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ea1248e2-0a9f-4741-8e90-d8c262f479e6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.971623449303805
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5p7DHJShsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdHfHYhsBdLJlyH7E4f3K33y
MD5:	8CA9278965B437DFC789E755E4C61B82
SHA1:	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6
SHA-256:	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
SHA-512:	3065FE0743AD88E02F8C8FF6CF03B832B616DD08061EAE25A5106422228D45EB999EE2CBE4E9C96D5FFC108CB817766240E27BF97E3E5C2A58081D369E2968F8
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248516514667526","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\20e2898a-d285-4d9f-8d10-b7e7f4aba100.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.9616384877719995
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5pirhsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdHirhsBdLJlyH7E4f3K33y
MD5:	B0429187E1BE99DE4D548DC5B2EDEA0A
SHA1:	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6
SHA-256:	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
SHA-512:	233F7BDAA848A295E9F58CA52761829FE1044DA1DE1FBCAC407FADC8C7ABA1E4FFD7CA7A4FBE649E83FD1815DC2E3619ACB2A22CE5B2C7241E474CDB9AF2F7ED
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248516523181804","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.218920646299779
Encrypted:	false
SSDEEP:	12:fbjvYf5KkkGHArBFUtpPbC/PPbg5Jf5KkkGHAryJ:f/Yf5KkkGgPg9sOJf5KkkGga
MD5:	54C620F2A4DB8D8F05A48BC445210DCF
SHA1:	67A55668F5766F0FECE161D6906186E224450CA5
SHA-256:	5938A55A3320EC541BBEFA514CB5240504A2DC70DF9A66FA3B3A63E51C80DB38
SHA-512:	DD36C326C4CC1C452443D74137AA2FDF6B66F509996DA943CE6B11A631F36A59D3E05D382E6EFE56122A60A05091501B7F83F83FCB1365EDC84741AD93AAF70B
Malicious:	false
Preview:	2021/01/13-19:57:17.300 18d8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/01/13-19:57:17.304 18d8 Recovering log #3.2021/01/13-19:57:17.306 18d8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.237514656099211
Encrypted:	false
SSDEEP:	12:fbFVvYf5KkkGHArqiuFUtpPbeSg/PPbDI5Jf5KkkGHArq2J:fzYf5KkkGgCg9Kv6Jf5KkkGg7
MD5:	D856CAE160924FFB8AC9DDAB9B5EA365
SHA1:	8BE2BED170EA5781E1A4C3D4502866467B01EFB7
SHA-256:	0B75ADE66B2496721609628A6B4EA54E5BD8A004919AE5C09149618D8D38ACA6
SHA-512:	65FD1B975205AF67C68FCB32C062285F40B30680E162DC453D11864A7D338B9A2F53CE29E71F89BB573997D04278CFD9BCFA174135F1D6EE4CCF0F3581AA66A1
Malicious:	false
Preview:	2021/01/13-19:57:17.300 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/01/13-19:57:17.304 1b60 Recovering log #3.2021/01/13-19:57:17.306 1b60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.229890663267649
Encrypted:	false
SSDEEP:	12:J7vYf5KkkGHArAFUtpP/PCdR5Jf5KkkGHArfJ:RYf5KkkGgkgWJf5KkkGgV
MD5:	C280E1D271D78389527E08CF6020C8BB
SHA1:	67E35FA3DC7145ACC392CFD26B30ADD583F3B661
SHA-256:	ED75EAC5C69616C646A08DFFA83255346227359F7D5760D6ED532B518088A50F
SHA-512:	77F37305A9CB30CDCFC29BBEE266ED1641078740A44839EC40AC8216107613C8D127B4F5B0365F8F4BD44FF9887774726642B35609230E0A793875A7931DD63B
Malicious:	false
Preview:	2021/01/13-19:57:32.604 18d8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/01/13-19:57:32.605 18d8 Recovering log #3.2021/01/13-19:57:32.606 18d8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.232029616662475
Encrypted:	false
SSDEEP:	6:m2Oyq2Pwkn23iKKdKpIFUtpdHSjz1ZmwPdfRkwOwkn23iKKdKa/WLJ:YyvYf5KkmFUtpBS9/PRR5Jf5KkaUJ
MD5:	CCC9DABD2EE958F2883049A3CC170D44
SHA1:	E806EB45E830A82B1252560F10B8BC0EBDA86388
SHA-256:	8995CAF86488882E0AD0BC3EBAC8C7B37E95030723C858914F1739F6BFF8269A
SHA-512:	B658E162ABEBAC26E4E99D74A8139168961B738FB065D7980BAB320F20BCD06627148D9204CADEF569A9BF087E86F07062C4AA86F29783B83342018DFA3ED192
Malicious:	false
Preview:	2021/01/13-19:57:09.695 1a74 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/01/13-19:57:09.699 1a74 Recovering log #3.2021/01/13-19:57:09.700 1a74 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.292080863211712
Encrypted:	false
SSDEEP:	12:fYtVvYf5KkkOrsFUtpPjg/PPgI5Jf5KkkOrzJ:fYPYf5Kk+g9C1Jf5Kkn
MD5:	05E6275292AE1469224A0463F630E615
SHA1:	919E4FC59C310AAB8344ABD47D62929F04F18124
SHA-256:	7711534E65C770DFCBC0278E7F1808B48F2261EF1ECA53921219ADEC9967A7EB
SHA-512:	548C18FACED4EC16F17BF150E82AA7EC137AACFE0DC3B9F4A8A2C4604E968F6772DB9BA6438556A28EC3607DBA53E5E701F74A6E1C9F58E73E7B9EE2619A5C79
Malicious:	false
Preview:	2021/01/13-19:57:18.300 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/01/13-19:57:18.301 1b60 Recovering log #3.2021/01/13-19:57:18.302 1b60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:LiiT:LiiT
MD5:	60288A8FBC998E11DAE7122A566CE849
SHA1:	425D908D7D7EB222AF1F2930F51D3871203CA01E
SHA-256:	C655942BA868C37176ACF8B37FF3EF63A3A5ABD878E1D0753B5882A341036D37
SHA-512:	0635F931CF58B44C6F8410AD4E970606EA5E19A104032A27426F4FBB1669B5EE305681474677E2303156B560C8C41D12783BC382766E7C2F022364E109F4D34B
Malicious:	false
Preview:	....o.....s1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c44fee25-0092-40ac-a9da-5f73eae89e17.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5677
Entropy (8bit):	5.171822830999456
Encrypted:	false
SSDEEP:	96:nIVE4/ljJfTIIVb5k0JCKL8hkoz1BGbOTlVuHn:nI24/ljJUIth4KmkM+
MD5:	A2E3AAC6A7137017F6A90402B36F9C15
SHA1:	855C7766382391667C1A706EDA11EF0A35706E03
SHA-256:	75DD9F8EA0C50441A5C9C25B9E51E8E2353A566815AEB3FCF157B48FFF991978
SHA-512:	5617D0E4B88ADF07170CA3303ABFA1943C202E6FD9355A3DF9827B6906181C4BB69EBE76FAF1F8F676430F55F2E6BDE6D4B7FDD0C221B35EE5DA15768536D77F
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13255037829929298","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245924509391818","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"bookmark_bar":{"show_on_all_tabs":false},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","2042016"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.586095951321899
Encrypted:	false
SSDEEP:	3:tUK7S8gCwgZmwv3dS8kJOjV8sdS8lcu8SjWGv:m21gCZZmwPd1kJOjVvd1GQjtv
MD5:	E9652DF90911CB325E2B92BEB493C9F3
SHA1:	8AF1DFF28200DA285389754649ED2A69B59271C9
SHA-256:	064825EA0951108A68191B4E90ECCF6155B20907DC968163DE955EDEDF49A5FC
SHA-512:	9E1C7AFF0A2260C02293B61DA34F5C0841262D881EA523BBF302E94A22683FC529E6ECDD6B39309F7E2B6C53075C074B068357425CD5AE54B6850AC38E40979A
Malicious:	false
Preview:	2021/01/13-19:57:16.504 1b9c Recovering log #3.2021/01/13-19:57:16.546 1b9c Delete type=0 #3.2021/01/13-19:57:16.559 1b9c Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3473
Entropy (8bit):	4.884843136744451
Encrypted:	false
SSDEEP:	96:6FGX0G70GhIGpyGzRDYLiEHYDBKGzUGaCGjHGESHG/OG6mhM:6Fe0i0sIIyGzRDYLiEHYDBKSUpCQHrSP
MD5:	494384A177157C36E9017D1FFB39F0BF
SHA1:	CE5D9754A70CD84CEE77C9180DB92C69715BE105
SHA-256:	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
SHA-512:	BFB80EEC0C0B5D9E487047703BE49826321A4D249422E0C81E978E6C8A310F41C7B4B8F849229BA87484FDF4831DD6A98FF994D0FDA5CE3D341CE615C15F2F1C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607497410","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":27387},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607334226","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34287},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607463627","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31787},"server":"https://fonts.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248516607318875","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":23359},"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa91f3b9-9420-45a4-80ce-8851f76db981.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	21284
Entropy (8bit):	5.553102887195646
Encrypted:	false
SSDEEP:	384:UytULltBXl1kXqKf/pUZNCgVLH2HfDDrU+HG4nZeM0Tki4j:WLlbl1kXqKf/pUZNCgVLH2Hf/rUuG4nN
MD5:	DFBE0B32D20DD25BCACE8867617E9DD1
SHA1:	BE40B1E9B411097371BE60E7D9B0B8124DA4F3C2
SHA-256:	C1EF739E6CD2545A637F182E6EDD5D509B8D81588567BD65AB44855E27D673B0
SHA-512:	51B5BE2F9B0D580EA3F517ABBCE3E32E7E2862ABF79BBA2FA35B2AB7917E9889A3BF13B4711D1EEB62FA7A0243AD6A619E6C49E23F96A2CAF0BB08C1A1D74F86
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13255037829691839","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.215485156368001
Encrypted:	false
SSDEEP:	6:m217Er3+q2Pwkn23iKKdKfrzAdIFUtpd1YeZmwPd1YaVkwOwkn23iKKdKfrzILJ:fIrOvYf5Kk9FUtpPYe/PPYS5Jf5Kk2J
MD5:	61BFF6D517742FECABDE63DA863D4D18
SHA1:	557C8E15A2ACA3223D866DA93947C4D59D6E0A54
SHA-256:	888457A8E2539BBC69F89AB8726D945267ECEE403089621D855349EFA7CF9B44
SHA-512:	017ADE71FC82FC6145E19D9DD2F2288614BAA3D0A8E09B68CF6904C0D1A82BA18764C764883394EA170A1B895109296C5098B79FB1C0FBC16DF7E9AE08E95653
Malicious:	false
Preview:	2021/01/13-19:57:17.038 18d8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/01/13-19:57:17.039 18d8 Recovering log #3.2021/01/13-19:57:17.039 18d8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.45488079341118026
Encrypted:	false
SSDEEP:	3:8EflfdZt:86Zt
MD5:	BECC8AF52787485C5950666505411533
SHA1:	DFB6FF2E7E83FD5F5259EF4DF59E583DEFD6EA57
SHA-256:	182946A1252CF3A9CDB46C58015F8093F689B9569BA2D93E56FB104E3378F5E7
SHA-512:	AC3BC7BF4E1698DCF9D3B45893B52371E85D20810204F73559EDD70F549EB148829404D6E4D867866B4947DF9F528AA4D0FDE542E010BA4592E87621E0835F26
Malicious:	false
Preview:	.'..(.......................................................................................................................................................................................................................................................................b./.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.18.0\Indexing in Progress Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Preview:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir1380_2128720777\Ruleset Data Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	235624
Entropy (8bit):	4.967847153665615
Encrypted:	false
SSDEEP:	3072:EtV4WVaR1c58AVLz5LTmUbHqrzpxmHBoET2N42aq5tETVoQ6MGnr9/ipKiao5u9V:WL8IVZT2+85tThEKl
MD5:	4AFE0BFD28E65161E164F53178A96836
SHA1:	498E6448FAC9E2901F65124C8A3D79077B5256BF
SHA-256:	3F8EA1BE3A593F8309C89B6A59249EFF593EF90911FED8205D9C964594BC112B
SHA-512:	1FD7BC2FC2114A9D1CA79CFD730D19BEF72159D54DBF962D6E3BFDB39F7F2E13833B236C6C9B8A5C9AABD7822820E42D28C9E7310F98CD74C2F371C75D1CF975
Malicious:	false
Preview:	....................................<)...................... ...................`...D...................\|.......t...p.......h...d...`...............t...L...T...8...@...<...8...4.......,...(...p.......uocca........I..........ozama........`..........0iupb.......@...........g.bat..................onwod..................ennab.......`...........nozam...................geips.......\|...0.......rekoj...........H.......lgoog........q..`.......uotpo.......D...........lreko...............t....+......................t...................l...P...........,...................................................h.......H.......\|...$...t...p...l...h.......`.......X.......P.......\|...D...@...<...8...4...L...,...,...$... ...............................................d.......D...............................................................................................l...........\|...x...@...p... ...............\.......T...P.......H...h...L...0...8.......0...,...(...$... ...................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\a53bfe15-510a-4783-8735-83614c03a371.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	163454
Entropy (8bit):	6.082179130377004
Encrypted:	false
SSDEEP:	3072:776mDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:P6mS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	140AA937B4CA245ADCD06B817C7F5CE6
SHA1:	BA8504AE9A1F90DCC6900D12300C694B7BBFC835
SHA-256:	48A93F014C3B30987A18C63896390EE5CDD8DC61E0138945C69475D7C5FC69C5
SHA-512:	B76E575B0F338194B914E9BB05EBE1C05A6FD4F028E89F6286DF229D6781389E5EF985272D954FE0F70EC7A787C47094C249D216972D110B88537C2E3C09976E
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\a85084f5-fe15-4d9b-8431-bdec6b2b0a77.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155345
Entropy (8bit):	6.052779565670842
Encrypted:	false
SSDEEP:	3072:fmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:fmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	5078B3BC93D15F7585964BDE9CC038C5
SHA1:	F81AFA3BEF93E41A23C26C7DC3846A4900A8DFC0
SHA-256:	BC6CC87F6A4DD8B31DC6A46DE172618733306495351AE362E57082261CFE28D3
SHA-512:	7E98DF64FEF724A1EC94BDC24CF911548A113C8E23368D1D586385ADC8ACF67731A7AE65CB4C1F7BA2B47042FD81EDF3D2E019A55DFA074738E4052540523CC8
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\b8b4bedb-dcae-4f37-b100-d8f672b30c59.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	163454
Entropy (8bit):	6.082179130377004
Encrypted:	false
SSDEEP:	3072:776mDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:P6mS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	140AA937B4CA245ADCD06B817C7F5CE6
SHA1:	BA8504AE9A1F90DCC6900D12300C694B7BBFC835
SHA-256:	48A93F014C3B30987A18C63896390EE5CDD8DC61E0138945C69475D7C5FC69C5
SHA-512:	B76E575B0F338194B914E9BB05EBE1C05A6FD4F028E89F6286DF229D6781389E5EF985272D954FE0F70EC7A787C47094C249D216972D110B88537C2E3C09976E
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715401452"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\d79b57a5-124b-4867-9ec0-2946e4bc40a5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155878
Entropy (8bit):	6.054015919858231
Encrypted:	false
SSDEEP:	3072:JmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:JmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	49488344BE355D944DE62282522DA517
SHA1:	499CE90BC9688203DCCB938A5D62B40722099CD5
SHA-256:	AE809E2456165EA9E6FE9868851442C380207B85694FD96C149D8A4FDE7725D6
SHA-512:	5912A6AC7C7B41F15F677FA89037A0B579E5702AB7FA37E82B1A21652AAE1922FDA1CC891B5437F8514B8DF09F28C25A84E36C22CF875AE34541991E4387DD1C
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\df951774-713f-4ed2-a238-1938e7fec817.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155261
Entropy (8bit):	6.0526205098747905
Encrypted:	false
SSDEEP:	3072:/mDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:/mS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	94A80492FDE7A7AE1A183FF7B1CD3D47
SHA1:	34ABFD38DC580773E80CB7DD50AAEF6D329F51D8
SHA-256:	B4C9E912C9311B3ABA2F5DBE8D0C64B6162E7E76AAAC99BB99FB1AF170350D2C
SHA-512:	2A8BDB9021CE82BA83E3B1636B3C685CC01E7E53FBC0F70102232988AB8D2532F5D08D1A555718416F4D4F9CDF4228D3B4642DDDB388EA6CD164A4FDC2779DF3
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Google\Chrome\User Data\f1518fdb-9dbc-4a48-aa35-2ffa77485d5a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	155520
Entropy (8bit):	6.053197136885523
Encrypted:	false
SSDEEP:	3072:vmDob5uDsLHduf5+wcXg1rDphQubFcbXafIB0u1GOJmA3iuR6:vmS5B8+wcw1fph3ZaqfIlUOoSiuR6
MD5:	CF774045CC703F630C1C61F9062850A8
SHA1:	4345D4C33FF7289C12CD6CB1845BE7AB2365CFA6
SHA-256:	B7D32B90B7B4FD3B0267BDE05521E167E5427D53CF5E736D0486DBEEAD6FB769
SHA-512:	F6488191A11D1E8A1D4E64010AF3F33C29BF79292EBB68CE503077FF699D7529DB5278B5475B77CB7679EED6108771C9008CFD332D2D64FA5814FF778A1D51A8
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en-GB"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.610564232708628e+12,"network":1.610564235e+12,"ticks":386116104.0,"uncertainty":4769035.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABaHlwIoHYlQKZwuwW8V0yxAAAAAAIAAAAAABBmAAAAAQAAIAAAAOT4j8Zm9U1zXX6oEUpPqIYBIjSlOiLGeiMKiIFJZDroAAAAAA6AAAAAAgAAIAAAAFW1OavBhyV7qwszPZbindD+KU2Osh5O7HSmDPpFnuCDMAAAAGEkmqbufgFUSmOzx4cW7Aup7spqps4DvqbPrwRgUGqSpRZvQkbO+yVH56WF9zMTt0AAAAAyRwtYxjf7/AqYrFr0JZ6kbTiUt0/2PKkCw7ntLtbN2qrad7I3MeL4iNGDFgqRlhWgsb/6w0gJzQxAfL6rdzxi"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715737597"},"plugins":{"metadata":{"adobe-flash-player":{"d

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\24mbw17feyn.typeform[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	556022
Entropy (8bit):	5.120404322129339
Encrypted:	false
SSDEEP:	1536:e1osomouc67aSlwSl4m4gSeYNXihXimxOpZOppuK:e1osomouc67aSlwSl4QOpZOppF
MD5:	38E39974162A294174AA3B8A0A02C693
SHA1:	BEAFDD35FAD706979FAD67702A4AAE75C4D18DDD
SHA-256:	265565282DF7E93A53C33CAAC0B290D6333A481792E3221C6AC1F31B9989F522
SHA-512:	86B2C384C0C99C1F800E5CC53A60A8ED2A047F0CF69A610059C4B6C504A2F9FE054C3B9F6D9EFCE0B186217998A0B98546D1340424FEB0FC45281744B8EC6887
Malicious:	false
Preview:	<root></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15" ltime="3770267456" htime="30861789" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15" ltime="3770267456" htime="30861789" /><item name="726027bd-0870-4243-9274-5888bc653386" value="test_value" ltime="3773947456" htime="30861789" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15" ltime="3770267456" htime="30861789" /><item name="debug" value="undefined" ltime="3773947456" htime="30861789" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15" ltime="3770267456" htime="30861789" /><item name="debug" value="undefined" ltime="3774097456" htime="30861789" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15" ltime="3770267456" htime="30861789" /><item name="debug" value="undefined" ltime="3774147456" htime="30861789" /></root><root><item name="ZlFRrg5s-visitorId" value="ZlFRrg5s-1610564222129-15

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BFCE4E7-55D1-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24664
Entropy (8bit):	1.797396514993542
Encrypted:	false
SSDEEP:	96:rnZkZMv2MXO9WMXFYtMXFlEifMXFl0cLFzMMXFYp0K9BMXFYrA0NX/:rnZkZ2299WTtdifwLFzMr9BXX/
MD5:	01678934A2480446FEED73AFE7727D4D
SHA1:	23B4CE50F097030E32B6321D8EA15A95ADCF800E
SHA-256:	A64A40E26E707F78F2BAE3218067395E84A496DFBC5FAD6350A3142ECC0D7009
SHA-512:	1FB973C2BFCDED18864B2AF7466FC673E5DC18AA1321D2751952BDA490B15B6EBE0022747C213D4E01731CFC91063588C2E01202F14CF8C2B080F0D860F3D16A
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BFCE4E9-55D1-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27562
Entropy (8bit):	1.796865759957125
Encrypted:	false
SSDEEP:	48:Iw5GcprEGwpasG4pQcGrapbSJrGQpBmGHHpcYsTGUp8DGzYpmVGYGop9vrjUSGKQ:rfZ8Qs6aBSJFjl2YkWZMsYTxYtUUtRvr
MD5:	2850A28811C902F799598A29E129ECA2
SHA1:	9367DEF5CB754567CBD32BF1DB1CAD6D977F81BB
SHA-256:	41D20F8E3C4515BDB2E9503612776A607A21DB536E6FE218020B3128F949875E
SHA-512:	2D5DB3D866D5B705B8F8A7F1EE5AD045A7A636C8FE07F3A94DDC57744848251F9644823EE14258B0E1F14011FCB5318FFF01ADA35A3A2ACF722A429FC3954BA8
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.083177779903434
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEMTM3TMf4nWimI002EtM3MHdNMNxOEMTM3TMf4nWimI00OYGVbkEtMb:2d6NxOYSZHKd6NxOYSZ7YLb
MD5:	65A4F252B81D4D412D0E29964730845E
SHA1:	C57465253B051201FF6AA16864FDF53F65264D05
SHA-256:	C0D419EBD90D57BC00982D616FC95D068B1A8D4E26CDF4D5518EEA7E1F08F295
SHA-512:	C7C82539AA2DE0ACD3F5A87EEF2D8F1B7D1E6C2F306BE6B76EED9275C02E2590E06BB6A800D757C46FC3CC6DFAF2DF151CAB6A0785E9B65C63F3759C56CE38C6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.111262948976466
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kMIdob3Idobf4nWimI002EtM3MHdNMNxe2kMIdob3Idobf4nWimI0N:2d6NxrNbESZHKd6NxrNbESZ7Yza7b
MD5:	ABC14A6277D9E2F128BE33B1B653233E
SHA1:	EF4E7A7AFAF4A082606F0153B9F3F20D2CEC14A8
SHA-256:	7852DC408BB80D14F68855FF7B11541ECD0C9FC5152CF3C87C20B581DBAEC90F
SHA-512:	5792C4183172E982BF61788D82C68F639AA57A88FDB74ABD65B9A5489891033B7EEE5DACD4E9FAD9C91742B1656ED8B189CCFB96CA8289D3C2497110AE59E323
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xf222bf1d,0x01d6e9dd</date><accdate>0xf222bf1d,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xf222bf1d,0x01d6e9dd</date><accdate>0xf222bf1d,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.117438252751737
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLMTM3TMf4nWimI002EtM3MHdNMNxvLMTM3WZf4nWimI00OYGmZEtMb:2d6NxvdSZHKd6NxvWaSZ7Yjb
MD5:	AA025CB22444345D201A9021D648BCD0
SHA1:	0A382E08CAB5408D84CF17901B81EFF6206F0341
SHA-256:	13AFD14558A898B9789F3ADAEEC8E893D3BB2F83AB967A7A5B505907792E6D89
SHA-512:	EB6F71C09ED1C053F2166E7277BCA95B64AA2637E83489949342D5C460F7B42DDDBB228973895EE30AAB4335A87AE59D5E2976B0A284B7E9D64617AD378F2870
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf22c4865,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.124378000536005
Encrypted:	false
SSDEEP:	12:TMHdNMNxiMCu3Cuf4nWimI002EtM3MHdNMNxiMCu3Cuf4nWimI00OYGd5EtMb:2d6NxMSZHKd6NxMSZ7YEjb
MD5:	75BFAD6A717953053819667459780B98
SHA1:	0CD72186C60BB4570E4AC0EE3535281F446F89D7
SHA-256:	85CDEA41E01348AF47FACEFDFDBC922DBB6ADBB2ACAEC658FF4AA27F0DC0942C
SHA-512:	59033240283E1D9324B1EFADC9E1CA2F70AFE05119D5A7F53C1BA8FF542A1B3DBAB4257AC6421F76605718175D07C15ABA91DADBDBC9226C55EDFEAC76302810
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xf227841e,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xf227841e,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.158631458753014
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwMWZ3WZf4nWimI002EtM3MHdNMNxhGwMWZ3WZf4nWimI00OYG8K07/:2d6NxQssaSZHKd6NxQssaSZ7YrKajb
MD5:	FE8D21E8AA20125EB9A689267065255B
SHA1:	0B6399C8A7D3BCAF38510385749D4A091BA790E5
SHA-256:	2A7D1808D412DA6C828A0FADA7E2D9EFCB8D38005CC9BF5F1113801B45F1A9D5
SHA-512:	EEA6F6073AD1D773A1DC7B6467E76E0F078CA425762C743DBD7B882145054A68A4A1822F9DEFDCB3C118CBA4AAA64614BE0E68132C89AD76EDC1C26A551A4DC5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf22c4865,0x01d6e9dd</date><accdate>0xf22c4865,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf22c4865,0x01d6e9dd</date><accdate>0xf22c4865,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.082204361383375
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nMTM3TMf4nWimI002EtM3MHdNMNx0nMTM3TMf4nWimI00OYGxEtMb:2d6Nx0RSZHKd6Nx0RSZ7Ygb
MD5:	1AB6BCD1780635F7F204124BD0A9AA0D
SHA1:	183AEDA06DB77CC5827C6241703D42B3EA287846
SHA-256:	5EB7096F9D582D5D925ABA8B44A3204290E540C3B073CD403198F818FE31351A
SHA-512:	B13BA006D3BE3E109BC7B8BA60900FC9E125EAAD3480D5DCF1B8277064AED310C7F06D7967001EFD241084128984531FF9928E3ABEEFAF3B6A4A75C4FF83DFFF
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.122813059231228
Encrypted:	false
SSDEEP:	12:TMHdNMNxxMTM3TMf4nWimI002EtM3MHdNMNxxMTM3TMf4nWimI00OYG6Kq5EtMb:2d6NxjSZHKd6NxjSZ7Yhb
MD5:	C95E0C206CE42C95F90AE12E5433EA61
SHA1:	642A2ECA48CBCC0393FF3ADA907B04AA0769BA17
SHA-256:	1FF8AC8F586BE1440ADA3C614FCD063B8AA5FD071AE853A287C845CBFCC6BAFB
SHA-512:	331C554F9FEB718809FCDC875DF0FA814985A634F9525F24249E3DA558C5FB2390825852F4A678D1FB655CA4E598E5F939413760F33F7DB99DD309EF0CC2B0AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xf229e69a,0x01d6e9dd</date><accdate>0xf229e69a,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.141195497106501
Encrypted:	false
SSDEEP:	12:TMHdNMNxcMk+Bb3k+Bbf4nWimI002EtM3MHdNMNxcMk+Bb3Cuf4nWimI00OYGVEs:2d6Nxm+BI+BESZHKd6Nxm+BwSZ7Ykb
MD5:	E6E218CE78CDE545DC3BC33A67A42F3F
SHA1:	9FA933C2CA10D1C4E8DEE3DE2953910FDE10AC55
SHA-256:	C292EAD76FA9D7716B79FA3A3D90C4A23E94328C3AD1DD7F189021242F68E268
SHA-512:	E84727166147CAB8899D52E9D471C1A81DE101EDC58D2B00B4CF7CF62965294916564C347CDE5D527AD17CEA1A95B8B0F58FEF5C75A1B974599C4D2763480499
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf2252194,0x01d6e9dd</date><accdate>0xf2252194,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf2252194,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.109583520502064
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnMCu3Cuf4nWimI002EtM3MHdNMNxfnMCu3Cuf4nWimI00OYGe5EtMb:2d6NxrSZHKd6NxrSZ7YLjb
MD5:	CFA1CC63FE923839FE4ED3A72655F492
SHA1:	DB2B33907BB8FF47F75E9712D17FEC63DEA8A158
SHA-256:	1F8E4D157BC3ADAE220B6D14F55A8A896947D8577471600F1C61F621B301A5D9
SHA-512:	071DD3ED022B101FB5EFEFB38260C3A8DB184844913185CD37C422A0AF38267D31B3A8C5F731F2A6613E0E14817EA6AAFEE7CB20F4300515D98B0D824FE26BA5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xf227841e,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xf227841e,0x01d6e9dd</date><accdate>0xf227841e,0x01d6e9dd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1241
Entropy (8bit):	7.240666522533137
Encrypted:	false
SSDEEP:	24:Yt4/pSym4kMz0v9Pb0B8EkKHUNnVqKy19szgpzGEMAp02Eflu:YUx0v9PoQ5VqKwspEeM
MD5:	614AD03D781DD25AE49207B9F4DD7975
SHA1:	272A05DB0135113D8FF2032F926C376E4C48CE80
SHA-256:	4D243A69364E3A7C63970716E227AD23F4BC395326EBAED837391AAE7D632AD5
SHA-512:	692FC6C8390505F1A65C2404CCBD3343BDB39B2B7C27FE257FCC1587A96B395F70026A44642C4F9158869630B6688B1437FC75D98834C229AAECAC408D7727DD
Malicious:	false
Preview:	C.h.t.t.p.s.:././.p.u.b.l.i.c.-.a.s.s.e.t.s...t.y.p.e.f.o.r.m...c.o.m./.p.u.b.l.i.c./.f.a.v.i.c.o.n./.f.a.v.i.c.o.n.-.3.2.x.3.2...p.n.g.-....PNG........IHDR... ... ......s......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........tIME.......-......IDATH..MhTW...sn.5L..7!F..I...F..UQhT...........R(..jA..`Q....... IKM..A.I.Q'?..;o...t2If.~..x.{....C...2..P..C.>~..!0L......I...=\.W.-."I.K.H,r...V..!.v9Z?.ze..>.Ry.N..Jm..?....b..~..*..+O.i.).2}....1.BY.....L.(.aM.....?...f ..._.X...T.Z.f..S.{.#..{...Op.Y.87..X.9...[.,.$..Z\|oV{..c.\|#_c.. ....!.0..t.gs...X{c..6G.X.9....".e.........u4.",...G9'.NqN.....`..._..p.K[5..%.:0.7...zSh.7Q.........../L.2..2.x.Qj.....9 .$-.e88... ..G.YF.G....b.C.[%.u..c...q#.6..5....<...-...`.;..7..0....S.~.2....[...\|...:-.`....;..p.O....Z` .....>.4\|"\|........P}._...C.U....HX.5t.3..SH...R{U..^BV.=.m.vW.....>..i....oM.g...\}....v.j.n...'Z:..j...TP!U.NM.}..&.=x'3.B...w>..GE..8.....[r.9C/...d;.PH....3.m....[._ ......

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4DE5721-EBA8-4504-8FEE-A00A3563C20B Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	132942
Entropy (8bit):	5.372921080913601
Encrypted:	false
SSDEEP:	1536:7cQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:/rQ9DQW+zBX8P
MD5:	A8AE2B107E366363B2D7A91D4F1ADECA
SHA1:	62BD79FE45815E525BEF9AA6D0BF200C60169666
SHA-256:	AEAE10DE26021C5463958EAACA03CDA312D20221AA875CC09008CB350DE89AC4
SHA-512:	3957155F298CF5A75DA221079B6756D85DC8C73A086D71FE82B41F64275F68502007F86F6EC7E5E6B87257DB5100D57ECE9758D622548ECCDC09F2876FAB2570
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-01-13T18:56:04">.. Build: 16.0.13710.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B4F4C909.jpeg Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 816x1056, frames 3
Category:	dropped
Size (bytes):	65057
Entropy (8bit):	7.714453186203319
Encrypted:	false
SSDEEP:	768:WbZakMgV6yb0BGmdBGAUx3BZP3tUL4dbsaPaVOZIBeSGrS0GUysJEWznmkXHGdhc:WQbgQywBGmkla+bsaCaWyVvXmkXwhH8
MD5:	89776C76604B8117DFD73CA3604286AB
SHA1:	097D88821166432D9C8EF52CF807353BCC34952F
SHA-256:	5F43444269E5E9E7D1B94660AD93B9CCFED6622A1D415BDE414D478526A3F5D2
SHA-512:	68C2826235479DC52C10A6EAF078BA3FA0D77120517D608A69349258F5C3646382431CCDA4AEEBCA1026EE877AE180F06E44E6FDD6888681C660D053EA3427BA
Malicious:	false
Preview:	......JFIF.....`.`.....C....................................................................C....................................................................... .0.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\LnkQ4hGmxTTD[1].png Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	PNG image data, 131 x 109, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	11245
Entropy (8bit):	7.975358433194237
Encrypted:	false
SSDEEP:	192:mbz+31SP85NJJDasl02Sj6cPXana59Wh50KH83Yh7Ewnp4Un5To75yhoEbN:ONIlSB/aabCeHSEwnp4UnpoFhEbN
MD5:	9936A0F33BBE88F448A1E166B8CCD4A9
SHA1:	EBBE8544383B73EB0C8BA6733B3588F7781B5B23
SHA-256:	B0CF2B3D20750F69559365B1926CA243502BE1E58EFBCB45E8315C943BE1BCDF
SHA-512:	58BD2ECF7E1DADBC96DF63B01595C5B8E5E9301B5AC55645B6F36C4B831F39E89375476076CCCC20204B53960C153FBF1103710A74DC41EEBC23C5ABAD5814F0
Malicious:	false
IE Cache URL:	https://images.typeform.com/images/LnkQ4hGmxTTD
Preview:	.PNG........IHDR.......m..........+.IDATx..].x.U.^.H.d..f..l(b.......`......)...g..SJ...M.....bGQ." .;...M#$.......L.....s.Mvgvg.{.{.s.....V.....'.YR.s..?-e..V..t.......SE0..%...V..e............-.....r.[..=_..W......(.g..KC.....[...8.X..;`S .U..=.('.....S,..Z..Gq...........,..W...p._...o.?.>....c....?..........A....Q..].s....+..^..NOj..Y....%..3.&.n.......b..0...B.......!$G..rN....+.r..tL...M.(.{XY...F6....]RY....Y..XS=9$..k...k....$........S0.'c.~.....\|.z......A..)..._.#..QN....&.........P.U8..%.vM+....B..1.?..UP.....3..f......J.@.h....xc$..5...a>~....1..&.v^... ....f....5.C3.g.).c.#...\|_J........Z.jWO.f...9w.q...o(...&i%L....#V.\|.,..4M@.W..ZQ`.P..T.........5K...w..}.Jsj.ZR.W`x.f.3.\....C.J..*R...g..S2.qx...&N.yr.B...0..'......,....`:0A..%.\.A^%fa........y}.+..6i..fx..d..8..).e@..Uk.}...S..M8..}.:.Qk..K.S...[...H.T.Bh..i..\'..%..$Q..W....eI.....ru.._....ySy..t..ZR..b.V.:.M.........`:.9.L[.V...Mu...U.7X.....3.G..9......Z....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	124165
Entropy (8bit):	5.380626761533168
Encrypted:	false
SSDEEP:	1536:ZsWqzpZaX8ynI1Z4tG81pMH/+eA/7D5GccKppVCJ05S+obEIChnLd71UDWfeiynz:ZsWm3mIup7eDFnQyV8kAhvzwqy
MD5:	92BFEB5A4D6E58793D2F220ED20BC99A
SHA1:	C40D4F3B5C3F9E1EE3F70C2B36D4575F4169C49D
SHA-256:	BCC18DE8D008052D6BAD19E7EAF441443387FC0328A235901E3A337402607D7A
SHA-512:	98C15D32265FD0CCB1726C8FF88C568D0023D9C9245E2A07ED8EF23742E6CA48B628CCE2A17D88637C3F6E47C7B4FCADFDAAF4E7EBD41BB62E06DB94C2D9C48B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_25, Description: Yara detected HtmlPhish_25, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm, Author: Joe Security
Preview:	<!DOCTYPE html><html lang="en"><head><title>MlCR0S0FT 0FFlCE 365 - MAlL</title><meta charSet="utf-8"/><meta content="#434032" name="theme-color"/><meta content="width=device-width, initial-scale=1.0, viewport-fit=cover" name="viewport"/><meta content="Turn data collection into an experience with Typeform. Create beautiful online forms, surveys, quizzes, and so much more. Try it for FREE." name="description"/><meta content="ie=edge" http-equiv="x-ua-compatible"/><meta content="yes" name="apple-mobile-web-app-capable"/><meta content="noindex,nofollow" name="robots"/><meta content="no-referrer-when-downgrade" name="referrer"/><meta content="#000000" name="msapplication-TileColor"/><meta content="https://public-assets.typeform.com/public/favicon/browserconfig.xml" name="msapplication-config"/><link href="https://public-assets.typeform.com/public/favicon/apple-touch-icon.png" rel="apple-touch-icon" sizes="180x180"/><link href="https://public-assets.typeform.com/public/favicon/favicon-32x32.

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.657144801353107
TrID:	Excel Microsoft Office Open XML Format document (40004/1) 83.33% ZIP compressed archive (8000/1) 16.67%
File name:	ACH WIRE PAYMENT ADVICE..xlsx
File size:	76184
MD5:	a66a202e970df086cc265cb646127bfb
SHA1:	c8986173e16bb9b0703490afba594ec5eef08a4a
SHA256:	e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
SHA512:	c4abfe1cb7af45bcde87899efc3d07ce1f54395140ce2709b95608113af6c65ea4aa7d4b763b1fdf67599f42502684dfb33db161be6f0a13b81be3cc861f0e52
SSDEEP:	1536:ExGP/kQbgQywBGmkla+bsaCaWyVvXmkXwhHFo:Ec3FgQxFklapal0o
File Content Preview:	PK..........!..0. ............[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	74ecd0d2d6d6d0dc

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:57:01.945244074 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:01.950196981 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:01.985333920 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:01.990267038 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:01.994980097 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:01.995002985 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:01.996292114 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:01.997078896 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.036243916 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.036556005 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.036601067 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.036638021 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.036972046 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.038213968 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.038913965 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.048183918 CET	49774	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.048255920 CET	49775	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.056771994 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.057257891 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.057368994 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.088458061 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.089519024 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.089550018 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.089565992 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.089653969 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.090150118 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.090153933 CET	49775	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.090245008 CET	49774	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.091001987 CET	49775	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.091427088 CET	49774	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.096781969 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097008944 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097095966 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097162008 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097244024 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097615957 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097945929 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097964048 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097975969 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.097991943 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.098830938 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.098998070 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.099304914 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.099333048 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.099446058 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.100228071 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.100713015 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.100738049 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.100749016 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.102133036 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.102153063 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.102957964 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.103485107 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.103504896 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.103893042 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.104924917 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.104944944 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.106297016 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.106327057 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.107686996 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.107712030 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.109082937 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.109106064 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.110481024 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.110503912 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.111385107 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.111681938 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.111871004 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.111892939 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.113295078 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.113315105 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.117671967 CET	49773	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.131009102 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131042004 CET	49772	443	192.168.2.4	143.204.93.100
Jan 13, 2021 19:57:02.131201982 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131469011 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131514072 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131551027 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131767035 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131808996 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.131846905 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.133601904 CET	443	49775	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.133963108 CET	443	49774	143.204.93.16	192.168.2.4
Jan 13, 2021 19:57:02.138771057 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.138814926 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.139405012 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.139451981 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.140975952 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.141058922 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.142184973 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.142251015 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.142313957 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.143661976 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.143726110 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.143805027 CET	443	49772	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.145045996 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.145181894 CET	443	49773	143.204.93.100	192.168.2.4
Jan 13, 2021 19:57:02.145560026 CET	49775	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.145618916 CET	49774	443	192.168.2.4	143.204.93.16
Jan 13, 2021 19:57:02.146405935 CET	443	49773	143.204.93.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:55:53.649373055 CET	64549	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:55:53.697565079 CET	53	64549	8.8.8.8	192.168.2.4
Jan 13, 2021 19:55:54.423237085 CET	63153	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:55:54.471489906 CET	53	63153	8.8.8.8	192.168.2.4
Jan 13, 2021 19:55:55.197417021 CET	52991	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:55:55.245374918 CET	53	52991	8.8.8.8	192.168.2.4
Jan 13, 2021 19:55:56.231842041 CET	53700	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:55:56.280133963 CET	53	53700	8.8.8.8	192.168.2.4
Jan 13, 2021 19:55:57.507110119 CET	51726	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:55:57.555078030 CET	53	51726	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:03.180716038 CET	56794	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:03.237056971 CET	53	56794	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:04.370568037 CET	56534	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:04.428479910 CET	53	56534	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:04.853652954 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:04.920448065 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:05.136054993 CET	56621	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:05.195280075 CET	53	56621	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:05.858222961 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:05.917789936 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:06.664999008 CET	63116	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:06.713028908 CET	53	63116	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:06.874079943 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:06.933280945 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:07.728853941 CET	64078	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:07.788063049 CET	53	64078	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:08.540898085 CET	64801	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:08.588983059 CET	53	64801	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:08.890109062 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:08.949594975 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:09.317264080 CET	61721	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:09.365427017 CET	53	61721	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:10.136734962 CET	51255	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:10.187522888 CET	53	51255	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:10.962363958 CET	61522	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:11.013171911 CET	53	61522	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:12.910037994 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:12.978368998 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:17.388346910 CET	52337	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:17.436357975 CET	53	52337	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:21.269345999 CET	55046	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:21.327352047 CET	53	55046	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:32.491239071 CET	49612	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:32.582590103 CET	53	49612	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:33.087480068 CET	49285	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:33.162543058 CET	53	49285	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:33.715363979 CET	50601	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:33.774905920 CET	53	50601	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:34.187428951 CET	60875	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:34.222404003 CET	56448	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:34.264089108 CET	53	60875	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:34.280540943 CET	53	56448	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:34.698489904 CET	59172	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:34.749470949 CET	53	59172	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:35.280642986 CET	62420	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:35.337203026 CET	53	62420	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:35.907721043 CET	60579	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:35.963994980 CET	53	60579	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:36.819063902 CET	50183	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:36.875318050 CET	53	50183	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:37.685446978 CET	61531	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:37.752275944 CET	53	61531	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:38.205842972 CET	49228	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:38.265520096 CET	53	49228	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:38.830130100 CET	59794	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:38.890402079 CET	53	59794	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:38.987368107 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:39.043530941 CET	53	55916	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:51.584882021 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:51.635878086 CET	53	52752	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:51.778400898 CET	60542	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:51.829031944 CET	53	60542	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:54.135304928 CET	60689	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:54.193242073 CET	53	60689	8.8.8.8	192.168.2.4
Jan 13, 2021 19:56:59.560461998 CET	64206	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:56:59.618521929 CET	53	64206	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:00.812587976 CET	50904	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:00.883234978 CET	53	50904	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:01.878998041 CET	57525	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:01.938256025 CET	53	57525	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:01.965590954 CET	53814	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:02.026602030 CET	53	53814	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:02.604357958 CET	53418	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:02.651340008 CET	62833	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:02.666327000 CET	53	53418	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:02.814868927 CET	53	62833	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:03.402669907 CET	59260	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:03.453533888 CET	53	59260	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:03.458798885 CET	49944	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:03.517788887 CET	53	49944	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:03.905731916 CET	63300	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:03.954035044 CET	53	63300	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:07.741074085 CET	61449	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:07.799051046 CET	53	61449	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:08.636878967 CET	51275	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:08.698694944 CET	53	51275	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:09.358166933 CET	63492	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:09.419701099 CET	53	63492	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:15.312333107 CET	49374	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:15.312705040 CET	50436	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:15.317039967 CET	62605	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:15.318859100 CET	54256	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:15.371676922 CET	53	49374	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:15.373284101 CET	53	62605	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:15.378896952 CET	53	50436	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:15.383116007 CET	53	54256	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:15.855536938 CET	52189	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:15.916912079 CET	53	52189	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:16.025980949 CET	56131	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:16.090059996 CET	53	56131	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:16.326479912 CET	62992	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:16.384850025 CET	53	62992	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:16.449604988 CET	54432	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:16.512203932 CET	53	54432	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:17.231695890 CET	57227	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:17.291009903 CET	53	57227	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:17.378686905 CET	58383	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:17.445513010 CET	53	58383	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:17.563872099 CET	63136	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:17.611526012 CET	53	63136	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:17.629215002 CET	50911	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:17.688252926 CET	53	50911	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:17.945646048 CET	63409	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:18.012594938 CET	53	63409	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:19.430716991 CET	55601	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:19.490242004 CET	53	55601	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:27.810611963 CET	61247	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:27.858624935 CET	53	61247	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:29.562479973 CET	65165	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:29.621833086 CET	53	65165	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:29.864703894 CET	52076	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:29.921340942 CET	53	52076	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:30.334261894 CET	54903	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:30.385005951 CET	53	54903	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:30.560383081 CET	65165	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:30.611125946 CET	53	65165	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:31.324532986 CET	54903	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:31.375427961 CET	53	54903	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:31.581717968 CET	65165	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:31.632411003 CET	53	65165	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:32.340257883 CET	54903	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:32.390963078 CET	53	54903	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:33.590300083 CET	65165	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:33.641092062 CET	53	65165	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:34.356394053 CET	54903	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:34.409406900 CET	53	54903	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:37.607777119 CET	65165	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:37.658658981 CET	53	65165	8.8.8.8	192.168.2.4
Jan 13, 2021 19:57:38.372129917 CET	54903	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:57:38.422939062 CET	53	54903	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:11.314203978 CET	55045	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:11.365366936 CET	53	55045	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:12.218780041 CET	50970	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:12.278163910 CET	53	50970	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:14.348290920 CET	55261	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:14.405211926 CET	53	55261	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:14.557828903 CET	59809	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:14.622667074 CET	53	59809	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:14.748372078 CET	51278	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:14.804738998 CET	53	51278	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:26.667516947 CET	51932	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:26.734833002 CET	53	51932	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:26.874332905 CET	59494	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:26.930533886 CET	53	59494	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:43.022452116 CET	55915	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:43.099421024 CET	53	55915	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:43.232697010 CET	49779	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:43.296624899 CET	53	49779	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:59.414096117 CET	49458	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:59.479186058 CET	53	49458	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:59.631990910 CET	57164	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:59.688234091 CET	53	57164	8.8.8.8	192.168.2.4
Jan 13, 2021 19:58:59.745054007 CET	49840	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:58:59.809533119 CET	53	49840	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:20.024730921 CET	57174	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:20.089135885 CET	53	57174	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:20.226255894 CET	58531	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:20.282411098 CET	53	58531	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:24.108086109 CET	49608	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:24.177526951 CET	53	49608	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:24.316174984 CET	55682	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:24.367022991 CET	53	55682	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:32.346657991 CET	62436	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:32.413997889 CET	53	62436	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:32.534420013 CET	61230	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:32.599001884 CET	53	61230	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:44.740398884 CET	64730	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:44.804832935 CET	53	64730	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:44.932704926 CET	60624	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:44.989319086 CET	53	60624	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:48.836608887 CET	62600	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:48.900959969 CET	53	62600	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:49.043344021 CET	53200	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:49.099780083 CET	53	53200	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:52.956475019 CET	61034	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:53.021995068 CET	53	61034	8.8.8.8	192.168.2.4
Jan 13, 2021 19:59:53.151547909 CET	57687	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:59:53.199500084 CET	53	57687	8.8.8.8	192.168.2.4
Jan 13, 2021 20:00:38.559963942 CET	49839	53	192.168.2.4	8.8.8.8
Jan 13, 2021 20:00:38.610696077 CET	53	49839	8.8.8.8	192.168.2.4
Jan 13, 2021 20:00:39.168761015 CET	57975	53	192.168.2.4	8.8.8.8
Jan 13, 2021 20:00:39.233340025 CET	53	57975	8.8.8.8	192.168.2.4
Jan 13, 2021 20:00:42.304356098 CET	57610	53	192.168.2.4	8.8.8.8
Jan 13, 2021 20:00:42.375662088 CET	53	57610	8.8.8.8	192.168.2.4
Jan 13, 2021 20:00:53.483299971 CET	55137	53	192.168.2.4	8.8.8.8
Jan 13, 2021 20:00:53.558926105 CET	53	55137	8.8.8.8	192.168.2.4
Jan 13, 2021 20:00:54.026961088 CET	59216	53	192.168.2.4	8.8.8.8
Jan 13, 2021 20:00:54.091372967 CET	53	59216	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 19:57:00.812587976 CET	192.168.2.4	8.8.8.8	0x23d0	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:01.878998041 CET	192.168.2.4	8.8.8.8	0x7295	Standard query (0)	renderer-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:01.965590954 CET	192.168.2.4	8.8.8.8	0x8c77	Standard query (0)	images.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.604357958 CET	192.168.2.4	8.8.8.8	0x1fce	Standard query (0)	public-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.651340008 CET	192.168.2.4	8.8.8.8	0x4689	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.402669907 CET	192.168.2.4	8.8.8.8	0x2c53	Standard query (0)	bam.nr-data.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.458798885 CET	192.168.2.4	8.8.8.8	0x4fe8	Standard query (0)	cdn.segment.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.905731916 CET	192.168.2.4	8.8.8.8	0x1fe3	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:07.741074085 CET	192.168.2.4	8.8.8.8	0x3abf	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:08.636878967 CET	192.168.2.4	8.8.8.8	0x5f94	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:09.358166933 CET	192.168.2.4	8.8.8.8	0x6abe	Standard query (0)	images.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:15.312333107 CET	192.168.2.4	8.8.8.8	0x8577	Standard query (0)	24mbw17feyn.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.326479912 CET	192.168.2.4	8.8.8.8	0x551	Standard query (0)	images.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.449604988 CET	192.168.2.4	8.8.8.8	0xc852	Standard query (0)	renderer-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.231695890 CET	192.168.2.4	8.8.8.8	0xcade	Standard query (0)	cdn.segment.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.563872099 CET	192.168.2.4	8.8.8.8	0x2eae	Standard query (0)	api.segment.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.629215002 CET	192.168.2.4	8.8.8.8	0x7a1b	Standard query (0)	public-assets.typeform.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.945646048 CET	192.168.2.4	8.8.8.8	0x3636	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 19:57:00.883234978 CET	8.8.8.8	192.168.2.4	0x23d0	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:01.938256025 CET	8.8.8.8	192.168.2.4	0x7295	No error (0)	renderer-assets.typeform.com	d2citsn5wf4j9j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:01.938256025 CET	8.8.8.8	192.168.2.4	0x7295	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.100	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:01.938256025 CET	8.8.8.8	192.168.2.4	0x7295	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.91	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:01.938256025 CET	8.8.8.8	192.168.2.4	0x7295	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.109	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:01.938256025 CET	8.8.8.8	192.168.2.4	0x7295	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.122	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.026602030 CET	8.8.8.8	192.168.2.4	0x8c77	No error (0)	images.typeform.com	d2nvsmtq2poimt.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:02.026602030 CET	8.8.8.8	192.168.2.4	0x8c77	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.16	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.026602030 CET	8.8.8.8	192.168.2.4	0x8c77	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.76	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.026602030 CET	8.8.8.8	192.168.2.4	0x8c77	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.30	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.026602030 CET	8.8.8.8	192.168.2.4	0x8c77	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.666327000 CET	8.8.8.8	192.168.2.4	0x1fce	No error (0)	public-assets.typeform.com	d2p6vz8nayi9a3.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:02.666327000 CET	8.8.8.8	192.168.2.4	0x1fce	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.7	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.666327000 CET	8.8.8.8	192.168.2.4	0x1fce	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.11	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.666327000 CET	8.8.8.8	192.168.2.4	0x1fce	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.82	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.666327000 CET	8.8.8.8	192.168.2.4	0x1fce	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.9	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:02.814868927 CET	8.8.8.8	192.168.2.4	0x4689	No error (0)	js-agent.newrelic.com	f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:03.453533888 CET	8.8.8.8	192.168.2.4	0x2c53	No error (0)	bam.nr-data.net		162.247.242.21	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.453533888 CET	8.8.8.8	192.168.2.4	0x2c53	No error (0)	bam.nr-data.net		162.247.242.19	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.453533888 CET	8.8.8.8	192.168.2.4	0x2c53	No error (0)	bam.nr-data.net		162.247.242.18	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.453533888 CET	8.8.8.8	192.168.2.4	0x2c53	No error (0)	bam.nr-data.net		162.247.242.20	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.517788887 CET	8.8.8.8	192.168.2.4	0x4fe8	No error (0)	cdn.segment.com	d296je7bbdd650.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:03.517788887 CET	8.8.8.8	192.168.2.4	0x4fe8	No error (0)	d296je7bbdd650.cloudfront.net		143.204.99.83	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		54.69.177.146	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		52.39.143.152	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		54.69.24.9	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		54.70.105.250	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		54.218.98.189	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		52.35.195.250	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		54.213.0.126	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:03.954035044 CET	8.8.8.8	192.168.2.4	0x1fe3	No error (0)	api.segment.io		35.164.219.175	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:07.799051046 CET	8.8.8.8	192.168.2.4	0x3abf	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:08.698694944 CET	8.8.8.8	192.168.2.4	0x5f94	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:09.419701099 CET	8.8.8.8	192.168.2.4	0x6abe	No error (0)	images.typeform.com	d2nvsmtq2poimt.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:09.419701099 CET	8.8.8.8	192.168.2.4	0x6abe	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.16	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:09.419701099 CET	8.8.8.8	192.168.2.4	0x6abe	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.76	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:09.419701099 CET	8.8.8.8	192.168.2.4	0x6abe	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.30	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:09.419701099 CET	8.8.8.8	192.168.2.4	0x6abe	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:15.371676922 CET	8.8.8.8	192.168.2.4	0x8577	No error (0)	24mbw17feyn.typeform.com	random.typeform.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:16.384850025 CET	8.8.8.8	192.168.2.4	0x551	No error (0)	images.typeform.com	d2nvsmtq2poimt.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:16.384850025 CET	8.8.8.8	192.168.2.4	0x551	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.16	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.384850025 CET	8.8.8.8	192.168.2.4	0x551	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.76	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.384850025 CET	8.8.8.8	192.168.2.4	0x551	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.30	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.384850025 CET	8.8.8.8	192.168.2.4	0x551	No error (0)	d2nvsmtq2poimt.cloudfront.net		143.204.93.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.512203932 CET	8.8.8.8	192.168.2.4	0xc852	No error (0)	renderer-assets.typeform.com	d2citsn5wf4j9j.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:16.512203932 CET	8.8.8.8	192.168.2.4	0xc852	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.100	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.512203932 CET	8.8.8.8	192.168.2.4	0xc852	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.109	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.512203932 CET	8.8.8.8	192.168.2.4	0xc852	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.122	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:16.512203932 CET	8.8.8.8	192.168.2.4	0xc852	No error (0)	d2citsn5wf4j9j.cloudfront.net		143.204.93.91	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.291009903 CET	8.8.8.8	192.168.2.4	0xcade	No error (0)	cdn.segment.com	d296je7bbdd650.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:17.291009903 CET	8.8.8.8	192.168.2.4	0xcade	No error (0)	d296je7bbdd650.cloudfront.net		143.204.99.83	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		54.190.208.247	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		34.210.41.193	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		54.191.2.73	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		52.33.248.165	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		52.33.69.177	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		35.167.27.130	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		52.38.120.169	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.611526012 CET	8.8.8.8	192.168.2.4	0x2eae	No error (0)	api.segment.io		54.70.109.173	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.688252926 CET	8.8.8.8	192.168.2.4	0x7a1b	No error (0)	public-assets.typeform.com	d2p6vz8nayi9a3.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:17.688252926 CET	8.8.8.8	192.168.2.4	0x7a1b	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.7	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.688252926 CET	8.8.8.8	192.168.2.4	0x7a1b	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.11	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.688252926 CET	8.8.8.8	192.168.2.4	0x7a1b	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.82	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:17.688252926 CET	8.8.8.8	192.168.2.4	0x7a1b	No error (0)	d2p6vz8nayi9a3.cloudfront.net		13.224.194.9	A (IP address)	IN (0x0001)
Jan 13, 2021 19:57:18.012594938 CET	8.8.8.8	192.168.2.4	0x3636	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:57:18.012594938 CET	8.8.8.8	192.168.2.4	0x3636	No error (0)	googlehosted.l.googleusercontent.com		108.177.126.132	A (IP address)	IN (0x0001)
Jan 13, 2021 20:00:38.610696077 CET	8.8.8.8	192.168.2.4	0x27ba	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 19:57:02.038213968 CET	143.204.93.100	443	192.168.2.4	49773	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:02.098998070 CET	143.204.93.100	443	192.168.2.4	49772	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:02.133601904 CET	143.204.93.16	443	192.168.2.4	49775	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:02.133963108 CET	143.204.93.16	443	192.168.2.4	49774	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:02.780635118 CET	13.224.194.7	443	192.168.2.4	49776	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:02.861470938 CET	13.224.194.7	443	192.168.2.4	49777	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:03.652894020 CET	143.204.99.83	443	192.168.2.4	49782	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:03.652894020 CET	143.204.99.83	443	192.168.2.4	49782	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:03.678940058 CET	143.204.99.83	443	192.168.2.4	49783	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:03.678940058 CET	143.204.99.83	443	192.168.2.4	49783	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:04.497802973 CET	54.69.177.146	443	192.168.2.4	49784	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:04.497802973 CET	54.69.177.146	443	192.168.2.4	49784	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:04.842483044 CET	54.69.177.146	443	192.168.2.4	49785	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:04.842483044 CET	54.69.177.146	443	192.168.2.4	49785	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:09.505745888 CET	143.204.93.16	443	192.168.2.4	49788	CN=*.typeform.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Nov 30 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Dec 30 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:57:10.945897102 CET	162.247.242.19	443	192.168.2.4	49789	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:10.945897102 CET	162.247.242.19	443	192.168.2.4	49789	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:10.995667934 CET	162.247.242.19	443	192.168.2.4	49790	CN=*.nr-data.net, O="New Relic, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Tue Feb 08 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:10.995667934 CET	162.247.242.19	443	192.168.2.4	49790	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:57:18.022237062 CET	54.190.208.247	443	192.168.2.4	49803	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jan 13, 2021 19:57:18.022237062 CET	54.190.208.247	443	192.168.2.4	49803	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		b32309a26951912be7dba376398abc3b
Jan 13, 2021 19:57:18.221134901 CET	54.190.208.247	443	192.168.2.4	49806	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jan 13, 2021 19:57:18.221134901 CET	54.190.208.247	443	192.168.2.4	49806	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		b32309a26951912be7dba376398abc3b
Jan 13, 2021 19:57:18.284586906 CET	54.190.208.247	443	192.168.2.4	49807	CN=*.segment.com, O="Segment.io, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 12 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Jul 27 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jan 13, 2021 19:57:18.284586906 CET	54.190.208.247	443	192.168.2.4	49807	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		b32309a26951912be7dba376398abc3b

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 6688 Parent PID: 800

General

Start time:	19:56:01
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Imagebase:	0x50000
File size:	27110184 bytes
MD5 hash:	5D6638F2C8F8571C593999C58866007E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 5540 Parent PID: 800

General

Start time:	19:56:57
Start date:	13/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff629190000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 5644 Parent PID: 5540

General

Start time:	19:56:58
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5540 CREDAT:17410 /prefetch:2
Imagebase:	0x1070000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: chrome.exe PID: 1380 Parent PID: 6688

General

Start time:	19:57:08
Start date:	13/01/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' -- 'https://24mbw17feyn.typeform.com/to/ZlFRrg5s'
Imagebase:	0x7ff609c80000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 6924 Parent PID: 1380

General

Start time:	19:57:10
Start date:	13/01/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,8369915553311949587,2127772347523126301,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1720 /prefetch:8
Imagebase:	0x7ff609c80000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Reset < >

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report ACH WIRE PAYMENT ADVICE..xlsx

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

Phishing:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: EXCEL.EXE PID: 6688 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 5540 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 5644 Parent PID: 5540

General

Analysis Process: chrome.exe PID: 1380 Parent PID: 6688

General

Analysis Process: chrome.exe PID: 6924 Parent PID: 1380

General

Disassembly