Play interactive tour

Edit tour

Analysis Report https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==

Overview

General Information

Sample URL:	https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==
Analysis ID:	344972
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Classification

Startup

System is w10x64

chrome.exe (PID: 5508 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 1704 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,13880197655046322879,7359506738743907629,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Show sources

Source: Yara match

File source: 22654.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Show sources

Matcher: Found strong image similarity, brand: Microsoft image: 22654.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Phishing site detected (based on logo template match)

Show sources

Matcher: Template: microsoft matched

Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: Number of links: 0
Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: Number of links: 0

Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: No <meta name="author".. found
Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: No <meta name="author".. found

Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: No <meta name="copyright".. found
Source: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	HTTP Parser: No <meta name="copyright".. found

Compliance:

Creates a directory in C:\Program Files

Show sources

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.192:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.89.12.87:443 -> 192.168.2.5:49919 version: TLS 1.2

Networking:

Source: unknown

DNS traffic detected: queries for: ww-agf.primside.ga

Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=fHk66Wobqmp1oRWQAGcEYYR9LG79ETz6PsBQ0Jf4Z8Lqd4gGsWKYC0MH%2BTUX
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	String found in binary or memory: https://aadcdn.msauth.net
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	String found in binary or memory: https://aadcdn.msftauth.net
Source: dc2be4daef321d91_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/engagement-window/window-confs/164451
Source: e4b92c98510f85ab_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/eng
Source: 72090e93af2b3d0c_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=z
Source: 2e8df38f3f8fb595_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb223
Source: 330c4816a9e28618_0.0.dr	String found in binary or memory: https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb321
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, manifest.json0.0.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/
Source: ac17804cac642505_0.0.dr, 094e2d6bf2abec98_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Source: ac17804cac642505_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.jsaD
Source: d351c2e105cdeba7_0.0.dr, f46ad1d2652b0b43_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: d351c2e105cdeba7_0.0.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.jsaD
Source: 166ee82c52b87e97_0.0.dr	String found in binary or memory: https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, manifest.json0.0.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://assets.onestore.ms/
Source: 6b848a87f40dd230_0.0.dr	String found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Source: History-journal.0.dr	String found in binary or memory: https://bingexplore.azurewebsites.net/bing-data-suppliers/en
Source: Current Session.0.dr	String found in binary or memory: https://bingexplore.azurewebsites.net/bing-data-suppliers/en/
Source: History-journal.0.dr	String found in binary or memory: https://bingexplore.azurewebsites.net/bing-data-suppliers/en/About
Source: History-journal.0.dr	String found in binary or memory: https://bingexplore.azurewebsites.net/bing-data-suppliers/enAbout
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	String found in binary or memory: https://cdn.clipart.email
Source: Favicons-journal.0.dr	String found in binary or memory: https://cdn.clipart.email/de08a54070b0e35e96d77ab05a6eea4a_microsoft-logo-transparent-png-picture-75
Source: 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 176d14383a4cd8c3_0.0.dr	String found in binary or memory: https://consentreceiverfd-prod.azurefd.net/v1
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr, 7c168c30-6ca2-4e13-be78-b11bd2163b82.tmp.1.dr, 2f52bada-9a8b-43b4-8f63-9c4d3480cea3.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 5a0d44391b90ff78_0.0.dr	String found in binary or memory: https://live.com/
Source: 5db4ad138a5b020e_0.0.dr, 330c4816a9e28618_0.0.dr	String found in binary or memory: https://liveperson.net/
Source: 3b99dc3d3bc104fb_0.0.dr	String found in binary or memory: https://liveperson.net//
Source: 5a0d44391b90ff78_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.js
Source: 5a0d44391b90ff78_0.0.dr	String found in binary or memory: https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.jsaD
Source: 000003.log6.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net
Source: 000003.log6.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net
Source: 000003.log0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/
Source: 50030ae951750ff1_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028
Source: 309184ad59030aa2_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028
Source: Current Session.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.html?loc=http
Source: 5db4ad138a5b020e_0.0.dr	String found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.js?loc=https%
Source: 43fb384703621b6c_0.0.dr	String found in binary or memory: https://lptag.liveperson.net/lptag/api/account/60270350/configuration/applications/taglets/.jsonp?v=
Source: 22fb0e1969c285c1_0.0.dr	String found in binary or memory: https://lptag.liveperson.net/tag/tag.js?site=60270350
Source: e4b9b26cef092fbf_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1
Source: 4ac2f448771ab57b_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1
Source: 462d64d34aad30da_0.0.dr	String found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1
Source: 73b12b162f1cf8a7_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.js
Source: 73b12b162f1cf8a7_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.jsaD
Source: 00add0752dc81105_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.js
Source: 00add0752dc81105_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.jsaD
Source: f4de1fe6dac9263c_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meBoot.min.js
Source: 778b8f5c60850b23_0.0.dr	String found in binary or memory: https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meCore.min.js
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 000003.log6.0.dr	String found in binary or memory: https://publisher.liveperson.net
Source: 000003.log6.0.dr	String found in binary or memory: https://publisher.liveperson.net-_https://publisher.liveperson.net
Source: 000003.log0.0.dr	String found in binary or memory: https://publisher.liveperson.net/
Source: Current Session.0.dr	String found in binary or memory: https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	String found in binary or memory: https://r1---sn-4g5ednle.gvt1.com
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Current Session.0.dr	String found in binary or memory: https://snowtike.cf
Source: Favicons-journal.0.dr	String found in binary or memory: https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8
Source: Current Session.0.dr, Favicons-journal.0.dr	String found in binary or memory: https://snowtike.cf/andy.kochar
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 3b99dc3d3bc104fb_0.0.dr	String found in binary or memory: https://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, manifest.json0.0.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443

Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.192:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.89.12.87:443 -> 192.168.2.5:49919 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal72.phis.win@47/242@23/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6011F379-1584.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\767a1aae-3040-4348-806b-9335bbc277f2.tmp

Jump to behavior

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ=='
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,13880197655046322879,7359506738743907629,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,13880197655046322879,7359506738743907629,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==	0%	Avira URL Cloud	safe
https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
cdn.clipart.email	0%	Virustotal		Browse
cs1100.wpc.omegacdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://assets.onestore.ms/	0%	Avira URL Cloud	safe
https://publisher.liveperson.net-_https://publisher.liveperson.net	0%	Avira URL Cloud	safe
https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net	0%	Avira URL Cloud	safe
https://consentreceiverfd-prod.azurefd.net/v1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meCore.min.js	0%	Avira URL Cloud	safe
https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1	0%	Avira URL Cloud	safe
https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.jsaD	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.jsaD	0%	Avira URL Cloud	safe
https://cdn.clipart.email/de08a54070b0e35e96d77ab05a6eea4a_microsoft-logo-transparent-png-picture-75	0%	Avira URL Cloud	safe
https://snowtike.cf	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.jsaD	0%	Avira URL Cloud	safe
https://snowtike.cf/andy.kochar	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net	0%	URL Reputation	safe
https://aadcdn.msftauth.net	0%	URL Reputation	safe
https://aadcdn.msftauth.net	0%	URL Reputation	safe
https://cdn.clipart.email	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.js	0%	Avira URL Cloud	safe
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meBoot.min.js	0%	Avira URL Cloud	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.clipart.email	172.67.70.208	true	false	0%, Virustotal, Browse	unknown
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	0%, Virustotal, Browse	unknown
microsoftwindows.112.2o7.net	35.181.18.61	true	false		high
ww-agf.primside.ga	162.241.67.201	true	false		unknown
dh1y47vf5ttia.cloudfront.net	143.204.11.14	true	false		high
va.v.liveperson.net	208.89.12.87	true	false		high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false		unknown
mcraa.fs.liveperson.com	3.218.234.129	true	false		high
snowtike.cf	162.241.67.201	true	false		unknown
liveperson.map.fastly.net	151.101.1.192	true	false		unknown
googlehosted.l.googleusercontent.com	172.217.22.225	true	false		high
logincdn.msauth.net	unknown	unknown	false		unknown
lpcdn.lpsnmedia.net	unknown	unknown	false		high
accdn.lpsnmedia.net	unknown	unknown	false		high
aadcdn.msftauth.net	unknown	unknown	false		unknown
aadcdn.msauth.net	unknown	unknown	false		unknown
assets.onestore.ms	unknown	unknown	false		unknown
ajax.aspnetcdn.com	unknown	unknown	false		high
static-assets.fs.liveperson.com	unknown	unknown	false		high
mem.gfx.ms	unknown	unknown	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		high
bingexplore.azurewebsites.net	unknown	unknown	false		unknown
publisher.liveperson.net	unknown	unknown	false		high
amp.azure.net	unknown	unknown	false		high
lptag.liveperson.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php	true		unknown
https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-ch&buttons=lpChatService,lpChatSales	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets.onestore.ms/	Network Action Predictor.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb223	2e8df38f3f8fb595_0.0.dr	false		high
https://publisher.liveperson.net-_https://publisher.liveperson.net	000003.log6.0.dr	false	Avira URL Cloud: safe	low
https://lpcdn.lpsnmedia.net(_https://lpcdn.lpsnmedia.net	000003.log6.0.dr	false	Avira URL Cloud: safe	low
https://publisher.liveperson.net/	000003.log0.0.dr	false		high
https://liveperson.net//	3b99dc3d3bc104fb_0.0.dr	false		high
https://consentreceiverfd-prod.azurefd.net/v1	176d14383a4cd8c3_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.jsaD	ac17804cac642505_0.0.dr	false		high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js	d351c2e105cdeba7_0.0.dr, f46ad1d2652b0b43_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1	462d64d34aad30da_0.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=z	72090e93af2b3d0c_0.0.dr	false		high
https://lpcdn.lpsnmedia.net/	000003.log0.0.dr	false		high
https://live.com/	5a0d44391b90ff78_0.0.dr	false		high
https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales-de-	Current Session.0.dr	false		high
https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.html?loc=http	Current Session.0.dr	false		high
https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028	50030ae951750ff1_0.0.dr	false		high
https://publisher.liveperson.net	000003.log6.0.dr	false		high
https://a.nel.cloudflare.com/report?s=fHk66Wobqmp1oRWQAGcEYYR9LG79ETz6PsBQ0Jf4Z8Lqd4gGsWKYC0MH%2BTUX	Reporting and NEL.1.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.js	73b12b162f1cf8a7_0.0.dr	false	Avira URL Cloud: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/eng	e4b92c98510f85ab_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1	e4b9b26cef092fbf_0.0.dr	false	Avira URL Cloud: safe	unknown
https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.js?loc=https%	5db4ad138a5b020e_0.0.dr	false		high
https://dns.google	c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr, 7c168c30-6ca2-4e13-be78-b11bd2163b82.tmp.1.dr, 2f52bada-9a8b-43b4-8f63-9c4d3480cea3.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb321	330c4816a9e28618_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meCore.min.js	778b8f5c60850b23_0.0.dr	false	Avira URL Cloud: safe	unknown
https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.js	5a0d44391b90ff78_0.0.dr	false	Avira URL Cloud: safe	unknown
https://lpcdn.lpsnmedia.net	000003.log6.0.dr	false		high
https://liveperson.net/	5db4ad138a5b020e_0.0.dr, 330c4816a9e28618_0.0.dr	false		high
https://accdn.lpsnmedia.net/api/account/60270350/configuration/engagement-window/window-confs/164451	dc2be4daef321d91_0.0.dr	false		high
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1	4ac2f448771ab57b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.jsaD	5a0d44391b90ff78_0.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js	ac17804cac642505_0.0.dr, 094e2d6bf2abec98_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.jsaD	00add0752dc81105_0.0.dr	false	Avira URL Cloud: safe	unknown
https://cdn.clipart.email/de08a54070b0e35e96d77ab05a6eea4a_microsoft-logo-transparent-png-picture-75	Favicons-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.jsaD	d351c2e105cdeba7_0.0.dr	false		high
https://snowtike.cf	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028	309184ad59030aa2_0.0.dr	false		high
https://ajax.aspnetcdn.com/	Network Action Predictor-journal.0.dr	false		high
https://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js	166ee82c52b87e97_0.0.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.jsaD	73b12b162f1cf8a7_0.0.dr	false	Avira URL Cloud: safe	unknown
https://snowtike.cf/andy.kochar	Current Session.0.dr, Favicons-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net	c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn.clipart.email	c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com	c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr, 1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp.1.dr	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.js	00add0752dc81105_0.0.dr	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meBoot.min.js	f4de1fe6dac9263c_0.0.dr	false	Avira URL Cloud: safe	unknown
https://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js	3b99dc3d3bc104fb_0.0.dr	false		high
https://aadcdn.msauth.net	c2c22fe8-e44e-4eb2-bd87-6e25065f6850.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8	Favicons-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://lptag.liveperson.net/lptag/api/account/60270350/configuration/applications/taglets/.jsonp?v=	43fb384703621b6c_0.0.dr	false		high
https://lptag.liveperson.net/tag/tag.js?site=60270350	22fb0e1969c285c1_0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.22.225	unknown	United States	15169	GOOGLEUS	false
208.89.12.87	unknown	United States	11054	LIVEPERSONUS	false
151.101.1.192	unknown	United States	54113	FASTLYUS	false
172.67.70.208	unknown	United States	13335	CLOUDFLARENETUS	false
162.241.67.201	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	unknown	United States	15133	EDGECASTUS	false
35.181.18.61	unknown	United States	16509	AMAZON-02US	false
143.204.11.14	unknown	United States	16509	AMAZON-02US	false
152.199.23.37	unknown	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	344972
Start date:	27.01.2021
Start time:	15:12:05
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@47/242@23/12
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://www.microsoft.com/en-US/servicesagreement/ Browse: https://privacy.microsoft.com/en-US/privacystatement Browse: https://www.microsoft.com/en-US/servicesagreement/ Browse: https://go.microsoft.com/fwlink/?LinkId=521839 Browse: https://www.microsoft.com/ Browse: https://www.microsoft.com/en-us/servicesagreement Browse: https://www.microsoft.com/en-us/servicesagreement/faq.aspx Browse: https://www.microsoft.com/en-us/servicesagreement/default.aspx Browse: https://go.microsoft.com/fwlink/?LinkId=716894 Browse: https://www.microsoft.com/microsoft-365 Browse: https://www.microsoft.com/en-us/microsoft-365/microsoft-office
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 13.88.21.125, 172.217.20.237, 172.217.23.35, 216.58.207.174, 172.217.23.78, 74.125.104.87, 173.194.188.234, 13.107.246.13, 23.211.5.92, 95.101.22.193, 95.101.22.225, 152.199.19.160, 23.210.249.93, 95.101.22.224, 95.101.22.216, 23.210.248.85, 104.42.151.234, 52.255.188.83, 172.217.23.42, 172.217.23.74, 172.217.22.202, 172.217.22.234, 216.58.207.138, 216.58.207.170, 172.217.20.234, 172.217.23.10, 104.108.38.107, 104.108.39.131, 95.101.22.235, 95.101.22.202, 65.55.44.109, 23.50.99.143, 178.249.101.23, 67.27.159.126, 8.248.139.254, 67.27.158.126, 67.27.157.254, 67.27.158.254, 95.101.27.142, 95.101.27.163, 40.126.31.135, 20.190.159.134, 20.190.159.138, 40.126.31.1, 20.190.159.132, 40.126.31.143, 40.126.31.137, 40.126.31.4, 178.249.97.99, 51.103.5.186, 178.249.97.98, 40.126.31.6, 20.190.159.136, 40.126.31.8, 51.11.168.160, 2.18.97.149, 23.210.248.208, 172.217.23.67, 204.79.197.200, 13.107.21.200, 23.96.187.5, 173.194.188.38, 95.101.22.233, 95.101.22.208, 20.54.26.129, 173.194.151.103, 51.104.144.132 Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, clientservices.googleapis.com, i.s-microsoft.com.edgekey.net, publisher.livepersonk.akadns.net, fs-wildcard.microsoft.com.edgekey.net, wns.notify.windows.com.akadns.net, www.tm.a.prd.aadg.trafficmanager.net, ev.support.microsoft.com.edgekey.net, a1945.g2.akamai.net, clients2.google.com, e3843.g.akamaiedge.net, star-azurefd-prod.trafficmanager.net, statics-marketingsites-eus-ms-com.akamaized.net, au-bg-shim.trafficmanager.net, www.bing.com, dual-a-0001.a-msedge.net, global.vortex.data.trafficmanager.net, ris-prod.trafficmanager.net, lgincdnvzeuno.ec.azureedge.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, ris.api.iris.microsoft.com, r1---sn-4g5ednle.gvt1.com, lgincdn.trafficmanager.net, r1---sn-4g5e6ne6.gvt1.com, cdn.account.microsoft.com.akadns.net, translate.googleapis.com, c.s-microsoft.com-c.edgekey.net, clients.l.google.com, r1---sn-4g5ednse.gvt1.com, a1985.g2.akamai.net, support.microsoft.com, i.s-microsoft.com, go.microsoft.com, prod-video-cms-rt-microsoft-com.akamaized.net, r1.sn-4g5ednle.gvt1.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, 160c1.wpc.azureedge.net, accounts.google.com, cs22.wpc.v0cdn.net, mem.gfx.ms.edgekey.net, accdn.lpsnmedia.livepersonk.akadns.net, a767.dscg3.akamai.net, star-azureedge-prod.trafficmanager.net, login.msa.msidentity.com, lptag.liveperson.cotcdb.net.livepersonk.akadns.net, c.s-microsoft.com, go.microsoft.com.edgekey.net, e8819.g.akamaiedge.net, az725175.vo.msecnd.net, skypedataprdcolwus15.cloudapp.net, e13678.dspb.akamaiedge.net, vip2-par02p.wns.notify.trafficmanager.net, wcpstatic.microsoft.com, arc.msn.com.nsatc.net, e13678.dscb.akamaiedge.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, watson.telemetry.microsoft.com, www.gstatic.com, a1778.g2.akamai.net, e10583.dspg.akamaiedge.net, fs.microsoft.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, aadcdnoriginneu.azureedge.net, statics-marketingsites-wcus-ms-com.akamaized.net, www.googleapis.com, web.vortex.data.trafficmanager.net, r5---sn-4g5ednsk.gvt1.com, t-0003.t-msedge.net, e55.dspb.akamaiedge.net, blobcollector.events.data.trafficmanager.net, aadcdnoriginwus2.afd.azureedge.net, privacy.microsoft.com.edgekey.net, dub2.next.a.prd.aadg.trafficmanager.net, par02p.wns.notify.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, au.download.windowsupdate.com.edgesuite.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, mscomajax.vo.msecnd.net, redirector.gvt1.com, emea1.notify.windows.com.akadns.net, r1.sn-4g5e6ne6.gvt1.com, windows.microsoft.com.edgekey.net, img-prod-cms-rt-microsoft-com.akamaized.net, r1.sn-4g5ednse.gvt1.com, windows.microsoft.com, waws-prod-ch1-019.cloudapp.net, r5.sn-4g5ednsk.gvt1.com, client.wns.windows.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, Edge-Prod-FRAr3.ctrl.t-0003.t-msedge.net, aadcdnoriginneu.ec.azureedge.net, web.vortex.data.microsoft.com, lgincdnvzeuno.azureedge.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, privacy.microsoft.com, lpcdn.lpsnmedia.livepersonk.akadns.net, e13678.dscg.akamaiedge.net, www.microsoft.com, skypedataprdcolwus16.cloudapp.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:13:41	API Interceptor	1x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 59134 bytes, 1 file
Category:	dropped
Size (bytes):	59134
Entropy (8bit):	7.995450161616763
Encrypted:	true
SSDEEP:	1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
MD5:	E92176B0889CC1BB97114BEB2F3C1728
SHA1:	AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
SHA-256:	58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
SHA-512:	CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
Malicious:	false
Reputation:	low
Preview:	MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7I.....e..Y..Rq...3.n..u..............\|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b.....[...L..c..a..,...E5X..i.d..w.....#o+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.070258077246651
Encrypted:	false
SSDEEP:	6:kK4CbqoN+SkQlPlEGYRMY9z+4KlDA3RUeKlF+adAlf:63kPlE99SNxAhUeo+aKt
MD5:	0705882590A004D9423BDD78471D59A2
SHA1:	0A3C462AE305E9399776FC99DC2EC001CB69925A
SHA-256:	E78AD2D1FCE97C2C869340FC6E77BEAD799E358812937BFB10C9FCAEEEBCE3A0
SHA-512:	8A4D01292D3153ECE736B45BD7A659F14595ABFB5759413D74F55D8CDF972324400DB4CFF7B6F98A6E322FD70DB93E9A61F8616641A4D680D4C3BEF63DBEEA54
Malicious:	false
Reputation:	low
Preview:	p...... ........3 W.....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.b.b.a.e.1.d.7.e.a.d.6.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\0129cfb3-5ed5-4d93-8a1b-66c6235633e3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354448
Entropy (8bit):	6.015555575918952
Encrypted:	false
SSDEEP:	6144:C1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:CLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	6987DEF8A501B34EAD39D53AFE23E295
SHA1:	C2EC16C9348D09F1E85B6ED1BD7FD4F6CD4FA862
SHA-256:	40C9C105669B29FAD62FAF5A83E673AB75A7E00BB25452D4516AB6C395EA6664
SHA-512:	78FEB4229F1F78B5F97381C249585E390A1FC76AD1CB4C3EDED7FB1E31FFAA8815F5CEBEEA63EBECBCEAA9BC004C751B77E1A277E1CD41D207173BF443DB9BD2
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"13256262778047

C:\Users\user\AppData\Local\Google\Chrome\User Data\234bde21-9b5e-4d37-bad0-e7e113540445.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7519071594560067
Encrypted:	false
SSDEEP:	384:tfe1Bf42fgjLVkq54NZryvdn3mpDiHzaGq9rIbRpxWLvTurshmcI643Jph2OHfJn:d+2BNWvM+keXhrrIfTinKB3dll
MD5:	36A903C56F2E31B6F9E53458B01BF442
SHA1:	1D26B8F1E6E71CE90E2F5BA00EB4743FC4E7EA14
SHA-256:	C8BCFA378137DB0B6465F8E1485AAB25B4C966A7FDCB7568AAE313AA029D2DDC
SHA-512:	9C34B2E0088DAEC6AFDAC0992131F35A0170FD8FC02099C690493FCB0E89D552985C1653028120F3FF06538DB783AB22AB53CBE325BF6F56E4347B328D7C7AFC
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n..../8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\2a54a5ad-1e43-40c1-bc9b-ca30dc5e385d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	358027
Entropy (8bit):	6.028180247658823
Encrypted:	false
SSDEEP:	6144:Z1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:ZLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	451C063F5E7F57114701ADEA79DD600E
SHA1:	A7CDAF6308F42F1AA467ED389B8599246A477653
SHA-256:	D3A057BDAE72EADE156E0B7614A8486D337AD5E5DC7F1293994A4E1C2F81E40A
SHA-512:	7EF7E9276CE3177BF71236E773B717E9A8A139FC542716E9FD1330EB992C816F7B0F17C233ECB0D41EC90470916F57129AA2092867CD9C68E4C29EDFAE743D79
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075153426"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2c10c6a5-25c7-421d-8ca9-0039863da4c8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354448
Entropy (8bit):	6.0155555967235115
Encrypted:	false
SSDEEP:	6144:r1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:rLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	8168326FBEF5B72E3813D0F2097F3587
SHA1:	8E8251437B8BC2E038C88A4960C763D1901D4E93
SHA-256:	30C136658E03FCAA85224D7478288480E6FF0C2D52424DD40BC851C36F849EFE
SHA-512:	F1B2CA9266A923B4F8DA6EC9390D958AE36352124998E933BC90BAAAB1036698B9B035C0BCA69B6F8396794FB29C5DBEDEDE6ADCB8DEC89B42498A7FA81AC123
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"13256262778047

C:\Users\user\AppData\Local\Google\Chrome\User Data\4ce0e581-54d2-47b1-8286-57ad74f4e6e6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.7514380354403127
Encrypted:	false
SSDEEP:	384:jfe1Bf42rjM54NZryvdn3mpDiHzaGq9rIbRpxWLvTurshmc/43Jph2OHfJNs1xoy:m2BNWvW+keXhrrIfTinKB3dlm
MD5:	C1717A965666276B2682F600197FC61B
SHA1:	FEDEE6EE81FA426C8900E2BBE524E3392B5CA17C
SHA-256:	CAAB8EB20FB52C1140201DE0B4C15657ED3D4222B05CE375597860EE68AEC349
SHA-512:	D892CF2791A9214D57F3009B8C58FFA6390D20526702E49812EEDF9FF21728C0A52FAD095688C4DD692D1FFD683662FF529937D1986329B09C4B027C8B9288EA
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n..../8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\4f2c1bd8-04b1-4009-ad36-945037dc656f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354449
Entropy (8bit):	6.015555782602003
Encrypted:	false
SSDEEP:	6144:h1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:hLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	0071D308053D5E184DFE02D345893A34
SHA1:	C51CF9E45270A70FA2B68C55A7F5464AB1B7610F
SHA-256:	A180C014E8CE572E08375017E1D83B10C874315ABF0056FDCA999E257CA25216
SHA-512:	2AE28EBA070698F987B9C10252C5B49959CB55AD3497D590E82A22A76099263D41200C63987660BBE6ADD682D96445F3CFF782E22F0407DCCA2323785C45C606
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"13256262778047

C:\Users\user\AppData\Local\Google\Chrome\User Data\73c6fcfb-0b6e-4010-af7a-42ae04fc98c1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	358027
Entropy (8bit):	6.028180031372581
Encrypted:	false
SSDEEP:	6144:p1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:pLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	50FDED7A8E875E2736E326C914A30C27
SHA1:	4D4D2D42D4909071027E102113F52C7A95EF8B23
SHA-256:	9FDA743991EAD66F9983C215FDCBAEACC638D936E9C166310637FBD646190E4D
SHA-512:	D2E7D1B52E6AFA9DD52066BCCF630CE235D171784407406075B31018DA5D5984F3A326E64520862FA838E007E1911B452F9D07EF54C7C4B13D10A225A5F08564
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075153426"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\830f6d71-f14f-4425-8444-d8ae53d174d3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	354449
Entropy (8bit):	6.01555599174709
Encrypted:	false
SSDEEP:	6144:Z1lAumJe8Um8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBG:ZLAumJgzxzurRDn9nfNxF4ijZVtilBG
MD5:	FA3D1D4F508C63898A50F088F9C48815
SHA1:	B3944EC6A200D86C9E795AB7AA231048C54E0D68
SHA-256:	DBA723124A53C3741499320AE7F69874A4DA2DD517EA4C9243CE60B57B89A794
SHA-512:	6D5F8CA70E0A82DDB7DCDA2CB1DBDCE6927DD1C5B3A05201514FC70334FB087EAFC21AFC607F91B47AF4A4B35DDF2BF72AB68F19BDCEA547F32683C5E2F4296A
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611789181217077e+12,"network":1.611756783e+12,"ticks":111199675.0,"uncertainty":4797122.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075153426"},"policy":{"last_statistics_update":"13256262778047

C:\Users\user\AppData\Local\Google\Chrome\User Data\9d17ae73-80d1-44df-88ca-efb8d7627f86.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7521877645693626
Encrypted:	false
SSDEEP:	384:9fe1Bf42fgjLVkq54NZryvdn3mpDiHzaGq9rIbRpxWLvTurshmc/43Jph2OHfJNp:N+2BNWvW+keXhrrIfTinKB3dlx
MD5:	3B40DCB58056AEF3878C2E06038E8BBE
SHA1:	49151BC76E18C8A4B9FA2A867BDA4DC6C1D8E451
SHA-256:	5871568CEE3694D6D2DEE8FFF01EEB287F4C36D8512A1DE807A187D85BB79695
SHA-512:	525E40043AAC13EF7773313C8347ACC6B9B1CB88EB9B5355277DACF4C4E708EA3E51253BF2674C50ED89265A7109194634D5CA14D88C9BAB05425430A1C93DE5
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n..../8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXYDu6cR9iTXYDu6cR9iTXYDu6cR9n:+Y66cR4TXY66cR4TXY66cR9
MD5:	569FA64ACAA310B1DE1A6250CC7356B0
SHA1:	14251450C245F8612958BF94779E8B72AE6D6213
SHA-256:	AEE20ADEBF2D35EB8A39BE2DC391B0E5966EFCB4AFDC971BB3A18115C929F563
SHA-512:	850914A053EF541046B29260266C17FEFF2466A87784394F9AB3B565D2EA1E656F61F02BDB78F9F9676E90365F837F3709BCC0856B3B844256848F477250E0C7
Malicious:	false
Reputation:	low
Preview:	sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0ec8195d-560a-4721-94a6-7f51dcf513a3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	1876
Entropy (8bit):	5.585111838485896
Encrypted:	false
SSDEEP:	48:YD2U986UUhEGU9+eUooU9vDKUezUo+UowUeCkwU9gUeh:XU9FUUBU9+eUooU9vDKUKUo+UowUHpUW
MD5:	94CC05FDCF846FA65DD07F24379A354E
SHA1:	A5CA07F93D4667A3D9E892034B6B9BDA95849EF5
SHA-256:	B012CE8E38A7959552B1D2EA4B9098D49EB862E3B0DCF5B5F7D975D9B4D1701B
SHA-512:	3B9AD26CF395684DF2964C0C0E93623450B57472FE11E859D913192BA4293D352B0918C7A02D54ED3EEA07BF55191BE14E7CC6A86762CB226AD1E439D40A025B
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1643325278.286927,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789278.286931},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1643325279.239486,"host":"PKqosHGXLFTwexcsjC+UXTkKV3GWWHwtzKz/ULb9ssM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789279.23949},{"expiry":1643325267.804756,"host":"a1ZTYlNSUSrj8xKbRz2eU2pqvpuOBdbHFtk7jbKGSQI=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611789267.80476},{"expiry":1643325217.378477,"host":"e0dnev3n5m4rUz3lgUGIx3llwf0kSf/EB+PPIf8u0SI=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789217.378481},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_ob

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1c7dc873-96c8-4ccf-8476-d32acdbc1b74.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.871599185186076
Encrypted:	false
SSDEEP:	48:YXs2MHRzsoMHT5s0MHyKsTMHksrDys4Csb7synWsQItFsym6zs6zMHWLsZMH5YhV:+GDGTHGmGHDW1/nOIbmOGlGGhVD
MD5:	829D5654ADF098AD43036E24C47F2A94
SHA1:	506C8BA397509BA0357787950C538C1879047DF3
SHA-256:	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
SHA-512:	D9B18E6B0AD1E8E4BECF9E84BBE30D64730CFEC2CBEAF96D5DF52E28B907B03EADF22F020FBE0A56D137A52F4F09798031BC6CA026CFA8A979A608B3445DBCAA
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600883925","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":40156},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542628822803","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":30856},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600893104","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":25300},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600872791","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34789},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"exp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1ffb1c12-8e67-4610-a43d-85a8d7ad61f5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5864
Entropy (8bit):	5.176933687878223
Encrypted:	false
SSDEEP:	96:ngEF0up4WibmISVgIk0JCTRWL8MkB11RbOTctVuwn:ngE94WASqC4TYLkBxb
MD5:	6A608C2456B83EED9B204DE7A6F31F0F
SHA1:	2DE98C0CBFDA7BFC1591D761722CF3CA33D5DCB7
SHA-256:	5BE33AABF172E3FD4BA043954391CB10F04ABD28FB1F9C2353DB9A247E8A6A38
SHA-512:	8B9A876BCB0D762A1115E29F119E3A8C84598B7F5F1A893157415677DDF414B73942AAFFF64465D3CA568D7EC74457F01420ABC41184E8417BC2E7977A81B4D8
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13256262778419036","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\27bda5cb-db84-4d48-b6fe-4b6986678f30.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16763
Entropy (8bit):	5.577906256215622
Encrypted:	false
SSDEEP:	384:XEktdLlTyXn1kXqKf/pUZNCgVLH2HfD8rUd174X:xLlMn1kXqKf/pUZNCgVLH2HfQrUP7E
MD5:	A302CF176E1C9E43813F659A45F178D0
SHA1:	6947BA3F54D85514C2605FAD2FF035C904A93904
SHA-256:	FF804A25E4796E0E0CE6D088F5567A7DCC0B0C1DE2FF88CCA3A1DC7DAC383B67
SHA-512:	A235F8F6D02FD0FC3E71CC86387C0DA7DB6129CE6CAFED7F48B63DA8BD69FB5424B47DE6B79A8D04E90831A5CCD1E0AC562E1E16EA4A8FB5C2238484B368EE42
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13256262778130520","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\38c897cf-f38c-4142-8c40-3a54566787eb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5795
Entropy (8bit):	5.179174451702255
Encrypted:	false
SSDEEP:	96:nglFbp4WibmISVgIk0JCTRWL8MkB11RbOTQVuwn:ngl/4WASiC4TYLkBh
MD5:	65B48FD6E1427B579DB7685CB80BBAF4
SHA1:	A902DC75FDA8B9532DDCEE0A97B2FA94A46A62FC
SHA-256:	ECE2E0A210F85EFE9E0B374BAB375629253DB1C01802AC9FEC3247FEE2220C50
SHA-512:	7DEDCC5C004DF2485C373AC1A0A7FC553A8FBEB234CB95D44DFA17BEBB0A1BF002194054580AD513FA56F18C36092D4B50A9677E75BBCAB42A745F4AF44FEAA9
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13256262778419036","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4f8c529e-b48c-4147-9d8f-c3900f6e629c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5967
Entropy (8bit):	5.1803122657081815
Encrypted:	false
SSDEEP:	96:ngRF0Pp4WibmISVjIk0JCTRWL8MkB114ObOTctVuwn:ngRI4WASFC4TYLkBICb
MD5:	4DEC0E334029AC09517F9F6C7D1BEF10
SHA1:	3942F0A954F04562ABA72703BB45BC2726528A31
SHA-256:	ACA6FC1E256689E316BE7A1E324B2AD3035825FB9032CBDBB40A4CE3A509A313
SHA-512:	10BBAE238A3F6A27E45D4C46BA486F3178F896CAACA4B508521E7EF3C71496EDDF4B70D04F2203499D7F0D7308FEBC4924D609DE77C9F65B11FA507E026C3672
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13256262778419036","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\56d9fc6a-e8f3-441c-8f65-98dc89e5d5b5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5162
Entropy (8bit):	4.98086224656212
Encrypted:	false
SSDEEP:	96:ngrF8G4pSVbIk0JCTRWL8MkB11RbOTQVuwn:ngrd4pS5C4TYLkBh
MD5:	25F6A33C7AE2D0784D169D674FD226F3
SHA1:	1F3DDD5A4FB70791D532C7AA190A6DFF233F46DF
SHA-256:	71053E05BCC72A2F7B362809EA808AF800B2EBDD5122F8670CEE1C5DD8D200BF
SHA-512:	3C54E69A72A91325258D2DA8F84C0FB3FBF422FEE3171A37EE197C4FDBA90917A8963CBA6E93602F52EDD424D7AD41CAF2E8B9494FAA5AFBB20713E70AD2B462
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13256262778419036","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7302de00-9c6e-4b9a-adf1-843a7291d8a1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\845fcbde-0615-40a5-a17a-11be9d8a03ec.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1208
Entropy (8bit):	5.554936180321215
Encrypted:	false
SSDEEP:	24:Y/HU9B6H0UhHM4U9KokG1KUe9aUeC67wU98RUeIQ:YPU9B6UUhs4U9lDKUeAUeCkwU9gUeh
MD5:	7137A73C87EB279DBE9D224A50563C34
SHA1:	D71AE700020A94BCFFC64B73C47E04171999816B
SHA-256:	98DA906ED708177457757FAC775CEC081560C91E0F6BEDD0E58147B86296C3A8
SHA-512:	DA8C1F03A3342891E917EED97856B9A9A495AD2423AA289AB669DB95F3C96F11AC74A4B3C7BE5ABEC271D48B3CA4FC878F86DA981F6AAEE7D3FE1AA80FA7BD6B
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1643325203.56406,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789203.564063},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1643325203.026852,"host":"e0dnev3n5m4rUz3lgUGIx3llwf0kSf/EB+PPIf8u0SI=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789203.026857},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.743728},{"expiry":1633013040.850112,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477040.850115},{"expiry":1643325183.00982,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_o

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\89a2b4b8-8744-4d1a-b469-cd599255f02a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1040
Entropy (8bit):	5.562137525230158
Encrypted:	false
SSDEEP:	24:Y9eHU9Tx6H0UhHPkG1KUe9aUeC67wU98RUeIQ:YkU9t6UUhvDKUeAUeCkwU9gUeh
MD5:	7C11F01BE24E1A2FBE992E6596887B29
SHA1:	0AB94ED77866307216F6E5B7EE338DFDC75C323C
SHA-256:	6106881765AC6E7317163AE8C33A37D3D38980BCC8BA6EB31FBEAC66BF22D4CD
SHA-512:	75840A2ACD8286AADF93D848C28D3E0D865CEA932156D530B887C9BD583D8E42ED2AA01B44B660C7B9C7F91FDFA59F78A39849272C4A08F57D2F6A429D2906D7
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1643325191.78687,"host":"AVsuOZgBg0wdpKMoxm8zihjqET8kI4Xl8bCSMk28RsE=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789191.786874},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.743728},{"expiry":1633013040.850112,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477040.850115},{"expiry":1643325183.00982,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611789183.009823},{"expiry":1633013028.952627,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_o

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8a43084a-5b1a-4f82-a744-0c7659b27bab.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5864
Entropy (8bit):	5.176691292564345
Encrypted:	false
SSDEEP:	96:nglF0up4WibmISVqIk0JCTRWL8MkB11RbOTctVuwn:ngl94WASgC4TYLkBxb
MD5:	18D87FD9EF0F97E8552951F2C0F81EFE
SHA1:	3EDFC635D62F57B0936E4EE113459C125365F489
SHA-256:	5F89A39CBB37A4FFA4B07A1A7867C19665B0C4BE8C2846AB56F0830376F03D3A
SHA-512:	753974FA5090BF4633AA4B5BF29A392FA8E28A098B85353BCCCDA5F748B1E3345FB143DC7B16016124972BBF28B091E129FA4AF41EB8FAC319176D4949417140
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13256262778419036","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.217656834008338
Encrypted:	false
SSDEEP:	6:mZ+wq2P923iKKdK9RXXTZIFUtpKxZZmwPKVFkwO923iKKdK9RXX5LJ:a+wv45Kk7XT2FUtpKb/PKVF5L5Kk7XVJ
MD5:	F81BB772A8EEE278B45145CBAD4E593D
SHA1:	12F9975EFA149B67F9A6A294FF8246A516DCC017
SHA-256:	C795011B6BF2DE17ED2452E40A147B3CDCBA1C8A1F0A34AA7BF5780B079E4437
SHA-512:	45468D153B67436CF19E7714B3D66EC10D9B5E4E704FB0038FB85435422914BC5AFF88D7C293D509A8F09E8CECA1517CEF89C28233883D217D7504DF7A0347FD
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:19.002 6b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/01/27-15:13:19.069 6b4 Recovering log #3.2021/01/27-15:13:19.070 6b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.24333777384477
Encrypted:	false
SSDEEP:	6:mZSIq2P923iKKdKyDZIFUtpKBZmwPKbkwO923iKKdKyJLJ:aSIv45Kk02FUtpKB/PKb5L5KkWJ
MD5:	C25278336DEF06FCDC785EC6E9B029B2
SHA1:	4582585C9E7725552CBE1850388BD16FD6C1F813
SHA-256:	F1B437454540082ED610D009DBDFC748F95FBF91D41AE438F2ADE87BF2D031C4
SHA-512:	49F7131C8D8A068B96546E78185A574371AC762EB18C2DDF78CBA9BCA6A5A31A654EB40A8C8A381C562E8478F4694DBA9507DB9D916CCF415611227B5B70732C
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:18.843 6b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/01/27-15:13:18.844 6b4 Recovering log #3.2021/01/27-15:13:18.844 6b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\00add0752dc81105_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	60226
Entropy (8bit):	5.3032287145489985
Encrypted:	false
SSDEEP:	1536:P7OLiIheFoceBkUq6L0z4KjPJXzzZImtNAzLwRwJpkP5xYi1rMQtcDtdsYqO9rD8:V
MD5:	F3938E5EA0706E4C47C58A910FD73ABB
SHA1:	473AF273B0B240F5B7B3704289A3355E16385DDC
SHA-256:	EEBCED2089126131DD5A34B16921F615726665EE102BDB666FB9660C306B29EE
SHA-512:	0D0AF5FF7B7349688702CE9309C2EEAA2AFADAA8150256480E0A44615785F5B9C3714517862AC9282BA249C1F1E3D997F50EFF884A8E31D2E1EF23AD37B4ED93
Malicious:	false
Reputation:	low
Preview:	0\r..m......b...?@Is...._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meCore.min.js .https://microsoft.com/..Y6../..............R.............a..^...PxDE\|H.k)...xN..A..Eo.........w.........A..Eo................................'.......O.........C.....................l........................(S.H..`L.....L`......Q.`j.......MeControlDefine...Qc.Yx2....meCore.......`......M`......Qcz.......exports..$Qgf.......@mecontrol/web-inline.... Qf........@mecontrol/web-boot..(S.....Ia[...~.........A.........~....@......@......@......@......@......@......@......@......@......@......@......@......@......@......@...+..@.+.,..@.,.-..@.-./..@././..@./.3..@.3.?..@.?.A..@.A.B..@.B.D..@.D.D..@.D.D..@.D.F..@.F.J..@.J.J..@.K.Z..@.Z.]..@.].]..@.^.d..@.d.f..@.g.i..@.i.j..@.j.j..@.k.l..@.m.o..@.p.q..@.q.x..@.x.{..@.{.}..@.}....@.......@........@........@.......@.......@........@......@......@........@......@......@.......@........@.......@........@........@........@........@....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0464521381b40578_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	388
Entropy (8bit):	5.670317795855697
Encrypted:	false
SSDEEP:	6:mcgRYGLTDQyKfZ+OfojOW7kXWFRzhoHIQFY6EfsHAEMTy8KDgKtgw1N4PK6t:qDQLf+5KWFhhoH3F16XvTy8KDB1Nm
MD5:	647239795A52A10D4CB4EE45DD48829D
SHA1:	E1A2FF3B734A2425BBC330BA3F9DB0050209030B
SHA-256:	CE766317ABA2625140DDBCF7F3BC0F61EA22883C076185C2DE8BCC9E0B4D4A89
SHA-512:	12445E894BC84E6B87550BF0E0699DDD20E8B19D0FB3A177F8A92ED4AE963DA5FC4DB4ED375B12673BD7EC4623CAE366445B0989F39C11E730AB7F52AD9CDE87
Malicious:	false
Reputation:	low
Preview:	0\r..m...........#.K...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-6ade99/ff-dc7b13/2b-b6ab60/8a-91655a/28-8f59e1/71-4da314/58-f3fc85/c4-301a8f/e6-9d6ac7/1a-3fe6fe/cd-8ce651/f5-7e27a5?ver=2.0 .https://microsoft.com/n..7../....................T./K#.8...,L..../....T...Lq._v/m.A..Eo........ZQ.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\094e2d6bf2abec98_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	351
Entropy (8bit):	5.957299343036714
Encrypted:	false
SSDEEP:	6:m3VYyK08fNH1Dr3/gayL6/K6tFUw//ATBehRL+M8oKL6Z:aKjfNH1DZy88s2SR2
MD5:	2CDDC8171434434553BBE079B0823251
SHA1:	3C6A7B5AB299D52EAA132FBAF801EC9789E15AEC
SHA-256:	C6EB1F8165B549C74DC3BD1A238DD652D38493782EFE6A978D1F999531E01830
SHA-512:	A1D30FFB2F0A85C95431FC2F07E20F82CE384559B2AA8B2B9493887C0D28E3667A6BF92928C0C734748BFFB455C7FF6F4BD06DDD6297A45C1D0857F502795B7D
Malicious:	false
Reputation:	low
Preview:	0\r..m......W..........._keyhttps://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js .https://microsoft.com/.Y^3../.......................=.z-.7.K]..~..=..9......8...A..Eo......Y.w..........A..Eo...................Y^3../.`...201732EE23A431CA667EFAB5397F56DC925BC47017670F5DB5964415D6748205...=.z-.7.K]..~..=..9......8...A..Eo........24L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0ab0a6b6ec5e900e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	67544
Entropy (8bit):	5.6943399446315635
Encrypted:	false
SSDEEP:	768:q30b3MN4v2OOhb/Q4voiAUuKTE9YGNEicdyfbDBLKo3/nVjoHdgjEhVE:q30b+OO5Q4vo1UuoqEiBt/nBoHg
MD5:	479F2BE736B4CD7240BE591718173FC8
SHA1:	7204A1ECCED8F5D5C0C702CA3AD1ADB7EDC110E5
SHA-256:	3D23767BB31B7E30096580576D8F17FD87C849E1A656C5F28D55572FFC349C03
SHA-512:	E486B422ADC602CB437C4F7D038F76074AFB0D0E631D066A8C36887712FACD7B91C0C799AFB9E2DCD4BCB30E31293B1F261972313BE2C3EF95ED83B6ED339E8E
Malicious:	false
Reputation:	low
Preview:	0\r..m......@.....X....99E0905DB6D151C74B55DEF33CC0A15C99D2320D617BD7972CD2D36AD043E72A..............'.......O..........>............(...P...............................x...............................................t....................(S...Q...`\ .....A.L`.....(L`.....(S.....Ia..........Qe........getQueryValue...E.@.-......P...........https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=0502864a-b6ef-2f14-9f8e-267004d3a4e0_c5ea3348-55af-729a-2641-14f0312bacf3_742bd11f-3d7c-9955-3df5-f02b66689699_cb9d43d2-fbae-5b5c-827f-72166d6b87fc_49488e0d-6ae2-5101-c995-f4d56443b1d8_7dea7b90-4334-c043-b252-9f132d19ee19_38aa9ffb-ddb5-75be-6536-a58628f435f5_e3e65a0a-c133-43e7-571d-2293e03f85e6_4ca0e9dc-a4de-17ba-f0de-d1d346cb99e2_06310cd8-41c6-3b11-4645-b4884789ed70_5c27e8aa-9347-969e-39ac-37a4de428a8d_d6872b5a-5310-a73c-7cb3-227a3213a1c5_be92d794-4118-193f-9871-58b72092a5ac_64c742e2-b29c-b6c1-fdd9-accf33ec40bd_cf2ceca9-3467-a5b3-d095-68958eee6d4c_cec39dd8-f1d3-56f1-abfc-a7db34ff7b46_ec5fa2c9-

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\11a58c3d643cb456_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	588
Entropy (8bit):	5.510855686535991
Encrypted:	false
SSDEEP:	12:ZQ0DQLf+5KWFhhz59K7uCOXXc8HNC1Ngw9jMuwLmzlKDUDVxPXOGHw:ZQ0j5Fh31COXXc8tCrMu0mzQCZHw
MD5:	6BB20463560128F9CD41CA8E4CDDADF3
SHA1:	44F92FFAA46BD7EE5E9EBCFDB4973F9499BF36BA
SHA-256:	5CCBBC854CBFF85F2308D100BA93938116362CE3EC09B4A8E21D127C7B3A550F
SHA-512:	A8E60A0CB30D4896CAD45D38CA61CB37AA453E50D51947753F23619422DDDCA6C3FD5CDC35039318FFA0C4000AD9C954D580B9472B917CD75F1353964BD8C53F
Malicious:	false
Reputation:	low
Preview:	0\r..m.............'...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/c9-7b8600/2f-63ce8f/45-f9a0d4/aa-dc1460/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/91-97a04f/1f-100dea/33-abe4df/50-f1e180/e3-082b89?ver=2.0 .https://microsoft.com/.%.7../....................m.B.;M...l..O...q...tE).<..9.S.A..Eo......W..f.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\145375f6fd9456d5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	406
Entropy (8bit):	5.497882607279989
Encrypted:	false
SSDEEP:	12:czDFbKQvuLesKlITsMqTeq1rKDMdkkALjl7:czhHEesthqTH1rK51
MD5:	64085451A9F0FC37E231AE6AB92CF990
SHA1:	334B6301257869C6623EF7DC0EC6D56A3B1818DF
SHA-256:	00709B62F7C63723CB4694A53A8CF6F1974666C1C5F8FB964BCBB4816A7CE539
SHA-512:	46C0D6286300932EB808A5B67DD45BF8F1D2005941F2E2824E9F9EFBB416D3E9D8C23B1CB616B842683FB84CCD633B1F9A1C6F939E14B8853F2CE686ADCBE5E8
Malicious:	false
Reputation:	low
Preview:	0\r..m..........?......._keyhttps://www.microsoft.com/mwf/js/MWF_20201028_28422223/alert/autosuggest/contentplacement/contentplacementitem/flipper/flyout/glyph/heading/hero/heroitem/hyperlinkgroup/image/list/pagebehaviors/singleslidecarousel/skiptomain/social?apiVersion=1.0 .https://microsoft.com/d.t4../..............L........(.I/............M....1..Q....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\166ee82c52b87e97_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	220
Entropy (8bit):	5.4731201081002165
Encrypted:	false
SSDEEP:	3:m+lkLI6v8RzYmfksCVbKEfQXtkMEOZuFvDFYtRRW3u/lHCetxyZ9aPjGWTh/z4m3:mY6EYmcRR3/wZdDw3ugki96VrrnK6t
MD5:	C1BB933E59252821B4E20E2A53805F45
SHA1:	E51062E64ABF88680C52975BDBFA9424FD62F37F
SHA-256:	2A6A3FE6FA4661DA4DDC4546F6DBECDC97A39ACE165D72F8E53A05989E0D19EE
SHA-512:	FD56605AEF377AE0BB7FE0371E550B1BC8E7F8DC375FB870A62AF5E3938E299C8AAB51CA0497F62F1304CCC657A67ED17D372C26D9527501A77F491BB3071B83
Malicious:	false
Reputation:	low
Preview:	0\r..m......X...\n......_keyhttps://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js .https://microsoft.com/4..7../.............R............(..A=Z....F...1/.k....s6...A..Eo......5.\|6.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\176d14383a4cd8c3_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	276760
Entropy (8bit):	5.580738145286169
Encrypted:	false
SSDEEP:	3072:w7j3dVkwZBu+1Io+qJSAhn01Oilfa/yHE/cE9jTjB5wHxCDgjtoML6QAxKsFZWMN:wn3Ia7hHV01lpCUjtoM2/xJZh
MD5:	95B4C9DCB7E65F702A718F69763D892A
SHA1:	28F9617375509BF56C7BA9CC7028CE81AFC821A9
SHA-256:	E02ED12F600542343340FF0463CF51F35046D76B2DB47907A3D047774418C5F8
SHA-512:	3287FFE61BD75B0A4B842CFB3522B0D09612334C1C26CF51BB07C23AA9BE0F7005994A6EFCD9FCD83A034096F0D3C2D7BC3B30429CE540410C40750E297767EB
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....7HQ....486518D5B82770993DFFEEEEB98DE43319CBCFC53430E57D8A0A4ECBA9C78884..............'.tT....OP....7..U.@$................\....%..................................(...................4...........H...,...........H...........d...............\|...........L...L...............$.......$...`...,... ...\|.......................\|...............$...............p...............p.......P.......(...........$.......\|...8...\|....................(S.`..`\|....$L`......L`......Qd........WcpConsent...(S...`.....LL`"....@Rc..................Qb.C.....e......M....S.b$...........I`........a....F....(S...`......L`......Qc.y`A....exports..$..a.........C..Qb........l...H..!....a...........Qb.i.....call......K`....D}8...............&.%.......&.%...&.(......&.}...&.%./...%.0...'....&.%...&.(...&.(...&.(...&...&.'..W.....-...(........,Rc................`....Da\...T...........e......... P.........@....@.-....HP.......:...https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js..a........D`....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\22fb0e1969c285c1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.424911131460187
Encrypted:	false
SSDEEP:	6:mCVCVYv0iffhQ3fvElHgD8x/pK4UthK6t:VVuAavMO
MD5:	8C30BD4318717DC2A02A9082035A9A55
SHA1:	FBAC0DF9A82432ECAA24B2FC6614C8E26A21F9AD
SHA-256:	D27410FD44F7BCFCCCAA06174FFC047B01F42BFFB7805B86448791B3F2E75132
SHA-512:	723D11B0B16D85FCF285389898FDEBF3BFF6D050587B535BBC1BA7555AB7F83F4B08FC2681243326D699420AD1DC6A45BD6FB5DB983152A6A1905324AE6B7263
Malicious:	false
Reputation:	low
Preview:	0\r..m......R....p.3...._keyhttps://lptag.liveperson.net/tag/tag.js?site=60270350 .https://liveperson.net/.~.4../..............R.........5+.o....D.o.p..3lm...\....x.A..Eo.........3.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e8df38f3f8fb595_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.6242229211610155
Encrypted:	false
SSDEEP:	6:mKxVYcBB8LjFke/BDWDQICW0ZSVC2Zc8Rzv45/9ugEutt44GDK6t:1InN/hWDxCxqC2i8Rzv0/w
MD5:	25DAF424082AE12714554469548DE49D
SHA1:	79E1B4F640F7B862575EFAE8EEF02D633095B2F6
SHA-256:	D56BE29AAD3B003E923B1DFD81C79CFEDA8963333CB610579071B599DA2EA1E9
SHA-512:	D8E3E19866312D2516FDE3F78F2118B7352EC926EA76EDBFD2AB9E04D7FDF48B03552DF009ED821EFA89F4AC13CEFA22EAD663114ACE98F7F632B5C9A7E6A231
Malicious:	false
Reputation:	low
Preview:	0\r..m...........R......_keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb22348x90494 .https://liveperson.net/..d6../.............sU..........'.O=..g6^\|......p...\|.EkH...A..Eo........,'.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\309184ad59030aa2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.529960231457314
Encrypted:	false
SSDEEP:	6:mORUYbLjFCsWLqLUqxYy6cUqmvQFgurAXhK6t:Zbn3WOAvQK
MD5:	A90C1FA1E8006CB377531C4AE3D01FC2
SHA1:	C6B1523C69B3BD34362172EB42511CD496F25B6D
SHA-256:	5FFD19077F84A044D285CEE00A9290C81275A5EDEC5E40756C5DD86A2EFCEC16
SHA-512:	5C54E6B64474FB57FD9E2F174BBBD0BE06117406F678E1F1C10DF2A154FFCFD693096D20F05EE6BEFDEB863C821058AE0AA35FF4ABD9E9832863F491FC6BC381
Malicious:	false
Reputation:	low
Preview:	0\r..m......}.....4....._keyhttps://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/overlay.js?_v=3.43.0.1-release_5028 .https://liveperson.net/...6../.............r.......E.J2'.+...... %..(......h6G.qx..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\330c4816a9e28618_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.613954825669396
Encrypted:	false
SSDEEP:	6:mKWYcBB8LjFke/BDWDQICW0ZSVCidIfv8bKFgY8TzbWpqlLK4uK6t:pnN/hWDxCxqC+Ifv8W6b7lLk
MD5:	E0925A6B996311BEBDCFA8927A7EC5D7
SHA1:	EAD8DAFB15E4A90FB6784CC015778F0A48DB2118
SHA-256:	14411ED560982E2576BC5ED9A6787538E843E50936E4C2BB2B811B4AB280B66E
SHA-512:	206976DFE5B9BFBD4A648B01BC93203611BC35C05B68AB04845A3DD475910876BD794BD5B4CE95D0D8A297C01CEC11858FF1247A7C14E19BF39142FF971388F5
Malicious:	false
Reputation:	low
Preview:	0\r..m..........Xn......_keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb32138x21787 .https://liveperson.net/{..6../.............ls......\..[]..........t^.k..U.5.W[....A..Eo......J...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\359022573035c25f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.375007359237815
Encrypted:	false
SSDEEP:	12:3yLDFbKr08xEjsKlITP2RTzgoz3PZ1rKDWeA0oM:Ghs0yMstb2RTb3PZ1rKPd
MD5:	8D473E5613B19340B52BED7D15EB128F
SHA1:	78C011A1762E72DC1F13E26E60E2C4767F6A460B
SHA-256:	B0E4F34DE2F6AA32458DC1F25054182F90BEB4C0C32C3217A8EAF1955D889FE9
SHA-512:	AE1DCE3E32BF7B31F3E4D1F6B7FBA3A68ACE97A82CAD38F6615DB770B792F3C15DC46277F95ECBC1B8338A0AF078CF46C9AB7DCD6EDB5C50D3110209B2E93DED
Malicious:	false
Reputation:	low
Preview:	0\r..m......x......G...._keyhttps://www.microsoft.com/mwf/js/MWF_20201028_28422223/actiontoggle/alert/ambientvideo/areaheading/autosuggest/button/contentplacement/contentplacementitem/dialog/divider/drawer/glyph/heading/hero/heroitem/hyperlinkgroup/image/imageintro/list/mosaicplacement/multislidecarousel/pagebehaviors/productplacement/rating/skiptomain/social?apiVersion=1.0 .https://microsoft.com/...7../.......................Te..t....d9.....@...F.....$.+.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b99dc3d3bc104fb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	238
Entropy (8bit):	5.4220552955764845
Encrypted:	false
SSDEEP:	6:moinYkhcV5IT6Rsbm59LPWNvKgiV90bjPntWZK6t:EEpRs0uNvKge9yjFWT
MD5:	7AAD3004962043B42364864E14299663
SHA1:	E229B4A817E1CBEA8889D18AA14EF7896E822132
SHA-256:	A98A14739DDE23CE45EE1E2DA271578C9AAFDB0834732695A6B14D921F2B6067
SHA-512:	BA209AF5CD86A2B05A526FBF08C673050A48CDE59D017D42B43505DC5E572D5A839F368F3ADBF666643A334B1CB572B34F44D93C857665C41B0F6C6ED302CD8E
Malicious:	false
Reputation:	low
Preview:	0\r..m......j...~.F....._keyhttps://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.js .https://liveperson.net//.c6../.............iU.......j\.!.&.....I....B..m..(..w.G!..A..Eo........E..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\431ab35fa84a13dd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.562449946790424
Encrypted:	false
SSDEEP:	12:H/pDQLf+5KWFhhBoKRtCOXXc8HNC1Ngw9jMuwLmzlKDl1lD0clN:fpj5FhHhtCOXXc8tCrMu0mzQdN
MD5:	1BAF6E92352AED2C9B0C2C8CE1C4D1EA
SHA1:	7203C1AF9F9DF9F8D6BEEBE38EA388B7AA1D11CF
SHA-256:	CFB7C176AAD3CD424CEAFEDE5D700C18FE56F436AD46CE19A9EBBF89CCB9A52A
SHA-512:	C2F137B4DEB81B457B42CC9CF50FCD4355150BBD0F06D719CE5EA1EFFC96883C3F98CE949D9F4F176593CA78682988D79C8D952773D8A26C3EDBE9E51AFDC000
Malicious:	false
Reputation:	low
Preview:	0\r..m.................._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/2f-63ce8f/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/91-97a04f/1f-100dea/33-abe4df/50-f1e180/e3-082b89?ver=2.0 .https://microsoft.com/LB.7../.....................!.K.R..{S*^...5._b.nY\|o........A..Eo........gx.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\43fb384703621b6c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	293
Entropy (8bit):	5.557147519807105
Encrypted:	false
SSDEEP:	6:mSwu9Yv0JA/BDWDQICEPqwBf50RrvjyHg2eK5lvepnjbK6t:Uiu/hWDxCEbBx0RrvjcRvepjN
MD5:	AE80DC4739C863994468042E77A76C71
SHA1:	E8DEB7065DC08A5788DB3AA75B43F332ED23A783
SHA-256:	256EA50B8DC59340F43E0245071DBAA90C1887603CCCF995A1CBD14523ABDF1D
SHA-512:	B5C5BB6FA92F5EB3372E2455AD0A800ADD2631A3511E7CE065F091A361CA539345C572D6BC60367B37AFC977176D113195D5CCA1DA00A71913DEAE29525D7085
Malicious:	false
Reputation:	low
Preview:	0\r..m..........H^.?...._keyhttps://lptag.liveperson.net/lptag/api/account/60270350/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=store-sales-de-ch&b=1 .https://liveperson.net/.oZ6../..............S.........6W.....\Oy.se...Ml.1@;....A..Eo......v............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\462d64d34aad30da_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.558853066651307
Encrypted:	false
SSDEEP:	6:mUv/gEYL8uCKxwVOW8mLD2DIgFnGPfAtm4r+MJhK6t:/vI7rbwVcmLD2DBnYfABJ7
MD5:	AA70A9618DE9E0C5020CA20D1B2C83C6
SHA1:	FDFC3BD96C3485839CC961C7F659AB55DAFFF2E7
SHA-256:	FB32D392BE4390BCD129E8BB997AA8F7F320918FEE455A5236D30FE72E577F1A
SHA-512:	50312D5E8533629C96372E19026EA164AEF6895328490ED1B937702C6BA969A599926EFD68D242368D52979240A8B6F7F654FF46E1CE069A20167191E7EAC82E
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.........._keyhttps://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1 .https://microsoft.com/...7../............. ..........y.o.W.*.5...=.......+..v.....A..Eo.......g..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ac2f448771ab57b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.554854438222852
Encrypted:	false
SSDEEP:	6:mCVYL8uCKxwVOdD2DeCS+Hgz5df/CxJWom4XK6t:irbwVgD2DeUAfyWHq
MD5:	E1A6CF72F82B42191D57383AA290C9C8
SHA1:	3405C2BE18D362F1856F7C19C71C7A3113D41EE3
SHA-256:	74A5D2618882E6758DE76F0B9AE1FFE97B0F6C50F2D3667023FC2E615AF97F89
SHA-512:	19A3D879C4CFB1634F5BC8CB589F1AA67EEE5ADAA7DA75A9F10BA29D291899889D9C9BCDDE5A60F8ED83FC5F2021E6D4874653ECA0F01FC88A7317C768AC77B8
Malicious:	false
Reputation:	low
Preview:	0\r..m......b....f.;...._keyhttps://mem.gfx.ms/meversion?partner=OfficeProducts&market=de-ch&uhf=1 .https://microsoft.com/...7../........................d..,...........cP..Tl....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\50030ae951750ff1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.630070201644899
Encrypted:	false
SSDEEP:	6:mOWVYbLjFCsWLqLUqxzZUqmvMFgsn/Hbc25fhm4spK6t:e0n3WOGvMJn/HI2VkPj
MD5:	D74FE6CE2393DAA008371042ACB783C9
SHA1:	93832EB71D8299A19CE0621C5C7EDF0B45038B6B
SHA-256:	15603D0BA20B6C9FC10D7A198512C3EBFC326F0BECE592D46FC239CF70EAC5B9
SHA-512:	E400A4C8C1664E8793641D69EF937C9BDEEB021E6AA18BCD134AC3FDF3D584A2DC6C73A2D837E2A0C468BF08FB33A4698E81CAC330F7972D3CDE565850EA0F21
Malicious:	false
Reputation:	low
Preview:	0\r..m......}....~......_keyhttps://lpcdn.lpsnmedia.net/le_re/3.43.0.1-release_5028/jsv2/UISuite.js?_v=3.43.0.1-release_5028 .https://liveperson.net/..6../..............r......\P..yV..L....8I.0%.U.1..T.....y.A..Eo......z[.t.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\547db41b413d52f1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.592946342827746
Encrypted:	false
SSDEEP:	6:mXYGLTDQyKfZ+OsFRzh+UXVZOfzKDqTVogOZV+kqK962Sm4vBK6t:yDQLsFhh+UF+KDqTkZV+k596jmSb
MD5:	B79FCC11E032F4729CEFEB3F837AC2E7
SHA1:	71F60787249EAF383311E5B31B861800A97FB92D
SHA-256:	B8B0ACA605F8B0FB46D36648D24BFB4FB9082DA5BF6ABBCD8D0FCDDC07C54F7D
SHA-512:	17D288D23A34CB498A7C58A33BBEC6F0ACED28ED7B7135FA71EC402CAE6840324E40E8A7F69E9F44400C7F777D45395C4BADF42F532DE6643EBAC41306E1499E
Malicious:	false
Reputation:	low
Preview:	0\r..m................._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/78-6f121b/94-3cd1e0?ver=2.0 .https://microsoft.com/.6t4../.............L.......!.$\|p6.g..OG."A....-.o.d.3).....A..Eo......0J...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\560eb50eaa655bc7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19402
Entropy (8bit):	5.994618559573055
Encrypted:	false
SSDEEP:	192:CMV0toMvMldEAVeyr6JM2roacbJvie80nZ4ODzF1JbsgByxNyE+IgS38qO/MKzrM:CMJMvkfr6HVcbJvL8KlGCEj8qKva1N
MD5:	4D10780E077385F78836E1D9C78DEB6B
SHA1:	F941051B7FEBBFD3F68DDCAC9BD6EE574DE0B62B
SHA-256:	D9CF35DD677881B378B1A785E9D9F8C8B67AD134DC04C8BB3D86FE6E5A615084
SHA-512:	D88CA70355C4E56CBB52D1D643F4D36B5B1822AEFFC0F82A2BEABA2DA090514F84340F7922259252E09D9C85CABAD388341DC6F7A933DC5D28A0012578F4CF33
Malicious:	false
Reputation:	low
Preview:	0\r..m..........E......._keyhttps://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1 .https://microsoft.com/.e94../.............<.........#g,b.v.U..c`.^...h.......A..Eo.......h...........A..Eo................................'.......O.....H..................(........................................(S.0..`......L`.....(S....`.......L`.....LRc".................Qd2......requirejs.....Qc..;j....require...Q.@...A....define....Q.P."D.....__extends...d....................I`....Da.........(S...`......L`>.....Rcf..........*.....Qb...8....n.....Qb.......r.....Qb........s..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5775d7ea69d43f30_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.621802329731387
Encrypted:	false
SSDEEP:	6:mE9YGLTDQyKfZ+OsFRzh9FNTHKD+3ug7J/whmZDG9kAWK6t:nxDQLsFhh9FNTHKDe/Yh++k/
MD5:	C23D0862247FAA23511A9FC73D98A08D
SHA1:	2D8A1D1C5178164CB00CD30CBB2313D2123E7481
SHA-256:	D607069691E3D2B0B06BDA5CA38385DD633C2B3916B56411008DED9BB0DAC342
SHA-512:	D0F930313787849EC5C122AE9BF34E1E74A1AED4B68B3241FA2F221194BBA964193B4CE1A96367C06863ADA2EB4A0236E32C02BEA5445D32246C8357721177D9
Malicious:	false
Reputation:	low
Preview:	0\r..m..........;.M...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/b7-5b4bf5/a4-539297?ver=2.0 .https://microsoft.com/.5t4../.............L...........6,.#.w..s.....BF...h...A..Eo.......hl..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5a0d44391b90ff78_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	17753
Entropy (8bit):	5.646235805335924
Encrypted:	false
SSDEEP:	384:8pcXKqU0v2YuNgvHpvMUGhlcI1BHjX3IWY:9S2uNgvH5MtlcoX4
MD5:	9336C017FA6921F15CBA31975CFE3100
SHA1:	D9345DAB7CA6AB3075A2053B0CAC6AB9A3771BBB
SHA-256:	FEBA27695E06D51DCBAAE328FC08587ABC4996D7F67A7CE468D62434290D0E9C
SHA-512:	6F5ECCF0877374ABFEE99B31219817C18D3F29AC3F074B4626BCE2EA758612B648827C54D036A3360D9C41F73A8C74ABB81F2B0754A925DCB61AAA7D719454ED
Malicious:	false
Reputation:	low
Preview:	0\r..m......i...)2F,...._keyhttps://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.js .https://live.com/..l6../.............xX........i~....F.-d......xN..^......A..Eo......Fb...........A..Eo................................'..C....O.....C..........................................................(S.....`.......L`......L`F....(S.<.`2.....L`....I..K`....Di..............%.......g.....g......g.....(Rc..................Qb.)......_iY.`....Da....h.......b.........B...@.-....`P.q.....R...https://logincdn.msauth.net/16.000/content/js/MeControl_cfDm2fEwfL1YuSiw8j6tzA2.js..a........D`....D`....D`.....)....`....&...&..A,&.(S.....Ia@...X.....QbR.rC...._Du.E..A/d....................&.(S...Iad.........Qb..Q....._Bd.E.d....................&.(S...Ia..........Qb.!+d...._BD.E.d....................&.(S...Ia..........Qb.%tT...._E..E.d....................&.(S...Ia..........Qb......._BE.E.d....................&...(S...Ia!...9.....Qdf.vX....strOrDefaultE.d....................&.(S

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5ce38a7727ba7508_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	572
Entropy (8bit):	5.4402970432471305
Encrypted:	false
SSDEEP:	12:PjDQLsFhhBoK7uCOXXc8HNC1Ngw9jMuwLmzlKDK7tY94p:L/hHKCOXXc8tCrMu0mzQW7tYC
MD5:	826B07D39EFFE49E89DF14E37A98A3AE
SHA1:	B70BC8EBB5400E0A16C939E68348827E8931F9B8
SHA-256:	D3664949569953E8370F7D21433C7889438FF3E3057BC9372D79A946677C468C
SHA-512:	72FCD978F1ED1DB8AEE6639906C46D76B5237DEC01C88FD5AD900F9EAF1A1461F7A5214A28861ACDEEC1C63DAAFBE58332451EC4A55A43A1D461ABE1924B336F
Malicious:	false
Reputation:	low
Preview:	0\r..m..........,..k...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/2f-63ce8f/45-f9a0d4/aa-dc1460/2d-7a9063/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/f8-73a5f2/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/91-97a04f/1f-100dea/33-abe4df/50-f1e180/e3-082b89?ver=2.0 .https://microsoft.com/..s4../.............L.......&.... .8....=.9.!.H..}r.A...A..Eo........,..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5db4ad138a5b020e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	343
Entropy (8bit):	5.608286400395492
Encrypted:	false
SSDEEP:	6:m/HnYbLjFCMufXA8rlN7dJMz0sphQNp4XI2UMtvQ6gD/eokTQquPLrt7K6t:oqnfUxPSf/CHMtvQxtXn
MD5:	410C867FA91B74B0FF3AB04F47B99AEA
SHA1:	982A3B0E230D8BD914E29C3646C42943649C9EB9
SHA-256:	DB722BB7A829A1A5BD1EC6FA6BC32F0DF98701D626626811054CA80721609209
SHA-512:	4FD68547F06C4E66695B4B58200FA871160A3BBED74C122720C8D23D6C727C9C478CEFE063299F18E9F54AF5630757D94898F048E61654FF6B320D829BAD350C
Malicious:	false
Reputation:	low
Preview:	0\r..m..........{Z......_keyhttps://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.js?loc=https%3A%2F%2Fpublisher.liveperson.net&site=60270350&force=1&env=prod&isCrossDomain=true .https://liveperson.net/.6../.............g.......Lju.~.T...h.....O....l.,_k4\|B.A..Eo........rf.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\67ff2080fc2646fa_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	454
Entropy (8bit):	5.385009983096037
Encrypted:	false
SSDEEP:	6:mKIqYGLTDFbDH2QshaBokqPSuwykNWXeFODOtyIgoGV17vKD5ghcW8ovP4SK6t:CCDFbKQLEPjTxTjoc1rKDFVoHL
MD5:	1351BDB886392D5D5E443AFBA6BF9D2D
SHA1:	5960DCA9085C8FE37C2840EC29436B87C89FD058
SHA-256:	BCEEC73037125D30CCFF8925C19672F6287E00344289D01EB955E016EF369745
SHA-512:	3AD2AA6FCB8B8583C08310B7B146B08B9D8BB87E9CBE524B8574D1AF1C86CF87294F8CFBBBF85D5D1B73180F8BA2952BADCF79F7DC7F643E6B52B31D4CB487A8
Malicious:	false
Reputation:	low
Preview:	0\r..m......B....u.q...._keyhttps://www.microsoft.com/mwf/js/MWF_20201028_28422223/alert/ambientvideo/autosuggest/button/calltoaction/dialog/divider/feature/glyph/heading/hero/heroitem/hyperlinkgroup/image/imageintro/list/logo/mosaic/mosaicplacement/multislidecarousel/pagebehaviors/rating/skiptomain/social?apiVersion=1.0 .https://microsoft.com/.V.7../.......................\..Wp....9.ad..q...fJ.....A..Eo.......qy..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6aa8f657d25858ac_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19409
Entropy (8bit):	5.995987009455948
Encrypted:	false
SSDEEP:	192:cMCkUCM3MldYlVeyE6JM2roacbJvie80nZ4ODzF1JXcZ8q+iyyTEIqSN8qO/MKzt:cMdVM3k8E6HVcbJvL8Klm5TF8qKva1BE
MD5:	96F72179DDA68581F213AD0F4F12E331
SHA1:	1E38B586C20F51D3B8C144381350C6E096A3C2D6
SHA-256:	4DCC1CACCBF6680750931DEC40CBDEC0F3F038B31E1DF0ACDB2B48D655D679FA
SHA-512:	7257C5646C39621F6AF2FFB2587D4E0310BB6BA6868B4194F6685674177BDAF497CEBB15C3AF9DFD40FDF6F80265A1BA44AE511889241B0CC1A4748DBC26BF12
Malicious:	false
Reputation:	low
Preview:	0\r..m..........m......_keyhttps://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1 .https://microsoft.com/u..2../.....................YP].4.=...K..........;.=p...<..A..Eo......-?;V.........A..Eo................................'.......O.....H....,.............(........................................(S.0..`......L`.....(S....`.......L`.....LRc".................Qd.=6o....requirejs.....Qch......require...Q.@2.B.....define....Q.PjH$g....__extends...d....................I`....Da.........(S...`......L`>.....Rcf...............QbN.......n.....Qb.......r.....Qb.0p\|....s...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b848a87f40dd230_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.547653749397808
Encrypted:	false
SSDEEP:	3:m+lvw6v8RzYDCIWAcBIsWGkRUJG27zTT/oKQk/lHCAcSNh6cnD4/MmvklltlpK5M:mewXYWFW7RPAvQkgaNh6AqnM/ZK6t
MD5:	BF96B00B05C1A946695C1AD2D2B91847
SHA1:	A71C04340297722634E9622731F830B686ED9041
SHA-256:	4FBE34B944312F5C0F923947BEAABC23DCCF194A26696776528B4C5E47CE5BDF
SHA-512:	91DF453DC0EDD51DA2B484912F7E40913F5E0D1507C4D1AEA84C90CD3DA7421815DD38BD4FDE8D9E53DD7FDD34F261F5E4EADA8653D7BD0853ADD37919BB78BD
Malicious:	false
Reputation:	low
Preview:	0\r..m......M....ZcW...._keyhttps://az725175.vo.msecnd.net/scripts/jsll-4.js .https://liveperson.net/...4../.............%O......:....XJ.2.x.b....K .ZQ...Cj..T...A..Eo......$............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\72090e93af2b3d0c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	5.636440182706871
Encrypted:	false
SSDEEP:	6:mjlXYcBB8LjFke/BDWDQIC8mx1SBfxVYXrNvcKFg00zhnvlbK6t:ICnN/hWDxC8mxHv7K5T
MD5:	110434261E265F797B91481704E28C46
SHA1:	B7DEA90EDF8263E72E8079A6F912384E3529DDB1
SHA-256:	976A9C7D9BEDCC7875908070ABD05807EC5A4C1EA422DD5B44CD9BD8FE3C9697
SHA-512:	92596A4A926A44DD833DF5279C69B42093A3B8078AA4D5CFAC341A661C0B42F35E55F5EEF9F2CD9169F0F44F08E7385985B6BA63F75C52A7F953115D9119E853
Malicious:	false
Reputation:	low
Preview:	0\r..m..........".C....._keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB .https://liveperson.net/..e6../.............U......@...u.RV.%.b...k..,V......... ..A..Eo.........W.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\73b12b162f1cf8a7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	53562
Entropy (8bit):	5.962619946456748
Encrypted:	false
SSDEEP:	768:Dk8LoFNdMzjwhsQdGQPNQdGQPyQdGQPHQdGQPXQdGQPJVLvL/iyuL/mWhf:Y9FHMzjwhsWlWqWfWvWhVLvL/iyuLDx
MD5:	732C48D049B3842F0468CAC3311AD60E
SHA1:	047DE1FE5F2AEAC03E6C522C7358743183524DDE
SHA-256:	5023E666E592E4B6754FF92573F31A49C735C61C0B615413184678068DE00E4D
SHA-512:	C24B76D87133D643C34A979E650B04A55B3E8D6FC10111DEEF591EE4FB1BD6AFAF4196A1A25BB5C2AA1E376551CA1FFF40F5576BDEADAD26245A7487C9CAA7B6
Malicious:	false
Reputation:	low
Preview:	0\r..m......b..........._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20321.2/de-DE/meBoot.min.js .https://microsoft.com/.i.4../.............N........^.i8.....C>.fk..;.%.M";.`y..L..A..Eo........+Q.........A..Eo................................'.;[....O..........w.............L...........P............................(S.H..`L.....L`......Q.`j.......MeControlDefine...Qc..Hz....meBoot.......`......M`......Qcz.......exports..$Qgf.......@mecontrol/web-inline....(S.....IaE....x..........17....L...fj..@......@......@......@......@......@......@......@......@......@......@......@......@...(..@.)...@....@..,..@.,.,..@.,.0..@.0.;..@.;.=..@.=.>..@.>.>..@.>.@..@.@.@..@.@.@..@.A.B..@.B.C..@.C.D..@.E.G..@.G.I..@.J.J..@.L.L..@.L.`..@.`.l..@.l.m..@.m.p..@.p.r..@.r.t..@.t.{..@.{.\|..@.}.~..@.~.~..@.~....@........@.......@......@.......@.......@.......@.......@........@........@........@.......@.......@.......@.......@........@.......@.......@........@.......@........@........@........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\778b8f5c60850b23_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.479271490460878
Encrypted:	false
SSDEEP:	6:mWnYL8vc7ZMTVLx1DAZglJu/nv6/ZK6t:Ly0c7ZMlDh6yr
MD5:	C18F247EC80A6CB62517DDF7A2152801
SHA1:	D316BEE2CC5097EDE53922442D394E6C55587222
SHA-256:	7E9FAC2026D687C30BDAA9FED3962A79B4BCF0A11B12B57664129B595BFDE430
SHA-512:	D87393ED99791228848C64828C1AAAFC5B7621FFAEAA6366796436C3B73116A5931F558C40DC37FC1E0115E9FFCA4A8A53B407A335F22F62743BF8F009433112
Malicious:	false
Reputation:	low
Preview:	0\r..m......b......9...._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meCore.min.js .https://microsoft.com/%1.7../.....................&..R.N.M.n..._<3.v....tj..#q:...A..Eo......k.A..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\781980b07f1bb38f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8256
Entropy (8bit):	5.485214789522702
Encrypted:	false
SSDEEP:	96:FWxKw3VfWabK5G8OhCMTyiwddWPgnseX2U1lXyljWGztUZfxBSovn/r4oJ06b/:Yxf3VesK5GUiyZWQXLClxRUZXSET4Q
MD5:	D2AFB8A45039B912A403F579815B8DDB
SHA1:	F71A52D4FA01EAD7E2464A1C20D92A026017BDC4
SHA-256:	2FB1C72CECB726490DB061D6F5AA8FF6C57E2D4799061DBD8E8288F1D1A83952
SHA-512:	2B6925681820E23B74C73AC24B6536B1F97B9E17F58B945DDA018152FADA132C643D2CB9CCC5BB0FF61F948F2EDBE128FA244B7F3FEA74DC807FA5400159E87A
Malicious:	false
Reputation:	low
Preview:	0\r..m......x...0.v....._keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=1a053411-4f63-d069-d3b8-11d5d720eeb4 .https://microsoft.com/...3../....................5...a.....S...s5.O..8O....F$.\|3F.A..Eo........"..........A..Eo................................'.......O.................................................(S....`x....dL`.......L`.....(S.....Ia&...m....,QiZ.`.....ShowSelectedComponentKeyPress...E.@.-....hP.......\...https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=1a053411-4f63-d069-d3b8-11d5d720eeb4a........D`....D`....D`..........`>...&...&....&.(S...Ia..........Qe2;.W....ShowHighLight...E..A.d....................&.(S...Ia....(....,Qi.._. ...SetRightSideNavigationMenuHeightE.d....)...............&.(S...IaI...M....$Qg.......SetRightSideHeaderHeightE.d....!...............&.(S.....Iak........ ..f........................u....$Qg.~-.....ShowSelectedComponent...E.d.....................D&.(S...Ia....9......d.......................e...........-....-.........Qd.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f3c2e2c260a7099_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.809416873771398
Encrypted:	false
SSDEEP:	6:mXYI4McTDsJegD9v/gE1TrlEntbK6tt3vKSSSj3AgRj1iTMHVTrlE:e+TDsYgD1N13qrDvJSSj1RhEM13
MD5:	51121A55A3BCE2FBCBC9F4D6E527B8EC
SHA1:	14C5D2B8ABDEDBA002DB7E07351577FDF0D010C7
SHA-256:	3FC0D22E9E905EC39F4DF28240D9DCF8E08D44952A2C06382981D1957A27F302
SHA-512:	8281005CE098639195947AB9C7B883D9CBAE806A8C2D960F655AEF1E1F6CA21A6BA40AC24239DFD732461A5AF7F9A65D7C37AACFCC7A1EE36ECF97DCF5F5817C
Malicious:	false
Reputation:	low
Preview:	0\r..m......V...\|.L\...._keyhttps://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js .https://microsoft.com/2-.2../.........................<.S....l....\.W.U\..E?`..r.A..Eo........M..........A..Eo..................2-.2../.p8..486518D5B82770993DFFEEEEB98DE43319CBCFC53430E57D8A0A4ECBA9C78884....<.S....l....\.W.U\..E?`..r.A..Eo.......(..L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9299ed2c4c7a3963_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	43060
Entropy (8bit):	5.87385031277591
Encrypted:	false
SSDEEP:	768:Buwrw5UMcnnV0RCbjoJGmaYo22JuIjpHc4LPQcMbg:BuKhMRRdaYo22JHV88ocMs
MD5:	49D66030C4899161D557821EF9449BD7
SHA1:	8961A6BEE07D76E1156D1DF98A96E27FF9C9F3CE
SHA-256:	25D19767CB95499C93F56F10C1B889962B3DA8881E9315D2AD7468F821E9937E
SHA-512:	7E213DA61A30CA05D118FC8A2C8038642511852E991C282226B003548D465A6DC6CDD5A352C68390966EC30503A6C6F3426FD1F354E004E576FE70754E358461
Malicious:	false
Reputation:	low
Preview:	0\r..m..........k.Hz...._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-bcc229/94-3cd1e0?ver=2.0 .https://microsoft.com/.U.7../.......................'....3.hi!......QF........A..Eo.......R...........A..Eo................................'.......O....@...)..............l........................................................................(S.....`.....=.L`......L`......Qb..1.....awa...Qd..d.....behaviorKey...Qc..6.....define....Qd>..-....jsllConfig.......`......M`......Qe..R_....rawJsllConfig....(S.....IaB.......IE.@.-.....P.!.........https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-bcc229/94-3cd1e0?ver=2.0a........D`....D`....D`..........`V...&...&..A.&.(S.t.`.....<L`.....@Rc..................Qb.>,v....t.....Qb.......n......S.b............I`....Da.........(S...Ia..........QbF,......r.........!.d.....................(S...Ia.........../..d.....................(S...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a5575bef7c495dc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	424
Entropy (8bit):	5.876204266914878
Encrypted:	false
SSDEEP:	6:m0iYGLTDQyKfZ+ONNKM3IGRWm8SIyDAugxCU0Jf37PK6tsVIf/Ry5fAul/0Jf37h:D6DQLjl4mxIyDAHM3laqf/RypAudM31
MD5:	FF518A7F43B41FBFFF2773AF5649E34F
SHA1:	6F01EECBFDACD35EA13442A1AC25EAB068B05776
SHA-256:	0CD70F1ECA10E2E760632BAE7DAA2655100747771D3DE0742BD58D16E78CD8E1
SHA-512:	0CFDC65F9D7D545D2392E9DED4AEA1933BA8B6E4F476609399E472E408CE9E17955CE1D2707504DA270896B3C25E99C15D16ACA786DD5950826E20FD388BB5F4
Malicious:	false
Reputation:	low
Preview:	0\r..m...........k@....._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/46c44584/coreui.statics/externalscripts/jquery/jquery-3.3.1.min.js .https://microsoft.com/..v4../.............1M.......'\|.....C..j.,c%X.i.Y-....F...N.A..Eo.........c.........A..Eo....................v4../.0x..77A537CD637ADA93EF5AC08FA8B9B5A27FBDD431EBC373F43E3295CF95CCF5A1.'\|.....C..j.,c%X.i.Y-....F...N.A..Eo......w.lcL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ac17804cac642505_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	104456
Entropy (8bit):	5.792785083873188
Encrypted:	false
SSDEEP:	1536:zRWvuMcXiSpGsd5+UiAtD/5sJXGBMkZdlGaJLZ7/PGEpxvOwo7OSj+qkqx:N2uDniuD2JXGBMnUJPGkNOwcLj+D4
MD5:	83B36A96274BD4B060E07D901B7EFB42
SHA1:	5C226BEE721341FA012E62F7166504FDBE377366
SHA-256:	4F09EB421EE49CFB98BDCA29A73347A8B282289CF79CA66A3337817766B85702
SHA-512:	49DE5BF180CCDA9F2CB642A46306426D1D620F42075DE8AF8945F5A184676C76280FA465CD938E752EE6AE4175DD7999FD895FB74359740AEA21717B4C4B312E
Malicious:	false
Reputation:	low
Preview:	0\r..m......@.....S.....201732EE23A431CA667EFAB5397F56DC925BC47017670F5DB5964415D6748205..............'..v....O#.......b.+"............d....&......................`............................................................................................................(S.H..`L.....L`.....(S.p.`......L`.....0Rc...................O.`....I`....Da....N.....Q.@f.......module....Qc.y......exports...Qcr.......document.(S........5.a...............a..............a...............a............a...........Pc.........exportsa....!...I.....@.-....HP.......;...https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js.a........D`....D`....D`.....]....`....&...&..!.&....&.(S....&..`8M.......L`@........Rc............8......M...Qbv.u.....c.....Qb...y....d.....Qb:.......e.....Qb.:x.....f..........QbJ.......h......S...Qb..\....j.....Qb.u#.....k.....QbV.......m.....Qb.g......n.....Qb..d....o.....Qbr..o....p.....Qb........q.....Qb.,@.....r.....Qb.0......t.....R....QbR.].....v.....Qb.h......w.....Qb..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0581f11f03b3afc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	96472
Entropy (8bit):	5.8283317266135635
Encrypted:	false
SSDEEP:	1536:jQwUXVQzQB2VRaKugAOtomD3hRtWUkFnw5O42:Rt/lugFhRtqFnw5OP
MD5:	5C19F2DB2354D18C0FBB50C7B5D7734C
SHA1:	D81C691F7639E5BA5180529BBB0045AE58A99EBD
SHA-256:	D00AAD29180B96968064FCCBD7FC9734A4ACD947EF587B177042DBCC16C6E41D
SHA-512:	EA0ABE76873439D0136C21DD934841F20F5A735ECDFA541DADC7F8E1D4620AA4884D69EEB44163530BD59C2DC6DA0F503B7CB01D0F15D834C5DE141E9C256F9A
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...........77A537CD637ADA93EF5AC08FA8B9B5A27FBDD431EBC373F43E3295CF95CCF5A1..............'..S....O!....w.....................H#......................................................................................................,....................(S.H..`L.....L`.....(S.p.`......L`.....0Rc..................Qb6#.A....t...`....I`....Da....l.....Q.@J.^.....module....Qcz.......exports...Qc*.."....document.(S........5.a...............a..............a..........A....a............a...........Pc.........exportsa....0...I.....@.-.....P.1.........https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/46c44584/coreui.statics/externalscripts/jquery/jquery-3.3.1.min.jsa........D`....D`....D`.....Y....`....&...&..!.&....&.(S...I#..`FF.......L`.........Rct...........2.....Qb..:.....e.....Qb..C.....r......S...Qb.i......o......M...Qb.......s.....R....Qb...)....l.....Qb..M.....c.....Qb.Y_\....f.....Qb..?=....p.....Qb^}......d.....Qb........h..........Qb..E.....y.....QbZ......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d351c2e105cdeba7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	94840
Entropy (8bit):	5.787334706388171
Encrypted:	false
SSDEEP:	1536:bj4zJzUNvBiiC/BDZbY0w/wIPajocifqjnTTFQhC418KKYvyA:izL/JNYv4u0UqrFcgC
MD5:	24D82A786D40BB9BC92410F1B6477C37
SHA1:	BE0EA8BBA14D31B94B2C72E38E544A825F19ECA0
SHA-256:	4B28C9868D552A3F7129352F14F46AFEF7FB8B27F2F709855839E8EDF8AB2630
SHA-512:	B0285FB6BB7E17D2D428B68B4F8FF5943EF128390679982D37012D187CBE0198C2BC76665D4B0A8F53FF0C246F6F57677996E5FA6C46FAFDC69A09FD38F0AA15
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...a=......469B2E48AC71305F956671BF53B305BDCB1259773B41BE5A6985BF11C875B49B..............'.wr....O"... q..L..............................@................................................................................................................(S.4..`$.....L`.....(S......`.:.......L`.......Rc...................O....M...Qb........cy....Qb2.2L....cu....Qb...N....ct....Qb&j......cs....Qb..)>....cr....Qb../....ci....Qb..{"....ch....Qb......cb....Qbf8......ca....Qb........b_....Qb..u.....b$....Qb6Gz.....bZ....Qb.T.....bB....Qb.8l.....bo....Qb........bn....Qb..H.....bm....Qb.q.?....bl....Qbn.1c....bk....Qb>.......bj....Qb..:.....bi....Qb"K......U.....Qb........T.....QbV..c....S.....Qb........K.....QbvNR.....J.....Qb........n.....QbJ1."....m.....Qb........l.....QbJ.......h.....Qb.Ae....c.......Qb."K.....d.....QbN1."....f...........S...Qb..5.....j.....Qb."......k.....QbN.......o.....Qb.O*.....p.....Qb..\|....q.....Qb.Ry3....r.....Qb........s.....Qb.v......t.....R....Q

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dc2be4daef321d91_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	283
Entropy (8bit):	5.6993481136951685
Encrypted:	false
SSDEEP:	6:mByXYcBB8LjFke/BDWDQICACJe15SZDL1zv1ggnl0T9bu+01gbK6t:4nN/hWDxCACkeZDxzv5l0Ju+NN
MD5:	38E7B3F81FC49001BA48D7FAE007AFB0
SHA1:	5AAD346DBC43C4B213D7418074449218AD92C07D
SHA-256:	467817F1D7D5D243791B0C34DBB120DB494B0F3854F11815AEE16B9CFE530821
SHA-512:	26434FAFF1BC23FB896BC8652F00555728527618C3C5CA0F0858E674A36C9174B4784EA78C5447DA19C6E488785391BED2E5623D5287D5B8C6101DCB08777A69
Malicious:	false
Reputation:	low
Preview:	0\r..m..........A.]....._keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/engagement-window/window-confs/1644511330?cb=lpCb5372x76411 .https://liveperson.net/...6../.............9t......G.FIuf.5...H.S?..9....J.#..Q.x...A..Eo......g..R.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4b92c98510f85ab_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.64114847953001
Encrypted:	false
SSDEEP:	6:m0+6EYcBB8LjFke/BDWDQIC8mKVmLPVQTw7VNvy0ug4y3gxWap/k/bK6t:J+CnN/hWDxC8mTxVNvy0qy3gUapMN
MD5:	56076DB61FA882D1AAEEB168702A9CE3
SHA1:	038AE0B12A4FB7962EB83ED67B0BEE97E0D05AE8
SHA-256:	DB762444AFAC67D0485460E16D9CEB6AD46D346F7A00562B02D8B6F47A2BFD44
SHA-512:	1C580A1FAB2AD2386642765DAE3EE5720496F20DEF8E850183D7DFC3D586DFA4E72F9B12F410383F677BED22965F0CFB4414880A0891F580959AFB57EBCBD684
Malicious:	false
Reputation:	low
Preview:	0\r..m............_....._keyhttps://accdn.lpsnmedia.net/api/account/60270350/configuration/le-campaigns/campaigns/1644274130/engagements/1644512430/revision/15604?v=3.0&cb=lp1644512430&flavor=dependency .https://liveperson.net/...6../..............s.........J.Q!?"..Ek.;g.X.....\|...z..n.A..Eo......H..u.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4b9b26cef092fbf_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.584189263481727
Encrypted:	false
SSDEEP:	3:m+lbGRa8RzYLLI2P8kIRgEe0sAIsUVDFYtROzl4t/lHC7/cAVUI6tY6GfGkRmEpX:mcGRXYL8UdD2DOJogYA96dGfGhyK6t
MD5:	3D0F1F423A80C1E66381C0F311CA0F6F
SHA1:	0741C541DC61327B31C4497E32C0D35B03DB94F0
SHA-256:	426E047C48327477A471C4A8BD6188C3BDD39D8667F0F12DD099390A35D42CC1
SHA-512:	AC18BE550A60C8E1B422CFCB7D4849410A53CC98BFE5FDBF6721C77F6C730246CBE252ACEFFF56BCA66D744F809F6B40CB6C53B502C76C24A46DF59CB9162E30
Malicious:	false
Reputation:	low
Preview:	0\r..m......^.........._keyhttps://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1 .https://microsoft.com/..v4../..............M.........t..-...}~I.1..?D.=.#.&.6d..A..Eo.......6p..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f46ad1d2652b0b43_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.876664343545645
Encrypted:	false
SSDEEP:	6:mfYyK08fUH1DGfo9/goiq5Efzr1RK6tWKVtWyw/bg+EfzrhG:QKjfUH1DGg9+qEftAKVtWTs+Ef
MD5:	C3FC01C6A6EA6FC3DE1C22BB3F0172E9
SHA1:	7D1DE039CA7AF79680F690AD52D25C902B69F6CC
SHA-256:	9D066BF66308AA48E6F904CC97583EB98DB102DAA190BEBFBAE83380E07E6058
SHA-512:	3952817B417408B419EADEF4032095F3D2B38E1D5C85F598759704E04DC991E049FEC228F94B8E87EB43338BA98544FBBD794641DDA8EEAA6B6F7B30987DDEF4
Malicious:	false
Reputation:	low
Preview:	0\r..m......V...T......_keyhttps://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js .https://microsoft.com/...2../....................f....cB..cWhT..6..(..$....G..A..A..Eo.........S.........A..Eo.....................2../..q..469B2E48AC71305F956671BF53B305BDCB1259773B41BE5A6985BF11C875B49Bf....cB..cWhT..6..(..$....G..A..A..Eo......h...L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f4de1fe6dac9263c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.5217809751281655
Encrypted:	false
SSDEEP:	6:mDXYL8vc7ZMTkVDTgXIdyyBk4ba5tbK6t:Ci0c7ZMmDMm4
MD5:	82934DBEEC4E9EB738A2ED5B91BE63EE
SHA1:	CA41CD00BF0E095132BC42312D90F3582309C081
SHA-256:	08204B78B3E74674BC03A5FD85E92C063B2DC37DFF261A99EF53F606E5BB5079
SHA-512:	4A2108391E4773460849D4F729907F25A2302EA0BF0AC0B2B0CEA98C99269D25E1EADCE8A85694FAEC44F49F892FCD79A470CB71989BF49C18A801EED90B4318
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.........._keyhttps://mem.gfx.ms/scripts/me/MeControl/10.20321.2/en-US/meBoot.min.js .https://microsoft.com/l\.7../.............]............G....4G.Q.9..L."G.KlY.S.b..A..Eo........o..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f50f7e3b3653a201_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.731810036081915
Encrypted:	false
SSDEEP:	12:VzDQLf+5KWFhhoH3FiTTyJN/HKDC3V78:Vzj5FhYinsRqe3d8
MD5:	6ED7E457B44314C203B580F8322CF717
SHA1:	8CA2FAFD2EF5BD20B424907264F21E5F9C819295
SHA-256:	7B150A43B67ADF2D87B1EDCCDD112E46AC2A4E5E2743615C914072DADCBE1AFE
SHA-512:	F2D82D5DEB1E67F60CA24C26F899EC1837E657B044FC66E35C8560FE6833D2213E9B477878F545FADE15822EC22C68706A5CB6FF50580CCCCE55D3EB2DE772EC
Malicious:	false
Reputation:	low
Preview:	0\r..m..........'^Y....._keyhttps://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-6ade99/ff-dc7b13/2b-b6ab60/8a-91655a/28-8f59e1/71-4da314/58-f3fc85/d6-6e76d0/e6-9d6ac7/1a-3fe6fe/a3-aff1e9/cd-8ce651/f5-7e27a5/7a-3277aa?ver=2.0 .https://microsoft.com/.7../........................y.&{....K...y.(....^.\|.\.A..Eo.......:-\.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fbfb01c217345625_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5992
Entropy (8bit):	5.813200580980113
Encrypted:	false
SSDEEP:	96:LSBo1ffQMiEseiufy5npCB0qmIFwm/+44IOnhcxUUp/Ttb8jPaA1DfAtvMJd:HfojbeiPVqmIFw4ynhk/p/Ttb8jPaifD
MD5:	3D5E0C13FA5BD803871ADDDEAA5BEC31
SHA1:	9CDFE42042F1FC9D47D156409507668E2D4B7E72
SHA-256:	1A33CA26918B56F4D560868F661584219CFB080F2B57B0991A400BA194A81359
SHA-512:	0871964E3A1B01828673C46BE86831A9C98F13F1E4BA9324EEDFF32F7C0194E83CA103FF096F9F97B967E6B37D343D0793DF899C7B76695B804AF12E6B2EFBCB
Malicious:	false
Reputation:	low
Preview:	0\r..m......x..........._keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=8c27a4b8-356f-dd50-ddb2-9e2c834bf9c4 .https://microsoft.com/_.\3../.......................D#[....?.`.......c.M4#..@..A..Eo......\|x...........A..Eo................................'.*v....O.........DY......................................(S.y...`......L`\......L`.....(S.....Ia&...m....,QiV.n.....ShowSelectedComponentKeyPress...E.@.-....hP.......\...https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=8c27a4b8-356f-dd50-ddb2-9e2c834bf9c4a........D`....D`....D`.....Q....`....&...&....&.(S...Ia.........,Qi.`i. ...SetRightSideNavigationMenuHeightE..q.d....)...............&.(S...Ia.........$Qg.Y......ShowSelectedComponent...E.d....................&.(S.....Ia.........(..f..................-............d................4......d...........-...........d.........!.!..........Qd..I.....ShowToolTip.E.d.....................D&.(S...Ia....>......e.........-.-............. Qf..^.....AssignToolTipToHref.E.d.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff3254c380ce1732_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1235
Entropy (8bit):	5.200934261948357
Encrypted:	false
SSDEEP:	24:MjXJaGN4zXk16FHPtJ8dtUUuzi19EJkuLUkI5E/9RLFePp8YSCfIAIS:M9aGQXi6OdCzLJk+UkeE1nePp8aA
MD5:	A383CC9F8A3D37CCDCC0975F575E0A6B
SHA1:	0DDB10C16C2E16FFB004FDA4BA509CA1F93A8E94
SHA-256:	5F675B1D6670E96A92205B3BE766270E04432A946CA4834836ADC6E4310FB049
SHA-512:	C8826C95C0E507EE9FA3D496ACDCC732F1D5C398314ED4D2C5915E53693BFEC017075CF2FCC4062AAFA31F045B9D44DCCE43D3A6DCA109F15B95AE923474915B
Malicious:	false
Reputation:	low
Preview:	0\r..m..........'......_keyhttps://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=0502864a-b6ef-2f14-9f8e-267004d3a4e0_c5ea3348-55af-729a-2641-14f0312bacf3_742bd11f-3d7c-9955-3df5-f02b66689699_cb9d43d2-fbae-5b5c-827f-72166d6b87fc_49488e0d-6ae2-5101-c995-f4d56443b1d8_7dea7b90-4334-c043-b252-9f132d19ee19_38aa9ffb-ddb5-75be-6536-a58628f435f5_e3e65a0a-c133-43e7-571d-2293e03f85e6_4ca0e9dc-a4de-17ba-f0de-d1d346cb99e2_06310cd8-41c6-3b11-4645-b4884789ed70_5c27e8aa-9347-969e-39ac-37a4de428a8d_d6872b5a-5310-a73c-7cb3-227a3213a1c5_be92d794-4118-193f-9871-58b72092a5ac_64c742e2-b29c-b6c1-fdd9-accf33ec40bd_cf2ceca9-3467-a5b3-d095-68958eee6d4c_cec39dd8-f1d3-56f1-abfc-a7db34ff7b46_ec5fa2c9-3950-ff57-a5c3-1fa77e0db190_d19f9592-65df-bcc9-e30e-439b875c3381_76a3d06f-f11f-77ef-9bfd-6227ba750200_5e1caa45-461c-3b04-f88b-8cd50af16db5_c2dceda8-20b4-7d3f-13b6-9cac67d7df17_914fa41b-cc86-d3b0-4e15-2fdfa357bcc7_40c6c884-da6e-7c2c-081f-4a7dfe7c7245_ae79ba96-1a9d-debd-a5b1-f3067213b9b8 .https://microsoft.com/u..2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	1.9302996646381942
Encrypted:	false
SSDEEP:	96:dNw1P43Ll1NwpeC1AiR5R0m+VYVCLT3hP4xAioRfPckslP:du1+LfuMCjRG5p2Jl
MD5:	80F863BD1AE9081B31FCD823700DAF38
SHA1:	D32DC8C916B6098D791DFB3AD820F244B78389C5
SHA-256:	0A3402BCC3963A58DA278895CB1AEAB72B5634F877363700047127BE1BCB0B68
SHA-512:	A8301EE4CE3144590339A111BF9A360FAAE97B8AF3E045E9BD74A0F2844799F83B787EE021472236F1470894D7D4B3869560C5AC8FF8D397BB21167E56D33006
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	25672
Entropy (8bit):	1.0403271135418166
Encrypted:	false
SSDEEP:	48:bI+Kq5LLOpEO5J/Kn7UtOLlhPG3r3PpqekLLOpEO5J/Kn7U28:E+KcNwgLlhP4hMNwR
MD5:	AFE6E499303045447F7DD8879039E19F
SHA1:	966CD85FD9DC36B88AACE5A49D9CA6113B372360
SHA-256:	3545CE6514C25256297273752BD0A4360B1FCAFD9AEAAC3B854D2EE28913AE8B
SHA-512:	46FDC95F7D0CDCB7D7D19D4650614CE33F6FA6FFD5CFBBD7AF3F958847C45099FAC48EFA5FD2D4558B4AD65B65A8E85AE34280C1F01404FB3E381872482169DE
Malicious:	false
Reputation:	low
Preview:	.............../........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	23276
Entropy (8bit):	3.387075351125271
Encrypted:	false
SSDEEP:	192:3zGNObOzc4zGZ2POoD/ipSDxbg90s0jPbRn:j88OzRvxDxbg9X0Rn
MD5:	9FF7F7336B0A8828BA599B3CB6907656
SHA1:	21AC305B4BE99C7FD9820DF415BB4F7DD83A10D0
SHA-256:	A338CFAB312A2ECA437F220059D2B52252B7688B99A367D5FB3BF2327D35B59F
SHA-512:	CF11D8E649CF8C5738A7D068F2B3AB34A2C97AC6F69782C1BC7B8C21BE987AC422CB9C624D7B9AF0436A01B0D9D9F48591C0A8E81A70EB3949A58394A7E7BF14
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...6e86f11f_a8b3_4c12_b217_b3d17ba3d244........................t.................................................................................5..0.......&...{2F4F8386-A58B-4B0C-A17B-2FAAF764E551}..............................................................1..,...........E...https://snowtike.cf/aU5Y9Sr7Z6nkVtcMyiIpNePqHXJB2lRLsfwzhEm0FO8Tgv4GjAKboCQ13DuxsceumNbRTPlWDO7y0hz8gE9x42XrYApiqajkfS1LM6nZJUQ3HtCwvVoIKGB5yFRDtqlKkLAUm3E7Mr6if2o08InaYbpOZ1BV4h9N5gexzGTXWJvSQPwCusjc23JnlRX9s0gPyOpcFuHMh7Qv4jkBrowibSq1zNt56VImCeZfaDKxEYUAWL8T/lFXaUGxqWkQEj2DLgt5cJRZwCnAP3Mp9SNBv4HVhK61u8fmTybeo7z0sIiYr.php.......S.i.g.n. .i.n. .t.o. .y.o.u.r. .a.c.c.o.u.n.t...................................................h.......`...............`...............h...............`.......l......m......................X...........................E...h.t.t.p.s.:././.s.n.o.w.t.i.k.e...c.f./.a.U.5.Y.9.S

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.192593149691924
Encrypted:	false
SSDEEP:	6:mZPQkADM+q2P923iKKdK8aPrqIFUtpKPQaUJNAgZmwPKPQaUJNADMVkwO923iKKV:aXcM+v45KkL3FUtpKRUJNJ/PKRUJNcMs
MD5:	ED5E90A20644F7E7AA996979FD0ED0EF
SHA1:	8B5F3898348D329352B862A5E5B8AEBC3309675A
SHA-256:	24C1E76692C9522C601218C83B654A98B8F0E7F861CD54E91BAC357933DA9ACD
SHA-512:	B0F3A5D90F435D229992D85842E204D274D8C253645B88772FC07C76D0BFB78E4B666E84D40EAC487DA7657A4DDA6C613C64FACE951B8E4BCDC139BDB31672AC
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:12:58.422 178c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/01/27-15:12:58.423 178c Recovering log #3.2021/01/27-15:12:58.423 178c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.096097962750732
Encrypted:	false
SSDEEP:	6:mZYl54q2P923iKKdK8NIFUtpKY4lJZmwPKYl/3DkwO923iKKdK8+eLJ:aYkv45KkpFUtpKY0/PKYB5L5KkqJ
MD5:	4FEA5C25D95880455700C19FAD043000
SHA1:	D1776CC43FA49C00D6658EF0E31049758726CDC0
SHA-256:	7ECE65DC853FC6741CDB143F94CAE3205272BBB228F047CE63965BD8ADDD90A2
SHA-512:	3A1C1A1CCDA69A06A8F0ED7E79D8B71661C155578853CB9E1A098F204F1E531EFB6C3B7947B180CA83EE8B2F53DEFCDD8AA7E3FCCA271E56801AB934271BEFCB
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:00.499 1700 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/01/27-15:13:00.500 1700 Recovering log #3.2021/01/27-15:13:00.501 1700 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	17938
Entropy (8bit):	6.061511031838911
Encrypted:	false
SSDEEP:	384:ahlZ97TC4hNLFkQF/4H/vo3c93yaM5ZAVGnLMeP3rrBsuzfccHyfXRH0MVEPT:ahlvS2Fk5ooNM5Zg+YePRgpXRHLVA
MD5:	58E0F46E53B12F255C9DCFD2FC198362
SHA1:	24E3904DED013ED70FFC033CFA4855FBB6C41C19
SHA-256:	F82EEF4F80D86F5DEF0F40F91FFB6453E1706CA5FD8A7172EDB19C4B17E2F330
SHA-512:	1AC83CDFF124E4C0281FBBFC0A919AA177F1524AB85434D82E5A87DDDF7CAC26A761C5E6249566626054C62D6B0F46A51AAC1F6E64C260F50832AE1D5F0A49BC
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["vyABSKu1ssLnoQtj8Nqw6CjEthL33alh0QYBLzRg9+E=","DGWrOFQ2mF53Fk3FM5jLCV5sKg1DgRTF750mXhpKaoM=","f8vmSL13lL5/sEk/UBo2z9BTE1au+kMnftvxebWlLfQ=","g6BagkGM3fYVfhX6pe9v+WIhrxb6KJyr1H8KEdf3iQc=","6GdjKPovCi9TAL74Kj/R6GzGC1RVsWCb0lMtrG41ElU=","vttVT0ok78296FZBpoJgEIMmZmATBpKLrC5wr6RiPIg=","5dwwmOMAg6GXh2x6hn99MsZgiXJCxgTnwFdiMmcl2/0=","lQFxytI8i5cYLqNLbSnc45XXd/jEIuKwO1nAvNh5/WE=","qETF6aAOXwVcduPggf/FGrY8l2ALwdIswKxFJWG2JpQ=","+fjs95t/ESSgtcK9SzZOIcY/aemUr2I/yYI07esfjbk=","H+r4m51qI4G0z8YtAibc3/AGYvPK9qT14BbGvmM4/y4=","Qz4vtomAqVrAeKIcJ/zbVi5yDpFiY+F7tP/FTdoAKwU=","k110zqa69JMO5T4RH/nBdkCVX9I/98Gd7K2dnRuyFyg=","+QrRx4Pz8wbz4ef9ch1Q2aAQDZbv0r64NMyj9z0qaaE=","6q/tcYekY7TN66ZdPx4ALLcteRLQJqFy0wgcIqL6fFU=","djipPPtOAFsToDpKDbadLJLGQiCzTkN2qsRbzvKijBo=","uHEm1DVxHADroGNWHjmdfpdNUgtHXDQ0zfTmdqtJgYo=","1C2E0Gz2nqKFG3ghcQEVyiTYI4rTYNnrpsHQY9J7BfI=","swYZ8T85/4tzx26dfC0RKxMiHwnjqJoxtn0Mb8NdcjI=","AuXwavx8SOtkgFhnRlnM4roIw243Ryh2ktL0QZRDLoE=","oG0S5XUkjBtAHts9X+uQt5MTsf

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	71680
Entropy (8bit):	2.6157206109388755
Encrypted:	false
SSDEEP:	768:AaTahPsPicsvWOah5Z9OgKz/vjAuq0z2zZAP:ADtEi+d9OZX5dE4
MD5:	217930F322D169E583FACCFB9A665313
SHA1:	8148CF44D22B49C2B3FB2805C73BB429756B0D60
SHA-256:	0B39F7C399C49DFD90FCCE0701C2779D1906BA8E984B10797C1F7D574AC98B58
SHA-512:	296AD145B32EF58CB093876DDF8C6F0F7235F275859F5CAA65BA1D51BD18DA02E0713E4C510872F71DAC65F70114FF5EE543F198A295FC423359E42AE33CE03F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	77148
Entropy (8bit):	1.9200520455678696
Encrypted:	false
SSDEEP:	192:ZLntT+EavJw9OBOdbpmOvZOKs1463mOlxZOoM3mOHYxZOy9Iq4P4kM3mO6xZOV:ZLtjahKcQggXsyZo9z9/9IjAkz/2
MD5:	67C9526D59BC13E02805193BE093BB2C
SHA1:	BB62A3F04A613DF28EDF50558688EBBE3038561F
SHA-256:	C4E39B4E3B4C32C834576C2E0810CD067D3AB99535BF9AEA5FD41316694EDA38
SHA-512:	C36C4ABC550380D626C2C7A22D8E4EAB5080942498C028E2879D392220B2AC17A8485C7C0FC60820580894187D10B6F6E67FED982244075A8ABB3FA4E8A3FBEA
Malicious:	false
Reputation:	low
Preview:	.............M.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	371
Entropy (8bit):	5.284045325057774
Encrypted:	false
SSDEEP:	6:mZkq2P923iKKdK25+Xqx8chI+IFUtpKQZmwPKHNkwO923iKKdK25+Xqx8ch+/WLJ:akv45KkTXfchI3FUtpKQ/PKHN5L5KkTM
MD5:	E16CCA79B723636997D2CFB7B12D58B5
SHA1:	C596717C7FDBB43CC159B1C919765ABFE64B74EA
SHA-256:	9A5896683FA1A9C50CE7470C5340A7406F0B2F637867888F9E46D177723502CD
SHA-512:	164055DCA9F9519CB844A41B82A9B810B9C5221C48C539C32BED9981A2BCA46A76CFB76D28D151D09DF3AF62253257DFB3C432C044385157BEC356E5F1C59D74
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:18.390 6b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/01/27-15:13:18.423 6b4 Recovering log #3.2021/01/27-15:13:18.424 6b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	357
Entropy (8bit):	5.242542608642568
Encrypted:	false
SSDEEP:	6:mZrHROq2P923iKKdK25+XuoIFUtpK4FZZmwPKdkwO923iKKdK25+XuxWLJ:adOv45KkTXYFUtpK4FZ/PKd5L5KkTXHJ
MD5:	741BF6F72B9E4E5CBCF07B4508B59ED8
SHA1:	11BB6D8E75CB3F69E9887F1CD7CDE713330BF063
SHA-256:	F37C0BD6D79F7F5949F56D7DA0ECEBE990087573F03FB4A302D63A395D72980D
SHA-512:	AABD737CBCD71BC0007E143B4E2D0ADBB5E0B6E738FBC5D062B92C7956DB5F48B6200FC5D29F3B95F8FA88D6C7DB44F0BBF31911354B8E0B6939DB658913D5C6
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:18.350 6b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/01/27-15:13:18.351 6b4 Recovering log #3.2021/01/27-15:13:18.352 6b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.280234692358879
Encrypted:	false
SSDEEP:	6:mZeq2P923iKKdKWT5g1IdqIFUtpKkZmwPKEkwO923iKKdKWT5g1I3ULJ:aev45Kkg5gSRFUtpKk/PKE5L5Kkg5gSu
MD5:	B6A6FA13225F546AEC4E6EE8F84F4608
SHA1:	2E7C2095774F1E40A007F27409501B2E80D08B10
SHA-256:	189652A586483FD49DD443170858D5E95A43CD83D2543CD4425E8176B09FD805
SHA-512:	ED21DA798E0244042078CFAB41DE8971DA8F86185056EA4B94BD60F1BDD870C1C20D31C42E51C9BA8D05C6A5417DFA0EDBE7FE35E15222BED3E643369C2498A5
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:18.288 6b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/01/27-15:13:18.290 6b4 Recovering log #3.2021/01/27-15:13:18.290 6b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.8544113230149635
Encrypted:	false
SSDEEP:	192:KO04XOv8OIk8XOoBoZDOYVmL8XODBnZDOhVS9L8XO1JbYjPDu1lB6ZDOtbVPzbrO:KAXjVXODPXADHiXIx6DqiXH
MD5:	51403B9DFAD603D96639605A64853DA7
SHA1:	669A786D3E3D18CE0E76E855428A62816D1895F0
SHA-256:	9CB4BD3B6980BC1272F3CEF6ECCD930CF9E3D9712BFDD0FB80871E4AE7190D7F
SHA-512:	F09A3DFC51B7158234F991C55F803D2DCE9E6C41F0B9C3150299648761F0F6776FB3CE0885F1D596F52ED8417C5980C7E0F851A0A47A3BF80F8BABD49250EECE
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2042
Entropy (8bit):	6.0756191339545165
Encrypted:	false
SSDEEP:	48:3LcDRHN/qnk4ljQyb38MXt14HHJFbcPz/iUW52ATmu:3MR9qnZljQyA1HHrbmz6UO2Gmu
MD5:	9A761BB56CE0F0F04FF07DF221D89F28
SHA1:	C236F2BE55B03DD915874CC57205AF3D328B34FD
SHA-256:	23EA192E27BFD8909093892F10C5F0CDFAF4990B4F77D3BBDD481AD80A75C214
SHA-512:	0651D99697CADF625F7663CBD96E0BAD66FB0425374E898CF8AA3B90EB24A6DD184D49A82C48C6A00475FBADB22B78983B72BC80A6B242FDBD45C9E0D29D5743
Malicious:	false
Reputation:	low
Preview:	............."......agreement..com..en..https..microsoft..services..servicesagreement..us..www..account...au5y9sr7z6nkvtcmyiipnepqhxjb2lrlsfwzhem0fo8tgv4gjakbocq13duxsceumnbrtplwdo7y0hz8ge9x42xryapiqajkfs1lm6nzjuq3htcwvvoikgb5yfrdtqlkklaum3e7mr6if2o08inaybpoz1bv4h9n5gexzgtxwjvsqpwcusjc23jnlrx9s0gpyopcfuhm..cf..in.<lfxaugxqwkqej2dlgt5cjrzwcnap3mp9snbv4hvhk61u8fmtybeo7z0siiyr..php..sign..snowtike..to..your*........account......agreement........au5y9sr7z6nkvtcmyiipnepqhxjb2lrlsfwzhem0fo8tgv4gjakbocq13duxsceumnbrtplwdo7y0hz8ge9x42xryapiqajkfs1lm6nzjuq3htcwvvoikgb5yfrdtqlkklaum3e7mr6if2o08inaybpoz1bv4h9n5gexzgtxwjvsqpwcusjc23jnlrx9s0gpyopcfuhm......cf......com......en......https......in...@.<lfxaugxqwkqej2dlgt5cjrzwcnap3mp9snbv4hvhk61u8fmtybeo7z0siiyr......microsoft......php......services......servicesagreement......sign......snowtike......to......us......www......your..2...$.....0.........1.........2.........3.........4.........5.........6.........7.........8.........9.........a...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	187812
Entropy (8bit):	0.7437418311212837
Encrypted:	false
SSDEEP:	192:wrAmOWXOie8OOqm8XONL8XOxFBoZDO7VX9L8XOgBnZDO1V6r9L8XOBJbYjPDu1l+:wrAmTXjd8XVXcwDEiXPD/iXcx6Dd
MD5:	1DE18A775C5787DCD0B21F72C7D6CF0C
SHA1:	4B76E19383FAE8E792267B2A4AACD3055C0FA836
SHA-256:	F2DD67500B488F0E09B645DB993F3838509CAFD3FD08F7727A3D1F2908335718
SHA-512:	A26F597D0043D94806DCE108926D2E42F473E80BC6E5A2B1972D21A7BB37CD4116765A505AAAA8F4D0235897E015314FB3DC2A9A5B9018386A92C96FDFDB5033
Malicious:	false
Reputation:	low
Preview:	............l..T........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\000001.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	10806
Entropy (8bit):	4.965715842549438
Encrypted:	false
SSDEEP:	192:yyFVP/3aK0/3a5/3ay/3aw/3aN5/3aGp/3aw/3aF/3a8D/3aB/3aj:daW8jh25hw8m0j
MD5:	47F884ECA14902F3AB7299336A6C7123
SHA1:	A9B4FF1BF01EEBBDC4D890C1FA168D56E90824BC
SHA-256:	7273520BC978300371A6B5C4734962CAD83ADB9229614B3CFBF07F7CBF28DE52
SHA-512:	D5D01355BB52D25BD0D522D4D1E00D535A8DECF861B4FE8A92716F39C69D89F7FD2F8D579CF494672830CCFA50BAF1A7270B569C9E4945E7FE5C99AE8BB4AF41
Malicious:	false
Reputation:	low
Preview:	. ......................2....(.o".......................................N........................._.......h.t.t.p.s._.l.p.c.d.n...l.p.s.n.m.e.d.i.a...n.e.t._.0.@.1..L.P.S.e.c.u.r.e.S.t.o.r.a.g.e....................Of.jV.............................2.................................2.........................s$...............................2....l.p.S.S......2............2..........2..........2..........2..........2..........2.............l.p.S.S........2.........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2.......................l.p.S.S...... .................2.................2.................2.................2.................2.................2.................2.................2.................2.................2.................2.................2...%.u...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	180
Entropy (8bit):	5.328163428883718
Encrypted:	false
SSDEEP:	3:tUKX8B5DADMLKqFkPUkh4E2J5iKKKc64E/x14kphLjF/2LBv/IrscWIV//Uv:mZfADM+q2P923iKKdKEMhLjFeLBvVIF2
MD5:	7B4A7206ADA6F7F126C29BB3CBD37B97
SHA1:	7F884C659DE112D48064DB011C7F274217270024
SHA-256:	CEFF177CEE36C619F9F38AAD1A97317269DF28ABB20E1E151A281D7269470F86
SHA-512:	64215B674F72729BB9AAF4F38367BA58EAC414E2DDD3FA6D8936F83DCBE732E4DBAE7646272454F60FB8964CC6CEE340D3A1B06B44943B61E19F977DEC76CEFA
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:45.193 178c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\MANIFEST-000001 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	23
Entropy (8bit):	4.142914673354254
Encrypted:	false
SSDEEP:	3:Fdb+4Ll:Zl
MD5:	3FD11FF447C1EE23538DC4D9724427A3
SHA1:	1335E6F71CC4E3CF7025233523B4760F8893E9C9
SHA-256:	720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
SHA-512:	10A3BD3813014EB6F8C2993182E1FA382D745372F8921519E1D25F70D76F08640E84CB8D0B554CCD329A6B4E6DE6872328650FEFA91F98C3C0CFC204899EE824
Malicious:	false
Reputation:	low
Preview:	........idb_cmp1......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_publisher.liveperson.net_0.indexeddb.leveldb\000001.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_publisher.liveperson.net_0.indexeddb.leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2935
Entropy (8bit):	4.048025302095898
Encrypted:	false
SSDEEP:	24:rnQgOYPZ7Jy/0jcyFeTnF1XdK57ifyXX2AU2MHp22lp22jv8bZExkb2fCbQCbd38:zBZ79RFQnFbMMfNUG62uZK
MD5:	6433BBBC0C76034D496736D57C018F31
SHA1:	C5EBA0E715200BC3AA074CAD2E3B6B73DC0BA27E
SHA-256:	01B4E7FCA253B7F0292FB7A3B634CFB10B41A1E619F22B3BF6C8F3F2FFB2AF0A
SHA-512:	BB4FCA1E587A295C8F09208B094609756B41E0D46693574CD072CC1AEA8EC3F3CE3DBAB6B999B4FD024DB1C18AA2432B4CA8F391CB54B30EAB39E6C8FC9CB914
Malicious:	false
Reputation:	low
Preview:	. ......................2....(.o".....................................}..........................i.....".h.t.t.p.s._.p.u.b.l.i.s.h.e.r...l.i.v.e.p.e.r.s.o.n...n.e.t._.0.@.1..L.P.S.e.c.u.r.e.S.t.o.r.a.g.e....................Of.jV.............................2.................................2.........................s$...............................2....l.p.S.S......2............2..........2..........2..........2..........2..........2.............l.p.S.S........2.........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2.......................l.p.S.S...... .................2.................2.................2.................2.................2.................2.................2.................2.................2.................2.................2.................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_publisher.liveperson.net_0.indexeddb.leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	184
Entropy (8bit):	5.298417242182298
Encrypted:	false
SSDEEP:	3:tUKX8Dn+LAQLKqFkPUkh4E2J5iKKKc64E/x14kYHyuTT/o6V4LBv/IrscWIV//Uv:mZD+L9+q2P923iKKdKE7faLBvVIFUv
MD5:	94167482FF856A9D07B77B038F7573D6
SHA1:	7C19957D0B4671AF2378DA305A6082803B58079D
SHA-256:	AF1F15D546A954B8C62E29A71A895CE5D7FBEF8FD0AC6E55D8AD553BD11D89AD
SHA-512:	CCE2D3A03CCDDC0625D7C8B795306B4DD67D9D1A424D9A3EF9B41EDFB1850798BD80682883785405E309B4C7C103568FF3B6B179CA94E00EB5597A89AB62FDB1
Malicious:	false
Reputation:	low
Preview:	2021/01/27-15:13:47.610 2cc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_publisher.liveperson.net_0.indexeddb.leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_publisher.liveperson.net_0.indexeddb.leveldb\MANIFEST-000001 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	23
Entropy (8bit):	4.142914673354254
Encrypted:	false
SSDEEP:	3:Fdb+4Ll:Zl
MD5:	3FD11FF447C1EE23538DC4D9724427A3
SHA1:	1335E6F71CC4E3CF7025233523B4760F8893E9C9
SHA-256:	720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
SHA-512:	10A3BD3813014EB6F8C2993182E1FA382D745372F8921519E1D25F70D76F08640E84CB8D0B554CCD329A6B4E6DE6872328650FEFA91F98C3C0CFC204899EE824
Malicious:	false
Reputation:	low
Preview:	........idb_cmp1......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3155
Entropy (8bit):	5.493979010552365
Encrypted:	false
SSDEEP:	48:7kZpG91a7nMG8dbFEUJbQSefgGOmNrS0U9RdiN9fqyl4CET:7kEa7nMddbFEUJbQ5fgGO6rS0Ayu
MD5:	0E3368D0EA6997ABF87EA86EEE10F9F2
SHA1:	8936054FB9F6C2F443EE480F7C7E3F5AEAB2F58B
SHA-256:	9D67DB4E300DB8C5F282F29764AD2836361BA1DD466468CBD44390D6CF861C54
SHA-512:	3E8D0E356CA0A7E4581FE013E140BC1FE68011B2DA43381A9AA0B68FA93796DCFF0E94EFCA71E30D683E75E516DC810484D8697BEF1973580B1CFF092AFA8A7F
Malicious:	false
Reputation:	low
Preview:	'i.#...*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..904642000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-01-27 15:13:22.09][INFO][mr.Init] MR instance ID: 3d514580-f6b1-450d-9ba1-b5baa78accdc\n","[2021-01-27 15:13:22.09][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-01-27 15:13:22.09][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-01-27 15:13:22.09][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-01-27 15:13:22.09][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-01-27 15:13:22.09][INFO][mr.CastProvider] Query enabled: true\n","[2021-01-27 15:13:22.09][INFO][mr.CloudProvider]

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 15:13:02.918315887 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:02.919035912 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.075632095 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.075736046 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.076013088 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.076920986 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.077044964 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.077276945 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.233196974 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.235667944 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.237210035 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.237229109 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.237238884 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.237282038 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.242302895 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.242324114 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.242338896 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.242443085 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.281193018 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.281850100 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.285758018 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.443945885 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.443964005 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.444663048 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.444788933 CET	443	49721	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.446187973 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.446203947 CET	49721	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.496572971 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.596304893 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:03.651818991 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:03.845107079 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.003683090 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.005676985 CET	443	49720	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.051877975 CET	49720	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.237675905 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.239536047 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.396687031 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.396815062 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.398433924 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.398598909 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.578510046 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.579195023 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.579319954 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.738909006 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.739036083 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.739123106 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.739293098 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.739311934 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742275953 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742306948 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742330074 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742404938 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742428064 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742434025 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.742451906 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.742505074 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.746639013 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.747216940 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.747395039 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.897528887 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.899341106 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.899393082 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.899422884 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.899518967 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.900484085 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.905599117 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.905632019 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.905760050 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.907335997 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.907366037 CET	443	49731	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.907473087 CET	49731	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:04.921602011 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:04.972677946 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.061239958 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.061285019 CET	443	49732	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.061352015 CET	49732	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.139012098 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139048100 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139074087 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139106989 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139134884 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139161110 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139178991 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.139182091 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139210939 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139215946 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.139224052 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.139238119 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139269114 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.139368057 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.139432907 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.300964117 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301026106 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301078081 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301127911 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301172018 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301187992 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.301218987 CET	443	49730	162.241.67.201	192.168.2.5
Jan 27, 2021 15:13:05.301230907 CET	49730	443	192.168.2.5	162.241.67.201
Jan 27, 2021 15:13:05.301265001 CET	443	49730	162.241.67.201	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 15:12:59.861337900 CET	62176	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:12:59.911520004 CET	53	62176	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:01.014831066 CET	59596	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:01.064775944 CET	53	59596	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:02.649178982 CET	56969	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:02.654947042 CET	55161	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:02.656689882 CET	54757	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:02.657618999 CET	49992	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:02.659143925 CET	60075	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:02.713208914 CET	53	54757	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:02.713701010 CET	53	56969	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:02.721524000 CET	53	49992	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:02.723656893 CET	53	60075	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:02.914973974 CET	53	55161	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:03.616883039 CET	55016	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:03.681313992 CET	53	55016	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:03.830509901 CET	64345	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:03.833549976 CET	57128	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:03.907857895 CET	53	64345	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:04.024736881 CET	53	57128	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:05.821732998 CET	58530	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:05.825433969 CET	53813	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:05.884104967 CET	53	58530	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:05.887382984 CET	53	53813	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:06.458180904 CET	63732	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:06.519634008 CET	53	63732	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:07.280287981 CET	57344	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:07.344607115 CET	53	57344	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:07.405139923 CET	54450	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:07.461556911 CET	53	54450	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:10.188922882 CET	59261	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:10.260987997 CET	53	59261	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:11.807337999 CET	51649	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:11.809161901 CET	65086	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:11.810987949 CET	56432	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:11.812714100 CET	52929	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:11.864933968 CET	53	51649	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:11.867311001 CET	53	56432	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:11.867840052 CET	53	65086	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:11.869297981 CET	53	52929	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:16.403219938 CET	64317	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:16.463551998 CET	53	64317	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:17.825957060 CET	61004	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:17.888299942 CET	53	61004	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:18.035243988 CET	56895	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:18.091928005 CET	53	56895	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:18.255323887 CET	62372	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:18.319799900 CET	53	62372	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:19.107189894 CET	61515	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:19.111140966 CET	56675	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:19.117960930 CET	57172	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:19.164865017 CET	53	61515	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:19.171639919 CET	53	56675	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:19.173976898 CET	53	57172	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:19.203737974 CET	55267	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:19.263612032 CET	53	55267	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:19.674691916 CET	50969	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:19.733452082 CET	53	50969	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:21.355866909 CET	64362	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:21.419373035 CET	53	64362	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:21.648869991 CET	54766	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:21.712393999 CET	53	54766	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:22.997221947 CET	61446	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:23.054352045 CET	53	61446	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:25.281301975 CET	57515	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:25.332273960 CET	53	57515	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:33.549138069 CET	58199	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:33.597327948 CET	53	58199	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:35.630614042 CET	65221	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:35.690010071 CET	53	65221	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:36.245157003 CET	61573	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:36.298480034 CET	53	61573	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:36.514955997 CET	56562	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:36.572463036 CET	53	56562	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:40.307272911 CET	59688	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:40.307327032 CET	53591	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:40.307413101 CET	56032	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:40.367958069 CET	53	59688	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:40.369539976 CET	53	56032	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:40.376121044 CET	53	53591	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:40.946470022 CET	61150	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.012713909 CET	53	61150	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:41.095568895 CET	63458	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.164102077 CET	53	63458	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:41.230510950 CET	50422	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.242714882 CET	53247	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.287107944 CET	53	50422	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:41.305084944 CET	53	53247	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:41.440180063 CET	58544	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.488089085 CET	53	58544	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:41.629587889 CET	53814	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:41.701029062 CET	53	53814	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:42.337738991 CET	51305	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:42.388536930 CET	53	51305	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:42.698666096 CET	53670	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:42.716739893 CET	61414	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:42.778425932 CET	53	61414	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:42.779488087 CET	53	53670	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:43.095669985 CET	63847	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:43.146411896 CET	53	63847	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:43.354304075 CET	61523	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:43.410963058 CET	53	61523	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:44.733041048 CET	50551	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:44.791071892 CET	53	50551	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:46.430921078 CET	62847	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:46.481569052 CET	53	62847	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:47.523621082 CET	57712	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:47.571866989 CET	53	57712	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:51.772844076 CET	61064	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:51.826307058 CET	53	61064	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:58.060462952 CET	61891	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:58.140422106 CET	53	61891	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:58.377734900 CET	61585	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:58.437139034 CET	53	61585	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:58.574009895 CET	65163	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:58.638128042 CET	53	65163	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:58.765170097 CET	53977	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:58.815834045 CET	53	53977	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:58.968358994 CET	57147	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:59.068881035 CET	52381	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:59.072664022 CET	53	57147	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:59.125252962 CET	53	52381	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:59.250961065 CET	49231	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:59.315469027 CET	53	49231	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:59.421098948 CET	53217	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:59.481539965 CET	53	53217	8.8.8.8	192.168.2.5
Jan 27, 2021 15:13:59.524447918 CET	52554	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:13:59.588514090 CET	53	52554	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:02.597929955 CET	49603	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:02.646267891 CET	53	49603	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:02.714222908 CET	64476	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:02.860148907 CET	53	64476	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:04.780941963 CET	49975	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:04.848454952 CET	53	49975	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:05.039447069 CET	57701	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:05.101414919 CET	53	57701	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:05.819072008 CET	60334	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:05.882539988 CET	53	60334	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:14.742480040 CET	64958	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:14.800815105 CET	53	64958	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:19.168713093 CET	58504	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:19.243815899 CET	53	58504	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:23.911806107 CET	64971	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:23.971106052 CET	53	64971	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:27.582742929 CET	58041	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:27.647655010 CET	53	58041	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:30.329545021 CET	57764	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:30.380172014 CET	53	57764	8.8.8.8	192.168.2.5
Jan 27, 2021 15:14:30.941492081 CET	57973	53	192.168.2.5	8.8.8.8
Jan 27, 2021 15:14:31.013778925 CET	53	57973	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 27, 2021 15:13:02.654947042 CET	192.168.2.5	8.8.8.8	0x9c2a	Standard query (0)	ww-agf.primside.ga	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:03.833549976 CET	192.168.2.5	8.8.8.8	0x687	Standard query (0)	snowtike.cf	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:05.821732998 CET	192.168.2.5	8.8.8.8	0x66fb	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:05.825433969 CET	192.168.2.5	8.8.8.8	0x2653	Standard query (0)	aadcdn.msauth.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:06.458180904 CET	192.168.2.5	8.8.8.8	0x20d0	Standard query (0)	cdn.clipart.email	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.280287981 CET	192.168.2.5	8.8.8.8	0x870	Standard query (0)	cdn.clipart.email	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.405139923 CET	192.168.2.5	8.8.8.8	0x63a3	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:11.810987949 CET	192.168.2.5	8.8.8.8	0x39f3	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:18.255323887 CET	192.168.2.5	8.8.8.8	0xac9d	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:21.648869991 CET	192.168.2.5	8.8.8.8	0x8e0	Standard query (0)	assets.onestore.ms	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:40.307327032 CET	192.168.2.5	8.8.8.8	0x6169	Standard query (0)	microsoftwindows.112.2o7.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:40.307413101 CET	192.168.2.5	8.8.8.8	0x46af	Standard query (0)	mem.gfx.ms	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:40.946470022 CET	192.168.2.5	8.8.8.8	0xc977	Standard query (0)	publisher.liveperson.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.242714882 CET	192.168.2.5	8.8.8.8	0xba8a	Standard query (0)	lptag.liveperson.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.698666096 CET	192.168.2.5	8.8.8.8	0x95d8	Standard query (0)	accdn.lpsnmedia.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.716739893 CET	192.168.2.5	8.8.8.8	0x8425	Standard query (0)	static-assets.fs.liveperson.com	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:43.354304075 CET	192.168.2.5	8.8.8.8	0xbcb	Standard query (0)	logincdn.msauth.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:44.733041048 CET	192.168.2.5	8.8.8.8	0x4780	Standard query (0)	lpcdn.lpsnmedia.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:47.523621082 CET	192.168.2.5	8.8.8.8	0xb80f	Standard query (0)	va.v.liveperson.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:58.968358994 CET	192.168.2.5	8.8.8.8	0x3ad2	Standard query (0)	bingexplore.azurewebsites.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:14:02.714222908 CET	192.168.2.5	8.8.8.8	0x4478	Standard query (0)	bingexplore.azurewebsites.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:14:05.819072008 CET	192.168.2.5	8.8.8.8	0x5256	Standard query (0)	amp.azure.net	A (IP address)	IN (0x0001)
Jan 27, 2021 15:14:23.911806107 CET	192.168.2.5	8.8.8.8	0x144d	Standard query (0)	mcraa.fs.liveperson.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 27, 2021 15:13:02.914973974 CET	8.8.8.8	192.168.2.5	0x9c2a	No error (0)	ww-agf.primside.ga		162.241.67.201	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:04.024736881 CET	8.8.8.8	192.168.2.5	0x687	No error (0)	snowtike.cf		162.241.67.201	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:05.884104967 CET	8.8.8.8	192.168.2.5	0x66fb	No error (0)	aadcdn.msftauth.net	aadcdnoriginneu.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:05.884104967 CET	8.8.8.8	192.168.2.5	0x66fb	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:05.887382984 CET	8.8.8.8	192.168.2.5	0x2653	No error (0)	aadcdn.msauth.net	aadcdnoriginwus2.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:06.519634008 CET	8.8.8.8	192.168.2.5	0x20d0	No error (0)	cdn.clipart.email		172.67.70.208	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:06.519634008 CET	8.8.8.8	192.168.2.5	0x20d0	No error (0)	cdn.clipart.email		104.26.4.196	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:06.519634008 CET	8.8.8.8	192.168.2.5	0x20d0	No error (0)	cdn.clipart.email		104.26.5.196	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.344607115 CET	8.8.8.8	192.168.2.5	0x870	No error (0)	cdn.clipart.email		104.26.4.196	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.344607115 CET	8.8.8.8	192.168.2.5	0x870	No error (0)	cdn.clipart.email		104.26.5.196	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.344607115 CET	8.8.8.8	192.168.2.5	0x870	No error (0)	cdn.clipart.email		172.67.70.208	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:07.461556911 CET	8.8.8.8	192.168.2.5	0x63a3	No error (0)	aadcdn.msftauth.net	aadcdnoriginneu.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:07.461556911 CET	8.8.8.8	192.168.2.5	0x63a3	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:11.867311001 CET	8.8.8.8	192.168.2.5	0x39f3	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:11.869297981 CET	8.8.8.8	192.168.2.5	0xf26c	No error (0)	consentdeliveryfd.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:18.319799900 CET	8.8.8.8	192.168.2.5	0xac9d	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:18.319799900 CET	8.8.8.8	192.168.2.5	0xac9d	No error (0)	googlehosted.l.googleusercontent.com		172.217.22.225	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:21.712393999 CET	8.8.8.8	192.168.2.5	0x8e0	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:40.369539976 CET	8.8.8.8	192.168.2.5	0x46af	No error (0)	mem.gfx.ms	cdn.account.microsoft.com.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:40.376121044 CET	8.8.8.8	192.168.2.5	0x6169	No error (0)	microsoftwindows.112.2o7.net		35.181.18.61	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:40.376121044 CET	8.8.8.8	192.168.2.5	0x6169	No error (0)	microsoftwindows.112.2o7.net		15.237.76.117	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:40.376121044 CET	8.8.8.8	192.168.2.5	0x6169	No error (0)	microsoftwindows.112.2o7.net		15.237.136.106	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.012713909 CET	8.8.8.8	192.168.2.5	0xc977	No error (0)	publisher.liveperson.net	publisher.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:41.012713909 CET	8.8.8.8	192.168.2.5	0xc977	No error (0)	liveperson.map.fastly.net		151.101.1.192	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.012713909 CET	8.8.8.8	192.168.2.5	0xc977	No error (0)	liveperson.map.fastly.net		151.101.65.192	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.012713909 CET	8.8.8.8	192.168.2.5	0xc977	No error (0)	liveperson.map.fastly.net		151.101.129.192	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.012713909 CET	8.8.8.8	192.168.2.5	0xc977	No error (0)	liveperson.map.fastly.net		151.101.193.192	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:41.305084944 CET	8.8.8.8	192.168.2.5	0xba8a	No error (0)	lptag.liveperson.net	lptag.liveperson.cotcdb.net.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:42.388536930 CET	8.8.8.8	192.168.2.5	0x7a1c	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:42.778425932 CET	8.8.8.8	192.168.2.5	0x8425	No error (0)	static-assets.fs.liveperson.com	dh1y47vf5ttia.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:42.778425932 CET	8.8.8.8	192.168.2.5	0x8425	No error (0)	dh1y47vf5ttia.cloudfront.net		143.204.11.14	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.778425932 CET	8.8.8.8	192.168.2.5	0x8425	No error (0)	dh1y47vf5ttia.cloudfront.net		143.204.11.110	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.778425932 CET	8.8.8.8	192.168.2.5	0x8425	No error (0)	dh1y47vf5ttia.cloudfront.net		143.204.11.3	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.778425932 CET	8.8.8.8	192.168.2.5	0x8425	No error (0)	dh1y47vf5ttia.cloudfront.net		143.204.11.96	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:42.779488087 CET	8.8.8.8	192.168.2.5	0x95d8	No error (0)	accdn.lpsnmedia.net	accdn.lpsnmedia.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:43.410963058 CET	8.8.8.8	192.168.2.5	0xbcb	No error (0)	logincdn.msauth.net	lgincdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:43.410963058 CET	8.8.8.8	192.168.2.5	0xbcb	No error (0)	cs1227.wpc.alphacdn.net		192.229.221.185	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:44.791071892 CET	8.8.8.8	192.168.2.5	0x4780	No error (0)	lpcdn.lpsnmedia.net	lpcdn.lpsnmedia.livepersonk.akadns.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:46.481569052 CET	8.8.8.8	192.168.2.5	0x3d4	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:47.571866989 CET	8.8.8.8	192.168.2.5	0xb80f	No error (0)	va.v.liveperson.net		208.89.12.87	A (IP address)	IN (0x0001)
Jan 27, 2021 15:13:59.072664022 CET	8.8.8.8	192.168.2.5	0x3ad2	No error (0)	bingexplore.azurewebsites.net	waws-prod-ch1-019.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:13:59.072664022 CET	8.8.8.8	192.168.2.5	0x3ad2	No error (0)	waws-prod-ch1-019.sip.azurewebsites.windows.net	waws-prod-ch1-019.cloudapp.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:14:02.860148907 CET	8.8.8.8	192.168.2.5	0x4478	No error (0)	bingexplore.azurewebsites.net	waws-prod-ch1-019.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:14:02.860148907 CET	8.8.8.8	192.168.2.5	0x4478	No error (0)	waws-prod-ch1-019.sip.azurewebsites.windows.net	waws-prod-ch1-019.cloudapp.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:14:05.882539988 CET	8.8.8.8	192.168.2.5	0x5256	No error (0)	amp.azure.net	160c1.wpc.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 27, 2021 15:14:23.971106052 CET	8.8.8.8	192.168.2.5	0x144d	No error (0)	mcraa.fs.liveperson.com		3.218.234.129	A (IP address)	IN (0x0001)
Jan 27, 2021 15:14:23.971106052 CET	8.8.8.8	192.168.2.5	0x144d	No error (0)	mcraa.fs.liveperson.com		3.214.173.81	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 27, 2021 15:13:07.545150995 CET	152.199.23.37	443	192.168.2.5	49748	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 27, 2021 15:13:07.548867941 CET	152.199.23.37	443	192.168.2.5	49749	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 27, 2021 15:13:07.723223925 CET	152.199.23.37	443	192.168.2.5	49750	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 27, 2021 15:13:07.723788977 CET	152.199.23.37	443	192.168.2.5	49751	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 27, 2021 15:13:07.921196938 CET	152.199.23.37	443	192.168.2.5	49752	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 27, 2021 15:13:41.105614901 CET	151.101.1.192	443	192.168.2.5	49857	CN=liveperson.net, O="LivePerson, Inc.", L=New York, ST=New York, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Mar 27 04:17:26 CET 2020 Wed Aug 19 02:00:00 CEST 2015	Sun Mar 28 05:17:26 CEST 2021 Tue Aug 19 02:00:00 CEST 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jan 27, 2021 15:13:41.105614901 CET	151.101.1.192	443	192.168.2.5	49857	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Aug 19 02:00:00 CEST 2015	Tue Aug 19 02:00:00 CEST 2025		b32309a26951912be7dba376398abc3b
Jan 27, 2021 15:13:48.040894032 CET	208.89.12.87	443	192.168.2.5	49919	CN=*.v.liveperson.net, OU="LivePerson, Inc.", O="LivePerson, Inc", STREET=475 10TH AVE FL 5, L=New York, ST=New York, OID.2.5.4.17=10018, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon Apr 13 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Thu Apr 14 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5508 Parent PID: 3896

General

Start time:	15:12:57
Start date:	27/01/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ=='
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 1704 Parent PID: 5508

General

Start time:	15:12:58
Start date:	27/01/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,13880197655046322879,7359506738743907629,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1692 /prefetch:8
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://ww-agf.primside.ga/YW5keS5rb2NoYXJAYWdmLmNvbQ==

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5508 Parent PID: 3896

General

Analysis Process: chrome.exe PID: 1704 Parent PID: 5508

General

Disassembly