Play interactive tour

Edit tour

Windows Analysis Report https://create.piktochart.com/output/55231820-voir-le-document-complet

Overview

General Information

Sample URL:	https://create.piktochart.com/output/55231820-voir-le-document-complet
Analysis ID:	452740
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish29

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5752 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://create.piktochart.com/output/55231820-voir-le-document-complet' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5012 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,17532982768526373494,12220488661392661405,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://create.piktochart.com/output/55231820-voir-le-document-complet

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish29

Show sources

Source: Yara match	File source: 08074.pages.csv, type: HTML
Source: Yara match	File source: 58006.pages.csv, type: HTML
Source: Yara match	File source: 06665.pages.csv, type: HTML

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 104.17.211.204:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.71.176:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.115.176:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.234.204:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.234.204:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.71.176:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.115.176:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.8:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.189:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.71.238:443 -> 192.168.2.5:49767 version: TLS 1.2

Source: Reporting and NEL.4.dr	String found in binary or memory: #chttpswww.facebook.com equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: https://www.facebook.com/v2.0/plugins/comments.php?app_id=360137457436393&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df146defd036afac%26domain%3Dcreate.piktochart.com%26origin%3Dhttps%253A%252F%252Fcreate.piktochart.com%252Ff363b0f8378c408%26relation%3Dparent.parent&container_width=849&height=100&href=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet&locale=en_US&sdk=joey&version=v2.0&width=800 equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=360137457436393&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df13e597513e9cd%26domain%3Dcreate.piktochart.com%26origin%3Dhttps%253A%252F%252Fcreate.piktochart.com%252Ff363b0f8378c408%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90 equals www.facebook.com (Facebook)
Source: Reporting and NEL.4.dr	String found in binary or memory: httpswww.facebook.com equals www.facebook.com (Facebook)
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572347334","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572348316","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572592844","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13274072572592850","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r2---sn-h0jeener.gvt1.com"},{"isolation":[],"server":"https://js.hs-scripts.com","supports_spdy":true},{"isolation":[],"server":"https://assets.pinterest.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072573064592","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googletagmanager.com","supports_spdy":true},{"isolation":[],"server":"https://z.moatads.com","supports_spdy":true},{"isolation":[],"server":"https://a.nel.cloudflare.com","supports_spdy":true},{"isolation":[],"server":"https://js.hsleadflows.net","supports_spdy":true},{"isolation":[],"server":"https://js.hs-analytics.net","supports_spdy":true},{"isolation":[],"server":"https://js.hsadspixel.net","supports_spdy":true},{"isolation":[],"server":"https://connect.facebook.net","supports_spdy":true},{"isolation":[],"server":"https://fonts.piktochart.com","supports_spdy":true},{"isolation":[],"server":"https://s7.addthis.com","supports_spdy":true},{"isolation":[],"server":"https://api-public.addthis.com","supports_spdy":true},{"isolation":[],"server":"https://www.facebook.com","supports_spdy":true},{"isolation":[],"server":"https://track.hubspot.com","supports_spdy":true},{"isolation":[],"server":"https://js.hs-banner.com","supports_spdy":true},{"isolation":[],"server":"https://beacon-v2.helpscout.net","supports_spdy":true},{"isolation":[],"server":"https://syndication.twitter.com","supports_spdy":true},{"isolation":[],"server":"https://create.piktochart.com","supports_spdy":true},{"isolation":[],"server":"https://d3hb14vkzrxvla.cloudfront.net","supports_spdy":true},{"isolation":[],"server":"https://forms.hubspot.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072587581116","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.googleusercontent.com","suppo
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572347334","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572348316","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572592844","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13274072572592850","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r2---sn-h0jeener.gvt1.com"},{"isolation":[],"server":"https://js.hs-scripts.com","supports_spdy":true},{"isolation":[],"server":"https://assets.pinterest.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072573064592","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googletagmanager.com","supports_spdy":true},{"isolation":[],"server":"https://z.moatads.com","supports_spdy":true},{"isolation":[],"server":"https://a.nel.cloudflare.com","supports_spdy":true},{"isolation":[],"server":"https://js.hsleadflows.net","supports_spdy":true},{"isolation":[],"server":"https://js.hs-analytics.net","supports_spdy":true},{"isolation":[],"server":"https://js.hsadspixel.net","supports_spdy":true},{"isolation":[],"server":"https://connect.facebook.net","supports_spdy":true},{"isolation":[],"server":"https://fonts.piktochart.com","supports_spdy":true},{"isolation":[],"server":"https://s7.addthis.com","supports_spdy":true},{"isolation":[],"server":"https://api-public.addthis.com","supports_spdy":true},{"isolation":[],"server":"https://www.facebook.com","supports_spdy":true},{"isolation":[],"server":"https://track.hubspot.com","supports_spdy":true},{"isolation":[],"server":"https://js.hs-banner.com","supports_spdy":true},{"isolation":[],"server":"https://beacon-v2.helpscout.net","supports_spdy":true},{"isolation":[],"server":"https://syndication.twitter.com","supports_spdy":true},{"isolation":[],"server":"https://create.piktochart.com","supports_spdy":true},{"isolation":[],"server":"https://d3hb14vkzrxvla.cloudfront.net","supports_spdy":true},{"isolation":[],"server":"https://forms.hubspot.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072587581116","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.googleusercontent.com","suppo

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://a.nel.cloudflare.com
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=5IF%2Bghr6csx52DsAmrAbRXJrcRcpo%2BVh250eW%2Bj9NniPB3FArGmg6
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=Dpom3ejcsjx3ri8FvujfYK6Jog83WFceuzyDWun1q6HCuHCz2luTuPSgqjq
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=SjvZWKEeWmafluVFV4OmxKmQqWvcFbNioBjjZaOrLNSjEXjYZHRlLGdBpEN
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=SrEqmE0RArYXFTxkrz18FfTuLmfJMlzTDzuXpnMtgWpjaXi99CbSEWJrxeW
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=cVeamK9%2BzE%2FXKaKII%2Bec4c%2Blh1ckBD6ibuDrf6WGQtqqZYcfKSZ
Source: Reporting and NEL.4.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=ok6DoTxOvKrr36f3FRk9FOD%2FsL6Uc3pk2oIvOin5teE4pexrYrlzlwnjx
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://accounts.google.com
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://api-public.addthis.com
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://apis.google.com
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://assets.pinterest.com
Source: ddd24a849a7d969b_0.1.dr	String found in binary or memory: https://beacon-v2.helpscout.net/static/js/main.8d8df292.js
Source: dd6f4ba140e73b7c_0.1.dr	String found in binary or memory: https://beacon-v2.helpscout.net/static/js/vendor.3987c6ee.js
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://connect.facebook.net
Source: 9be232425752a77d_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 21c18fb9ca077705_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js
Source: 27958a9e606be339_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/sdk.js?hash=67f66cc8858252eee8f3c709fecb9e55
Source: 4149c5502c3a6381_0.1.dr	String found in binary or memory: https://connect.facebook.net/signals/config/1376538882436128?v=2.9.43&r=stable
Source: manifest.json0.1.dr	String found in binary or memory: https://content.googleapis.com
Source: 000003.log3.1.dr	String found in binary or memory: https://create.piktochart.com
Source: Current Session.1.dr, 000003.log0.1.dr	String found in binary or memory: https://create.piktochart.com/
Source: 4f316a51b12971ff_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/0-12328b9d54bdab438f26-bundle.js
Source: fe39d35c85990904_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/1-fa45cb67e5e65f3b8807-bundle.js
Source: ab74d73a1ef97342_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/50-96e7d07fdff0911b44a2-bundle.js
Source: dd7f95b54e3ba22e_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/6-d91ac5ca25e3adc1ca9a-bundle.js
Source: db4b65f7477f4e6b_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/7-33479796fc828dbb502d-bundle.js
Source: 2fe82c74fd70b364_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/82-09a41c0d0089928b860f-bundle.js
Source: b6b3d5da9b0df756_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/magic-9602756920677fa84a49-bundle.js
Source: 65e6498e539a29eb_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/runtime~magic-bundle-f36cc413ca689855c72c.js
Source: 8dbfa43630072d16_0.1.dr	String found in binary or memory: https://create.piktochart.com/assets/shared/module/oldie-browser-8dd053866fb9c0f8595e7ecc8a15a1f1d15
Source: Favicons.1.dr	String found in binary or memory: https://create.piktochart.com/favicon.png
Source: 000003.log3.1.dr	String found in binary or memory: https://create.piktochart.com/output/55231820-voir-le-document-complet
Source: History Provider Cache.1.dr	String found in binary or memory: https://create.piktochart.com/output/55231820-voir-le-document-complet23VOIR
Source: Current Session.1.dr	String found in binary or memory: https://create.piktochart.com/output/55231820-voir-le-document-complet3VOIR
Source: History.1.dr	String found in binary or memory: https://create.piktochart.com/output/55231820-voir-le-document-completVOIR
Source: Current Session.1.dr	String found in binary or memory: https://create.piktochart.comh
Source: Reporting and NEL.4.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr, f9be0920-44a8-41f4-93e8-e3dd8dc6477b.tmp.4.dr, 5a776fe8-c5e7-412a-aa9a-00022882cdd5.tmp.4.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://fonts.piktochart.com
Source: manifest.json0.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://js.hs-analytics.net
Source: 084bef842f7a1f6c_0.1.dr	String found in binary or memory: https://js.hs-analytics.net/analytics/1626974400000/8163022.js
Source: 4827d11ed506017d_0.1.dr	String found in binary or memory: https://js.hs-banner.com/8163022.js
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://js.hs-scripts.com
Source: f53bc223cfda59dd_0.1.dr	String found in binary or memory: https://js.hs-scripts.com/8163022.js
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://js.hsadspixel.net
Source: 43f2fe14e13bce26_0.1.dr	String found in binary or memory: https://js.hsadspixel.net/fb.js
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://js.hsleadflows.net
Source: 21c843c2c4bf3dca_0.1.dr	String found in binary or memory: https://js.hsleadflows.net/leadflows.js
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: dd6f4ba140e73b7c_0.1.dr, 21c843c2c4bf3dca_0.1.dr, 4f316a51b12971ff_0.1.dr, 38f7fc15f7830d68_0.1.dr	String found in binary or memory: https://piktochart.com/
Source: 71c6bfad12ed3bc2_0.1.dr	String found in binary or memory: https://piktochart.com/5n?
Source: 91c01328c9fc2b6d_0.1.dr	String found in binary or memory: https://piktochart.com/9u3
Source: 65e6498e539a29eb_0.1.dr	String found in binary or memory: https://piktochart.com/L
Source: 27958a9e606be339_0.1.dr	String found in binary or memory: https://piktochart.com/Q
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/blog/11-2020-release-introducing-two-factor-authentication-and-saml/
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/blog/introducing-tables/
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/blog/piktostory-launch/
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/blog/product-updates-did-someone-say-new-features/
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/blog/video-storytelling-for-everyone/
Source: f00c39eff1ea5177_0.1.dr	String found in binary or memory: https://piktochart.com/i
Source: 084bef842f7a1f6c_0.1.dr	String found in binary or memory: https://piktochart.com/k
Source: 1d263bb56d0ae389_0.1.dr	String found in binary or memory: https://piktochart.com/r
Source: f53bc223cfda59dd_0.1.dr	String found in binary or memory: https://piktochart.com/tC4
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/wp-content/uploads/2020/02/Update-February20-1920x1080-1-300x169.png
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/wp-content/uploads/2020/10/Update-October20-1920x1080-1-300x169.png
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/wp-content/uploads/2020/11/Product-Update-1920x1080-1-300x169.png
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/wp-content/uploads/2021/04/April-product-update-blog-cover-300x169.png
Source: 000003.log3.1.dr	String found in binary or memory: https://piktochart.com/wp-content/uploads/2021/05/Product-Update-May-300x169.png
Source: d7f4fb9b5d8e2e09_0.1.dr	String found in binary or memory: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Source: 38f7fc15f7830d68_0.1.dr	String found in binary or memory: https://platform.twitter.com/widgets.js
Source: Current Session.1.dr	String found in binary or memory: https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html#dnt=false
Source: Current Session.1.dr	String found in binary or memory: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=http
Source: Current Session.1.dr	String found in binary or memory: https://prosalonbox.org//doc/weds/office
Source: Current Session.1.dr	String found in binary or memory: https://prosalonbox.org//doc/weds/officePP;_W&/
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://redirector.gvt1.com
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://s7.addthis.com
Source: 1d263bb56d0ae389_0.1.dr	String found in binary or memory: https://s7.addthis.com/js/300/addthis_widget.js
Source: f00c39eff1ea5177_0.1.dr	String found in binary or memory: https://s7.addthis.com/static/counter.d27508c102582d608697.js
Source: Current Session.1.dr	String found in binary or memory: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html#rand=0.36598255868471297&iit=16270069
Source: manifest.json.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 8e2a1c4ca92f95b7_0.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 8e2a1c4ca92f95b7_0.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: 054373a4275cb454_0.1.dr, 8e2a1c4ca92f95b7_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 8e2a1c4ca92f95b7_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.jsaD
Source: 8e2a1c4ca92f95b7_0.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com;
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 91c01328c9fc2b6d_0.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-TZB2X4X&gtm_auth=JgKKw811eIFTYt99LuIllA&gtm_preview=e
Source: 6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.gstatic.com;
Source: 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	String found in binary or memory: https://z.moatads.com
Source: 71c6bfad12ed3bc2_0.1.dr	String found in binary or memory: https://z.moatads.com/addthismoatframe568911941483/moatframe.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.17.211.204:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.71.176:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.115.176:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.234.204:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.234.204:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.71.176:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.115.176:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.8:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.189:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.71.238:443 -> 192.168.2.5:49767 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@44/254@31/28

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60FA27F6-1678.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\9e63025c-409b-470e-b075-9c8fbde5d74f.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://create.piktochart.com/output/55231820-voir-le-document-complet'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,17532982768526373494,12220488661392661405,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,17532982768526373494,12220488661392661405,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://create.piktochart.com/output/55231820-voir-le-document-complet	0%	Avira URL Cloud	safe
https://create.piktochart.com/output/55231820-voir-le-document-complet	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://js.hsleadflows.net/leadflows.js	0%	URL Reputation	safe
https://js.hsleadflows.net/leadflows.js	0%	URL Reputation	safe
https://js.hsleadflows.net/leadflows.js	0%	URL Reputation	safe
https://js.hsleadflows.net/leadflows.js	0%	URL Reputation	safe
https://js.hs-banner.com/8163022.js	0%	Avira URL Cloud	safe
https://prosalonbox.org//doc/weds/officePP;_W&/	0%	Avira URL Cloud	safe
https://create.piktochart.comh	0%	Avira URL Cloud	safe
https://js.hs-analytics.net/analytics/1626974400000/8163022.js	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://js.hs-analytics.net	0%	Avira URL Cloud	safe
https://prosalonbox.org//doc/weds/office	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://js.hsadspixel.net/fb.js	0%	URL Reputation	safe
https://js.hsadspixel.net/fb.js	0%	URL Reputation	safe
https://js.hsadspixel.net/fb.js	0%	URL Reputation	safe
https://js.hsleadflows.net	0%	Avira URL Cloud	safe
https://z.moatads.com	0%	Avira URL Cloud	safe
https://js.hsadspixel.net	0%	Avira URL Cloud	safe
https://z.moatads.com/addthismoatframe568911941483/moatframe.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
gstaticadssl.l.google.com	172.217.168.3	true	false	high
c0.piktochart.com	172.67.71.238	true	false	high
forms.hubspot.com	104.19.155.83	true	false	high
js.hs-analytics.net	104.17.71.176	true	false	unknown
fonts.piktochart.com	172.67.71.238	true	false	high
scontent.xx.fbcdn.net	157.240.17.15	true	false	high
track.hubspot.com	104.19.154.83	true	false	high
js.hs-scripts.com	104.17.211.204	true	false	high
beacon-v2.helpscout.net	52.84.109.11	true	false	high
js.hs-banner.com	104.18.21.191	true	false	unknown
star-mini.c10r.facebook.com	157.240.223.35	true	false	high
twitter.com	104.244.42.193	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	172.217.168.45	true	false	high
www-google-analytics.l.google.com	216.58.215.238	true	false	high
www-googletagmanager.l.google.com	172.217.168.8	true	false	high
js.hsadspixel.net	104.17.115.176	true	false	unknown
piktochart.com	172.67.71.238	true	false	high
d3hb14vkzrxvla.cloudfront.net	52.84.107.89	true	false	high
cs41.wac.edgecastcdn.net	93.184.220.66	true	false	high
create.piktochart.com	104.26.13.189	true	false	high
syndication.twitter.com	104.244.42.8	true	false	high
js.hsleadflows.net	104.17.234.204	true	false	unknown
dualstack.pinterest.map.fastly.net	151.101.112.84	true	false	unknown
clients.l.google.com	142.250.203.110	true	false	high
googlehosted.l.googleusercontent.com	142.250.203.97	true	false	high
prosalonbox.org	162.241.69.226	true	false	unknown
z.moatads.com	unknown	unknown	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
platform.twitter.com	unknown	unknown	false	high
m.addthis.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
s7.addthis.com	unknown	unknown	false	high
connect.facebook.net	unknown	unknown	false	high
api-public.addthis.com	unknown	unknown	false	high
assets.pinterest.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://create.piktochart.com/output/55231820-voir-le-document-complet	false	high
https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html#dnt=false&id=twitter-widget-0&lang=en&original_referer=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet&size=m&text=VOIR%20LE%20DOCUMENT%20COMPLET&time=1627006977318&type=share&url=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet%23.YPon_VaHxHQ.twitter	false	high
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html#rand=0.36598255868471297&iit=1627006973545&tmr=load%3D1627006973480%26core%3D1627006973522%26main%3D1627006973535%26ifr%3D1627006973548&cb=0&cdn=0&md=0&kw=piktochart%2Cinfographic%2Ceditor%2Cinfographic%20editor&ab=-&dh=create.piktochart.com&dr=&du=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet&href=https%3A%2F%2Fcreate.piktochart.com%2Foutput%2F55231820-voir-le-document-complet&dt=VOIR%20LE%20DOCUMENT%20COMPLET&dbg=0&cap=tc%3D0%26ab%3D0&inst=1&jsl=1&prod=undefined&lng=en&ogt=image%2Curl%2Cdescription%2Ctitle%2Ctype%3Dwebsite&pc=men&pub=&ssl=1&sid=60fa27fd2ee0956c&srf=0.01&ver=300&xck=0&xtr=0&og=type%3Dwebsite%26title%3DVOIR%2520LE%2520DOCUMENT%2520COMPLET%26description%3DVOIR%2520LE%2520DOCUMENT%2520COMPLET%2520%257C%2520Piktochart%2520Visual%2520Editor%26url%3Dhttps%253A%252F%252Fcreate.piktochart.com%252Foutput%252F55231820-voir-le-document-complet%26image%3Dhttps%253A%252F%252Fc0.piktochart.com%252Fv2%252Finfographics%252Fe814c00d-dced-4a67-b91f-be234ea2850e%252F09fe00ec37cdc9ce0178b0b567606077b7444264_original.jpg&csi=undefined&rev=v8.28.8-wp&ct=1&xld=1&xd=1	false	high
https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcreate.piktochart.com	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://beacon-v2.helpscout.net/static/js/main.8d8df292.js	ddd24a849a7d969b_0.1.dr	false		high
https://fonts.piktochart.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/5n?	71c6bfad12ed3bc2_0.1.dr	false		high
https://create.piktochart.com/assets/50-96e7d07fdff0911b44a2-bundle.js	ab74d73a1ef97342_0.1.dr	false		high
https://piktochart.com/blog/introducing-tables/	000003.log3.1.dr	false		high
https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=http	Current Session.1.dr	false		high
https://create.piktochart.com/output/55231820-voir-le-document-complet3VOIR	Current Session.1.dr	false		high
https://piktochart.com/wp-content/uploads/2021/05/Product-Update-May-300x169.png	000003.log3.1.dr	false		high
https://a.nel.cloudflare.com/report/v3?s=5IF%2Bghr6csx52DsAmrAbRXJrcRcpo%2BVh250eW%2Bj9NniPB3FArGmg6	Reporting and NEL.4.dr	false		high
https://s7.addthis.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/L	65e6498e539a29eb_0.1.dr	false		high
https://js.hsleadflows.net/leadflows.js	21c843c2c4bf3dca_0.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://piktochart.com/Q	27958a9e606be339_0.1.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
https://create.piktochart.com/assets/7-33479796fc828dbb502d-bundle.js	db4b65f7477f4e6b_0.1.dr	false		high
https://piktochart.com/blog/product-updates-did-someone-say-new-features/	000003.log3.1.dr	false		high
https://js.hs-banner.com/8163022.js	4827d11ed506017d_0.1.dr	false	Avira URL Cloud: safe	unknown
https://piktochart.com/wp-content/uploads/2020/02/Update-February20-1920x1080-1-300x169.png	000003.log3.1.dr	false		high
https://assets.pinterest.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://www.google.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://create.piktochart.com/output/55231820-voir-le-document-complet	000003.log3.1.dr	false		high
https://prosalonbox.org//doc/weds/officePP;_W&/	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://connect.facebook.net/en_US/sdk.js	21c18fb9ca077705_0.1.dr	false		high
https://create.piktochart.comh	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://beacon-v2.helpscout.net/static/js/vendor.3987c6ee.js	dd6f4ba140e73b7c_0.1.dr	false		high
https://platform.twitter.com/widgets.js	38f7fc15f7830d68_0.1.dr	false		high
https://create.piktochart.com/output/55231820-voir-le-document-complet23VOIR	History Provider Cache.1.dr	false		high
https://s7.addthis.com/static/counter.d27508c102582d608697.js	f00c39eff1ea5177_0.1.dr	false		high
https://connect.facebook.net/en_US/fbevents.js	9be232425752a77d_0.1.dr	false		high
https://connect.facebook.net/en_US/sdk.js?hash=67f66cc8858252eee8f3c709fecb9e55	27958a9e606be339_0.1.dr	false		high
https://accounts.google.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/i	f00c39eff1ea5177_0.1.dr	false		high
https://piktochart.com/wp-content/uploads/2020/11/Product-Update-1920x1080-1-300x169.png	000003.log3.1.dr	false		high
https://piktochart.com/k	084bef842f7a1f6c_0.1.dr	false		high
https://js.hs-scripts.com/8163022.js	f53bc223cfda59dd_0.1.dr	false		high
https://create.piktochart.com/assets/shared/module/oldie-browser-8dd053866fb9c0f8595e7ecc8a15a1f1d15	8dbfa43630072d16_0.1.dr	false		high
https://js.hs-analytics.net/analytics/1626974400000/8163022.js	084bef842f7a1f6c_0.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	8e2a1c4ca92f95b7_0.1.dr	false		high
https://apis.google.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, manifest.json0.1.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/wp-content/uploads/2021/04/April-product-update-blog-cover-300x169.png	000003.log3.1.dr	false		high
https://piktochart.com/blog/video-storytelling-for-everyone/	000003.log3.1.dr	false		high
https://piktochart.com/r	1d263bb56d0ae389_0.1.dr	false		high
https://piktochart.com/blog/11-2020-release-introducing-two-factor-authentication-and-saml/	000003.log3.1.dr	false		high
https://csp.withgoogle.com/csp/report-to/downloads-lorry	Reporting and NEL.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://clients2.google.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	false		high
https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js	d7f4fb9b5d8e2e09_0.1.dr	false		high
https://create.piktochart.com/assets/6-d91ac5ca25e3adc1ca9a-bundle.js	dd7f95b54e3ba22e_0.1.dr	false		high
https://piktochart.com/blog/piktostory-launch/	000003.log3.1.dr	false		high
https://dns.google	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr, f9be0920-44a8-41f4-93e8-e3dd8dc6477b.tmp.4.dr, 5a776fe8-c5e7-412a-aa9a-00022882cdd5.tmp.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://js.hs-analytics.net	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=ok6DoTxOvKrr36f3FRk9FOD%2FsL6Uc3pk2oIvOin5teE4pexrYrlzlwnjx	Reporting and NEL.4.dr	false		high
https://ogs.google.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr, 1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/tC4	f53bc223cfda59dd_0.1.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json83.1.dr	false		high
https://create.piktochart.com/output/55231820-voir-le-document-completVOIR	History.1.dr	false		high
https://prosalonbox.org//doc/weds/office	Current Session.1.dr	false	Avira URL Cloud: safe	unknown
https://create.piktochart.com/assets/magic-9602756920677fa84a49-bundle.js	b6b3d5da9b0df756_0.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
https://create.piktochart.com	000003.log3.1.dr	false		high
https://www.google.com;	manifest.json0.1.dr	false	Avira URL Cloud: safe	low
https://js.hsadspixel.net/fb.js	43f2fe14e13bce26_0.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://hangouts.google.com/	manifest.json0.1.dr	false		high
https://s7.addthis.com/js/300/addthis_widget.js	1d263bb56d0ae389_0.1.dr	false		high
https://tagassistant.google.com/	8e2a1c4ca92f95b7_0.1.dr	false		high
https://connect.facebook.net/signals/config/1376538882436128?v=2.9.43&r=stable	4149c5502c3a6381_0.1.dr	false		high
https://js.hsleadflows.net	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://piktochart.com/9u3	91c01328c9fc2b6d_0.1.dr	false		high
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html#rand=0.36598255868471297&iit=16270069	Current Session.1.dr	false		high
https://z.moatads.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://js.hsadspixel.net	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://piktochart.com/wp-content/uploads/2020/10/Update-October20-1920x1080-1-300x169.png	000003.log3.1.dr	false		high
https://a.nel.cloudflare.com/report/v3?s=Dpom3ejcsjx3ri8FvujfYK6Jog83WFceuzyDWun1q6HCuHCz2luTuPSgqjq	Reporting and NEL.4.dr	false		high
https://js.hs-scripts.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high
https://create.piktochart.com/favicon.png	Favicons.1.dr	false		high
https://a.nel.cloudflare.com/report/v3?s=SjvZWKEeWmafluVFV4OmxKmQqWvcFbNioBjjZaOrLNSjEXjYZHRlLGdBpEN	Reporting and NEL.4.dr	false		high
https://create.piktochart.com/	Current Session.1.dr, 000003.log0.1.dr	false		high
https://create.piktochart.com/assets/1-fa45cb67e5e65f3b8807-bundle.js	fe39d35c85990904_0.1.dr	false		high
https://support.google.com/chromecast/answer/2998456	messages.json83.1.dr	false		high
https://a.nel.cloudflare.com/report/v3?s=cVeamK9%2BzE%2FXKaKII%2Bec4c%2Blh1ckBD6ibuDrf6WGQtqqZYcfKSZ	Reporting and NEL.4.dr	false		high
https://clients2.googleusercontent.com	6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp.4.dr	false		high
https://platform.twitter.com/widgets/tweet_button.06c6ee58c3810956b7509218508c7b56.en.html#dnt=false	Current Session.1.dr	false		high
https://create.piktochart.com/assets/0-12328b9d54bdab438f26-bundle.js	4f316a51b12971ff_0.1.dr	false		high
https://www.google.com/	manifest.json.1.dr	false		high
https://create.piktochart.com/assets/82-09a41c0d0089928b860f-bundle.js	2fe82c74fd70b364_0.1.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.1.dr	false		high
https://z.moatads.com/addthismoatframe568911941483/moatframe.js	71c6bfad12ed3bc2_0.1.dr	false	Avira URL Cloud: safe	unknown
https://create.piktochart.com/assets/runtime~magic-bundle-f36cc413ca689855c72c.js	65e6498e539a29eb_0.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.1.dr	false		high
https://piktochart.com/	dd6f4ba140e73b7c_0.1.dr, 21c843c2c4bf3dca_0.1.dr, 4f316a51b12971ff_0.1.dr, 38f7fc15f7830d68_0.1.dr	false		high
https://api-public.addthis.com	1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp.4.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.19.155.83	forms.hubspot.com	United States	13335	CLOUDFLARENETUS	false
172.67.71.238	c0.piktochart.com	United States	13335	CLOUDFLARENETUS	false
216.58.215.238	www-google-analytics.l.google.com	United States	15169	GOOGLEUS	false
93.184.220.66	cs41.wac.edgecastcdn.net	European Union	15133	EDGECASTUS	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
52.84.107.89	d3hb14vkzrxvla.cloudfront.net	United States	16509	AMAZON-02US	false
104.17.71.176	js.hs-analytics.net	United States	13335	CLOUDFLARENETUS	false
104.26.13.189	create.piktochart.com	United States	13335	CLOUDFLARENETUS	false
157.240.17.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.168.8	www-googletagmanager.l.google.com	United States	15169	GOOGLEUS	false
104.17.115.176	js.hsadspixel.net	United States	13335	CLOUDFLARENETUS	false
142.250.203.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.217.168.3	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
104.18.21.191	js.hs-banner.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
52.84.109.11	beacon-v2.helpscout.net	United States	16509	AMAZON-02US	false
104.17.211.204	js.hs-scripts.com	United States	13335	CLOUDFLARENETUS	false
104.19.154.83	track.hubspot.com	United States	13335	CLOUDFLARENETUS	false
104.244.42.8	syndication.twitter.com	United States	13414	TWITTERUS	false
157.240.223.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
104.17.234.204	js.hsleadflows.net	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.112.84	dualstack.pinterest.map.fastly.net	United States	54113	FASTLYUS	false
162.241.69.226	prosalonbox.org	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.1
192.168.2.255
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	452740
Start date:	22.07.2021
Start time:	19:21:55
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 2s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://create.piktochart.com/output/55231820-voir-le-document-complet
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@44/254@31/28
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://prosalonbox.org//doc/weds/office
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.42.151.234, 23.211.6.115, 168.61.161.212, 172.217.168.67, 172.217.168.14, 172.217.133.103, 34.104.35.123, 23.211.4.163, 23.35.237.151, 142.250.203.106, 104.75.88.126, 23.211.4.189, 204.79.197.200, 13.107.21.200, 23.35.236.56, 216.58.215.234, 172.217.168.10, 172.217.168.42, 172.217.168.74, 13.107.42.23, 13.107.5.88, 93.184.220.29, 51.103.5.186, 20.82.209.183, 142.250.203.99, 40.126.31.4, 40.126.31.137, 40.126.31.1, 20.190.159.136, 20.190.159.138, 40.126.31.141, 20.190.159.132, 20.190.159.134, 20.50.102.62, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, 2-01-37d2-0006.cdx.cedexis.net, ocsp.digicert.com, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, watson.telemetry.microsoft.com, www.gstatic.com, www.google-analytics.com, www.bing.com, fonts.googleapis.com, fs.microsoft.com, afdo-tas-offload.trafficmanager.net, dual-a-0001.a-msedge.net, e4016.a.akamaiedge.net, skypedataprdcolcus17.cloudapp.net, r2---sn-h0jeener.gvt1.com, www.tm.a.prd.aadg.akadns.net, www.googleapis.com, edgedl.me.gvt1.com, ds-api-public.addthis.com.edgekey.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, wac.apr-8315.edgecastdns.net, www.tm.lg.prod.aadmsa.trafficmanager.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, wildcard.moatads.com.edgekey.net, e6449.dsca.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, redirector.gvt1.com, www.googletagmanager.com, arc.trafficmanager.net, r2.sn-h0jeener.gvt1.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, ds-s7.addthis.com.edgekey.net, client.wns.windows.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fonts.gstatic.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, s.pinimg.com.edgekey.net, e13136.g.akamaiedge.net, ds-m.addthisedge.com.edgekey.net, l-0014.l-msedge.net, skypedataprdcolwus16.cloudapp.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\1fd1eb92-dfae-4eee-b05e-1a2a58cfdc48.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	368957
Entropy (8bit):	6.027731017846728
Encrypted:	false
SSDEEP:	6144:yeuVhcD1QqqO9y+9pjtK38Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHV:aV21H99t5xzurRDn9nfNxF4ijZVtilBa
MD5:	57E224F918F7166FE4C3BF3C5F26762A
SHA1:	2A54ABACC6ADFB642008C078769C1654B50FF5B3
SHA-256:	7867E2ECFC74A5F9FF89B08D1729A08EDC35579472B32155BB11EEF26029ABF3
SHA-512:	3B844550B0D723E7CA5D576C10EB171AA2F4D38572456684ECF52F546B56AFC645A363A18562AC167F775523C0D6BB5E208D3A58EF4164599C3B18DF791DAFD2
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.627006971673655e+12,"network":1.626974572e+12,"ticks":4542434957.0,"uncertainty":2814720.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075289684"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\4815e150-2986-4cbc-a951-c2ce4016fa79.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.751999276323683
Encrypted:	false
SSDEEP:	384:ZDadlbAOnYHnVMSBMNxr6vVv3ex7OHfGGClrQTV1xuvbrar4pmwESQvRFpqO7LdH:Z+KtFufwGQebpLHEnrCzKpPlF9
MD5:	805A807F170B26512124D82370E7C302
SHA1:	9C5BCCF3344DBA2CB58242C6773462927C26AF00
SHA-256:	F7F85CE164DD6A6C36814E678E09A3F304B149406570DFB20161406AFD4596F8
SHA-512:	C71F037C6B7F9CFA85B8538D826EF5E89933F60A77E9FD7813156085D893F62D7522AA1DEE78BE8B4F4A89548214019771B2940353E87C37FD7CD621EB5A6340
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\8ff9767d-9f3c-4a5f-8eeb-9f2a5ca36d59.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.751615497279652
Encrypted:	false
SSDEEP:	384:pDadlbAOnYHnVMSBMNxr6vVv3ex7OHfGGClrQTV1xuvbrar4pmwrQvRFpqO7LdNT:J+KtFufqGQebpLHEnrCzKpPlFn
MD5:	2BAE3795ED79CED6F81B374AD7A38A30
SHA1:	F85F70464E0C596F625276A08FBBAC9C6566BD29
SHA-256:	16918EFE4B8EEADD55C5FBA129D6DC4F8BAEEA4E4B6D9944FE2B9E27EA3B37DB
SHA-512:	2952439898FDC883959CCC63E15FC1FC4F03E6A438A83814255F99A2214A6D5802F9BAAC243830101856ADAC5A9F986DC4F8238E9FD855A43B24638EE88D675E
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\995faba1-7b3d-43ab-aa02-97a9cf73786f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	369040
Entropy (8bit):	6.027850139688569
Encrypted:	false
SSDEEP:	6144:DeuVhcD1QqqO9y+9pjtK38Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHV:7V21H99t5xzurRDn9nfNxF4ijZVtilBa
MD5:	C656C26294BB7273E0313131BA06AE5B
SHA1:	7DC88CB61BBAED6F35092C7CC7F1CDFD9B2BE672
SHA-256:	4E2F0159380B502F13382FBF3C1B734476DD8108CA7AA46E2E3977E6EDA239A6
SHA-512:	B9B801596E07DE4F19E2F176201E4E0140107F0339C2DCBEA5A000F5F70F618055E6E5FDE94CEE5FCA9A51E548B7E9B8080B0C987B59E7C3BEE0D281FAB3F36A
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.627006971673655e+12,"network":1.626974572e+12,"ticks":4542434957.0,"uncertainty":2814720.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075289684"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXYDu6cR9iTXYDu6cR9iTXYDu6cR9n:+Y66cR4TXY66cR4TXY66cR9
MD5:	569FA64ACAA310B1DE1A6250CC7356B0
SHA1:	14251450C245F8612958BF94779E8B72AE6D6213
SHA-256:	AEE20ADEBF2D35EB8A39BE2DC391B0E5966EFCB4AFDC971BB3A18115C929F563
SHA-512:	850914A053EF541046B29260266C17FEFF2466A87784394F9AB3B565D2EA1E656F61F02BDB78F9F9676E90365F837F3709BCC0856B3B844256848F477250E0C7
Malicious:	false
Reputation:	low
Preview:	sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\02044864-4ba6-4f36-86e5-ba42141b29b3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5096
Entropy (8bit):	4.96804001556386
Encrypted:	false
SSDEEP:	96:nHrW2TMpSKIKIk0JCKL8L4kg11FAbOTQVuwn:nHrfMpSUC4KtkgU
MD5:	0EBD410B997E4338ECAD07D2FB0E8E8C
SHA1:	1EB966220A4FD9E0EF3E285E8C2995DC3F984D5F
SHA-256:	5B649518803493A78011C1ACB5B685E36BC42BA6C9CF9B60AA5ABD210DF833E1
SHA-512:	C010055737EE8D9129C0F5D8FD10DB973B28DB94CBF3FE1DBC86C89C43A43071BF0D6A1DB8B32EFA4E7CF998B6C9E6331C5C32B95571A3B1B9CD774777B7C0F2
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271480567650277","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0f55ac8f-e25c-4315-a848-7c26369fb87f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5692
Entropy (8bit):	5.174394184467261
Encrypted:	false
SSDEEP:	96:nHrWoTMi/UgKLSKIKIk0JCKL8L4kg11FAbOTQVuwn:nHrLMtSUC4KtkgU
MD5:	D02B1894B3104EF2C16AE3801F74D4AF
SHA1:	539141536232E090FA46846DD0A715A0046FFDD8
SHA-256:	3291346F982B2926D913F2C617FA63F2B2F03B2AC4F6A219CA937550204F1FE6
SHA-512:	4749C5F024CD4BA7DB15A319ACE548AD71A24D90A92B17DC8A9B2A12A539CA1F0CF64E84062B0D13DB3CDC8AC316EE82467DB7DA23F33DD719DAD5398C9A1198
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271480567650277","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1904eaf6-fb6e-4d14-96ad-e9a0b6d2f7eb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	4275
Entropy (8bit):	4.857101665016802
Encrypted:	false
SSDEEP:	96:JnOTXDHz6LA4S+At+hGQY0AgQqjHt0AYUfw9rg8sLlcEQfGSz5EGFiG52dG53hVD:JnOTXDHz+/uwG30AgQYHt0AYUfw9rgVe
MD5:	BC7C78475EDFB8B7018D62A54E662852
SHA1:	6EE28A5F72EF1F9791A3CFFA52D8D9FDDDEB4D05
SHA-256:	DF79F816E04D0461F831465E7DC2B88189C9B6D79C905CF547528BB86266929C
SHA-512:	EA3F7967BD70872134046648F96C9A11C489E0AF58AF8CD2ACD08052E8B931A97227CF1F48A38085E44E732D991C8724885AF44371E6BBD427D1C6FCC71A93FC
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572347334","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572348316","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274072572592844","port":443,"protocol_str":"quic"},{"advertised_

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1a603d8d-dcdb-44d5-a7ff-214a8f1f43d4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.5360666809719685
Encrypted:	false
SSDEEP:	384:FCstELlDFX+1kXqKf/pUZNCgVLH2HfDMrU+HGznTRr2NI4r:YLl9+1kXqKf/pUZNCgVLH2HfArUuGznQ
MD5:	28099A25FD7200BE06CECDCC72306F67
SHA1:	C33AECE8E456A7FE82D2CD9C3842F08C01B1669D
SHA-256:	661C772DE0BE8CFC7DCAA5BDDC6A011BCBD8EB00DF9E3755B5EEE919ACC5AF66
SHA-512:	7DD6E3C886B015A3FDFAED2667975611EE22EEEA1FFEAA4F022CBFA6F9543D3B9419C048E2178CD22B2891E502DDEB2C4248DBC0DE9D8BA3B3DA8A0DB1A62D9C
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271480567206798","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3f426ba9-66a5-4d6c-adb0-0ddb68744c1e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\454a2cd6-c309-489a-9377-c802cf61fb34.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2544
Entropy (8bit):	5.603803041455984
Encrypted:	false
SSDEEP:	48:YZUq/cUIieUo6UUhL02UUUkijUPUYKUf1irkwUFUeCm4UiwUUUexU6:qU6cUIieUhUUTUUUnjUPUYKUElUFUHml
MD5:	FFCC16AE377952F96B1A3E7A6CE80EC9
SHA1:	76E9BC2FE9EFAE18CF5819E3796FF676B12C59CF
SHA-256:	69CC7E9C4B1C5CC78E47EC7A94C7F7E36E1937939AFCA1355A243500E711EA81
SHA-512:	AABC55381DDDCEC0422995DFE805688631F5755DF5C614127833DE82222A63215C4F81D513C55887475EDBC5C2F0C9BC1AA4F0BAB34A2E7BAB26A695D679F6B9
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1642731775.85875,"host":"Hb3xV9FSRT1oJ9TRTDTKLcNPjaOSk7YHyRHs4a5NR/A=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006975.858756},{"expiry":1658542975.711861,"host":"Kxp8OhVfYUiL41BoG3LfAM2HSfZr7HKQZ8zZrxX2gFM=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006975.711866},{"expiry":1658542973.064674,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006973.064681},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1658542978.777958,"host":"T/yO6tyfroSpEg+noLE3HjvTRBiDDEKCH529LQWII5M=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006978.777967},{"expiry":1658542976.932613,"host":"VuOf4xWkvGi5BfIe6IrL8DWhRrq/qlySsNa1rDL0SwQ=","mode":"force-https","sts_include_subdomains":true,"sts_obser

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4a5db704-7ab9-42d3-b575-30b13103caf2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5795
Entropy (8bit):	5.178104875147674
Encrypted:	false
SSDEEP:	96:nHrWYTMi/UgKLSKIKIk0JCKL8L4kg11fDbOTQVuwn:nHrJMtSUC4Ktkgv3
MD5:	A4FB9009FC8103EA45C82F03FF7B4029
SHA1:	D5A6D4500EB41326A27C102840AF78C4E529CAFC
SHA-256:	A6412528738B8B199FA642C07CB05952D62D40CB81B18E82BB2B734D35EB8D38
SHA-512:	C5CE147CD340FA0249D1E51BC150BA4A03C61EFDC3A96329C578DF155E93CC54804BEB1D227F6E3018A32E8BCD491F37E0E2548AFD353F89A79690F2D0DB1585
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271480567650277","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5e32f6f4-4fd4-417b-83bc-3bce1b33bb16.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2377
Entropy (8bit):	5.609999460304263
Encrypted:	false
SSDEEP:	48:YZUq/cUIieUo6UUhL02UUUkijUPUYKUfbUeCm4UiwUUUexU6:qU6cUIieUhUUTUUUnjUPUYKUzUHm4UPh
MD5:	0C9B157C4B738EE09A29AFB0A44FB6B9
SHA1:	F86BA198C482380CC7D4B588B06D158700A19BE4
SHA-256:	8D297735F8216438F9C335787CEB47921C0882909432057D702DFBA45E5C05DD
SHA-512:	B28C75C33BCF315CBC5D3EB2DEE73E196ACAB97BB5D83D5392201766E9F45F425C7EDEB000461561C43A65A1C14B94F4A9200B918A937D27B58811CC72FEB7A9
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1642731775.85875,"host":"Hb3xV9FSRT1oJ9TRTDTKLcNPjaOSk7YHyRHs4a5NR/A=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006975.858756},{"expiry":1658542975.711861,"host":"Kxp8OhVfYUiL41BoG3LfAM2HSfZr7HKQZ8zZrxX2gFM=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006975.711866},{"expiry":1658542973.064674,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006973.064681},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1658542978.777958,"host":"T/yO6tyfroSpEg+noLE3HjvTRBiDDEKCH529LQWII5M=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1627006978.777967},{"expiry":1658542976.932613,"host":"VuOf4xWkvGi5BfIe6IrL8DWhRrq/qlySsNa1rDL0SwQ=","mode":"force-https","sts_include_subdomains":true,"sts_obser

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\61ade8bb-a6ef-4c66-81b4-7bba3c9b6215.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.577743886556754
Encrypted:	false
SSDEEP:	384:FCsthLlDFX+1kXqKf/pUZNCgVLH2HfDMrU50oI4W:9Ll9+1kXqKf/pUZNCgVLH2HfArUtI9
MD5:	05354DED9AA23FB70BD26A4447512B4C
SHA1:	6A6B573C4BFA33B4B14D975F6B8E71418F824A08
SHA-256:	787B32B98CAC343192176A4C224BC62125F42C0D2C0AECB52ED569CDA91B602F
SHA-512:	AA2D4E5D2F7BFA074450F5C7CF5862B0C8FB158BD046A289DA5B17F29FF5305677D20FF095C3D923F33ED7E09BBEEAF6507D3A6FFE7D546DA45543B8F981F536
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271480567206798","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c0f0a54-4698-4368-a587-7f4398c42dcc.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.871599185186076
Encrypted:	false
SSDEEP:	48:YXs2MHRzsoMHT5s0MHyKsTMHksrDys4Csb7synWsQItFsym6zs6zMHWLsZMH5YhV:+GDGTHGmGHDW1/nOIbmOGlGGhVD
MD5:	829D5654ADF098AD43036E24C47F2A94
SHA1:	506C8BA397509BA0357787950C538C1879047DF3
SHA-256:	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
SHA-512:	D9B18E6B0AD1E8E4BECF9E84BBE30D64730CFEC2CBEAF96D5DF52E28B907B03EADF22F020FBE0A56D137A52F4F09798031BC6CA026CFA8A979A608B3445DBCAA
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600883925","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":40156},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542628822803","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":30856},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600893104","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":25300},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600872791","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34789},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"exp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6d09626f-41b3-494a-ae54-4dd36bda4c51.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5081
Entropy (8bit):	4.965901694441783
Encrypted:	false
SSDEEP:	96:nHrLoGMpSKIKIk0JCKL8L4kg11FAbOTQVuwn:nHrzMpSUC4KtkgU
MD5:	1869D5C9337D652AB95BE4D3000CA969
SHA1:	C11B3F6493916BC54BCD10656CF546B7AC6A6F2E
SHA-256:	B67C8C85434146AEE156171E0EC396E179832D3EDB3C165D80FA3DCDF2853B16
SHA-512:	00C9E4BD64FD0E59D2246597A7C8820A8B0947BEE6A55C05018A01B09D68F690B7A5E54AA9A3446D71206802A49F0365352A98AE85627814ECB01CB41DA4D3A1
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271480567650277","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\74b332d2-288f-49e0-b455-9b2e600fac0a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.5359622443676395
Encrypted:	false
SSDEEP:	384:FCstELlDFX+1kXqKf/pUZNCgVLH2HfDMrU+HGenTRrONI4R:YLl9+1kXqKf/pUZNCgVLH2HfArUuGen+
MD5:	EE822BD70D16DDAD53706EAAFDB67552
SHA1:	69B10E760AF2FCB7530C8CA417729A362CB5479E
SHA-256:	19C4826A33CDA3C697B9369BBBBB1FB056DB54C82D8A69E18143AD1A6A7A719C
SHA-512:	508B4A8F6182FFDA9C123BB40D26C444F231D62479795FB88E3AFFCA8A3F1AF2CE1603ECBE681D92C8F55A1481EB1AB60E357C4678A26B4939A43427C9A0D921
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271480567206798","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.167795300001942
Encrypted:	false
SSDEEP:	6:mO9hDM+q2P923iKKdK9RXXTZIFUtp39OngZmwP39aWtDMVkwO923iKKdK9RXX5LJ:dBM+v45Kk7XT2FUtpNOg/PNaiMV5L5KU
MD5:	A2CAF8D708D1A52CC230835EA09DD6A9
SHA1:	F820A63FE8475A14CBD3CE7873F564D7BBB65FE6
SHA-256:	5C15FD9DFACE87F76B24DFAE7278D88CE8C5046D056AFD4AD5FC26F8AB0CF4E7
SHA-512:	195AAE75839748A48112E40CFCB130299FCCE10706EBB64C4C0A73634920922478C4491376111B45ABABFBDB26CABD3DC39D118B1B566F1617D7A44B90062B9E
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.892 13fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/07/22-19:23:07.918 13fc Recovering log #3.2021/07/22-19:23:07.920 13fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.191294631078456
Encrypted:	false
SSDEEP:	6:mO9XDM+q2P923iKKdKyDZIFUtp39jgZmwP39FDMVkwO923iKKdKyJLJ:dzM+v45Kk02FUtpN8/PNtMV5L5KkWJ
MD5:	4F493C6D9A88EACE8E8B371E26C607AE
SHA1:	A3F05D89425BE6C068AF3BAD26A6E78185966A42
SHA-256:	0CD3BF6D6CC5551DA6199630B12150857590D03721028F055D670268C082AC05
SHA-512:	CD50BBC4FB61BB1EC96BABE4C84B2CFC0E5011210F6308609C8124F71DE49BD6588666914BD6E29E7F038A09AE9A863DF528EF55DC11F524783ACCEFDC590B47
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.872 13fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/22-19:23:07.876 13fc Recovering log #3.2021/07/22-19:23:07.878 13fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\054373a4275cb454_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.842156272563684
Encrypted:	false
SSDEEP:	6:mYEYGL+MIwJJSMlGI+Fg3++wtpH4DllZK6tOX+T5pbRlfcgRXwqlLs++wtpH4Hh:MIwvShI+w+tjkllT/TL0ygyLs+tj
MD5:	CF11F6AE03ED8516804EBC0B443EC23A
SHA1:	AD862F5382B372B31C689E704C073FE02122E713
SHA-256:	5BA8F4E942B409599457F7DBBA626A62DE2379A669042304FA39605C7FC46876
SHA-512:	B783C287CD1CE09CFE1674BC3F27AEE848F534C20CF2E48CDD8B3285C3CC8CB29C6943A3F327EA038DF0136B38A4EEAEB8C29A12525C0C3CF97A550A75CF5A15
Malicious:	false
Reputation:	low
Preview:	0\r..m......J.....2....._keyhttps://www.google-analytics.com/analytics.js .https://piktochart.com/..2]W&/.......................Fo..V7$..d...$.....5.....$..A..Eo......F.U^.........A..Eo....................2]W&/..7..D1EFDCEE4475C92A4220DB81BE8ADAF994B420B38392F8406EA498D1220FA46D....Fo..V7$..d...$.....5.....$..A..Eo........o.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\084bef842f7a1f6c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.488987386532464
Encrypted:	false
SSDEEP:	6:m1+XYfDMtvphzadSZMlGkkgasKKCEraScK6t:dGQtvK+hklKbEW3
MD5:	CA5E74538B07449ED262EC9913577BB4
SHA1:	1F1EF6B66C7E91A96C3ED0FB010274D2B891075B
SHA-256:	480FD81A5C0C50DAEF9E3EEF2B554F760357A14FDE7BFDE70F9E13DDDE0A5BA5
SHA-512:	A648B7FFDA54E29F5244FB729E66F5687E25951D042154DE51642A4CC5112E723B09970930D37AF2FD09F1A7D8D5C63A84057D982EA66AFFE9CE3347FE5A1C80
Malicious:	false
Reputation:	low
Preview:	0\r..m......[...y......_keyhttps://js.hs-analytics.net/analytics/1626974400000/8163022.js .https://piktochart.com/k.D]W&/.............[........@...5...zs.;V...E.E?.Y.o...A..Eo.......gA..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1d263bb56d0ae389_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.436490350576497
Encrypted:	false
SSDEEP:	6:msYwBsFVgcR7ZMlGpygTekX6Zkw3dH4JbK6t:HcdZh7qKw3Fc
MD5:	F08132443008C20FB5371106D171FAD4
SHA1:	E6852242281D362DDEE21EB05016B5A192971D48
SHA-256:	11E9097975EC1EB664AD0C17D60AC3D3BF4016F5E3910F3FCE0548B16DC83A6B
SHA-512:	A8D44DE306DCA8116DA7806B8773FF02DB0BE7C4A772A5274E0808A495B4CBE40681EA7FCAAB93A57AE34147E6ED9E77A2258A85CC15E3A10EEC34EB2D191083
Malicious:	false
Reputation:	low
Preview:	0\r..m......L...NH......_keyhttps://s7.addthis.com/js/300/addthis_widget.js .https://piktochart.com/r.2]W&/.............6.........kgH.r...+....HT'.P...x.R.....A..Eo......@..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\21c18fb9ca077705_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.374668115028685
Encrypted:	false
SSDEEP:	6:mBtXYAWQf2IgMlG2/ygNb/hhYpAk/BRK6t:GtdeDh256pz
MD5:	0D9304C180C0C2BE471C78BD577BE114
SHA1:	8EECC426E62EE7C65A05572C067644A0AD5FAD1C
SHA-256:	E006035A9D7C1089BD7E1D5BC64BFD17196FF2B76E0FB14DFD2251DEF972CC9E
SHA-512:	7C9E750428FC789ED457B95BE9B3C20A11388C8B2EF2BAA1241EF13653FB7CD2337B2ACE93C937734635986DDFF66D4B97CC784BDEC7CA216C6F55DCEFCD6BEC
Malicious:	false
Reputation:	low
Preview:	0\r..m......F.........._keyhttps://connect.facebook.net/en_US/sdk.js .https://piktochart.com/.v?]W&/.....................E..R.....m.P{...}..........A..Eo......_p...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\21c843c2c4bf3dca_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.419820735231518
Encrypted:	false
SSDEEP:	6:mnAEYLXrdWbZMlGBFgHsXi6HC875k4rJK/ZK6t:X7behBRBHnvlaT
MD5:	66C28ADC9EE47982FB11E9E185DFABC7
SHA1:	0100ACC00E6E6763DE9BC38B2E5D7CEE3EE74A5C
SHA-256:	6F33FBE274F105832A91C36F774B1BF9C063AE1AC217E8176DAD123105273543
SHA-512:	D6A82AB3F525261282D4A9C439EA2D6017A5EDBF713D0E1136FD5861B7CA2D7B781AF3CBE1A5F966EA55187DDB813041FD49780498E833220B0B92CC0F2F392A
Malicious:	false
Reputation:	low
Preview:	0\r..m......D...Cy\....._keyhttps://js.hsleadflows.net/leadflows.js .https://piktochart.com/".D]W&/.............".......j*.@P........b.j1N.F.O.$_FX....A..Eo......Y.[H.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\27958a9e606be339_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	240
Entropy (8bit):	5.629344868950273
Encrypted:	false
SSDEEP:	6:mPlVYAWQf2Iimdqnx7cQpMlGxl1tguXxBtdGYNfZK6t:iHetqq5phxvXxBtfL
MD5:	FDCA18E95A12CC841FCBE37F78A00D28
SHA1:	1A28D493DB6BB7DD54B27D64960EF2862CEE45B6
SHA-256:	A9675963B2FD75F21513763A96927A5552A1422B688BF5C49D112D88D8105708
SHA-512:	5B0FD95AF7F20D12E3FE0E51A288D83452592CB75563E4248BB540AC52188D5C74D9E8C9B6B6894E94CDFE3898C61D73EFFE6560A470C3EDF71DA8D11673A5C8
Malicious:	false
Reputation:	low
Preview:	0\r..m......l...a.x....._keyhttps://connect.facebook.net/en_US/sdk.js?hash=67f66cc8858252eee8f3c709fecb9e55 .https://piktochart.com/Q.I]W&/.............\|.......)/....3.......<..V....n"...x.xB.A..Eo......wm..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fe82c74fd70b364_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.5646355162853665
Encrypted:	false
SSDEEP:	6:mzh9YS2GI1bVzHvDMlGqgjsIz1Wg/AkDK6t:O1QxzH7h9pcg/H
MD5:	9EBAAAE22D10A218A3D05CBE376D2558
SHA1:	F511C97B0B0F35E3F6FCA6DC6E0CF56FFAC53B80
SHA-256:	B8698D9E1D843E3D9865D11E407B20FA2D1B7653C7E64F5F1BABFE189B10737A
SHA-512:	559925C4A5E49B2056290375A7CC3057062BADB7089419BA7735BBB64E120FB63C931C46E948B1F4AEE1502FA0EA01A3DB90A70E95BC287E4B4CA3DB0F42E7FD
Malicious:	false
Reputation:	low
Preview:	0\r..m......c...H......._keyhttps://create.piktochart.com/assets/82-09a41c0d0089928b860f-bundle.js .https://piktochart.com/.\D]W&/.............E.........;..v.u..Kn=1r7...wEGo....I.~.A..Eo........h..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\38f7fc15f7830d68_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.374743528218047
Encrypted:	false
SSDEEP:	3:m+lMgX6v8RzYl4J13y0TPC7vMlTKK1t/lHCpElllAWpCklq8IH4mjX/pK5kt:mSXYKxDC7MlGK1tgq3EjXhK6t
MD5:	88FC825F374ECAF338B78075EACFAB0F
SHA1:	2CB809604BF15A51D9030108575FCD0B2E5812F2
SHA-256:	FF1B96ADF605222514CC04D1621D8B482D07074FC4792F35ACC325EA7710B106
SHA-512:	B430102B1660519F33DC1EEBCEC31FE5CFF01DD38F3B112300FC93A9986FA8A2BE9D28CC41E9947D8F31A1F6365F9CB346DE2CF8AA2D3A8BBF61975E9462F912
Malicious:	false
Reputation:	low
Preview:	0\r..m......D...0......._keyhttps://platform.twitter.com/widgets.js .https://piktochart.com/[.a]W&/.......................]Q....'}....Y..K8..Y........'-.A..Eo.................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4149c5502c3a6381_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	239
Entropy (8bit):	5.67279833532296
Encrypted:	false
SSDEEP:	6:mUAnYAWGUJ3R8UuZl+5FvNpMlGygFgbtJN4S4CDK6t:pAYdpvDhnkESN
MD5:	A190D93067217ECD710E28C7BE45B6FE
SHA1:	19399D72839EAAB48A5EF00B507F069E50038368
SHA-256:	C008CF1AD5C548CC7E0D351B2426BC4F9B653F1127093B6FE96782E109DCDFA6
SHA-512:	6B0A16E3290F22264A61857DBFEDB056A88A6B6FFD38BC8049E2865C9B979109194F627466BDA3FE61D03A5781F8F0632A7551BA947AA5D41A7544FED2914403
Malicious:	false
Reputation:	low
Preview:	0\r..m......k....B.P...._keyhttps://connect.facebook.net/signals/config/1376538882436128?v=2.9.43&r=stable .https://piktochart.com/.%P]W&/.......................#Z.Jw....#Z..o<..$..@8...6..A..Eo......>...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\43f2fe14e13bce26_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	5.42524697229113
Encrypted:	false
SSDEEP:	3:m+l85ozA8RzYGtZQ0R7vMlTKLvt/lHC9sll/LEc2oyFk6+Pmzb7z/lpK5kt:meYsJMlGLvtgyll/wMez/K6t
MD5:	2A04C9CF3DC4FD30A465B59820E9EF70
SHA1:	01E3734751D6A91AA6D31ABD9479F08CBD86BCD4
SHA-256:	1054C3F7FC57853A2F92E18ABF1008683B686653D3D5C15914D6DA15C8400A92
SHA-512:	EAADE5B68D1368699E9C8B5852A12F3DA80AF3B1D7A303259040A0A9027DEA0317CBB55715FD72AD6D3747A8F84CB80B350AD63166323BA90AF64D43F93DB7E0
Malicious:	false
Reputation:	low
Preview:	0\r..m......<....OO....._keyhttps://js.hsadspixel.net/fb.js .https://piktochart.com/..F]W&/.............J.......j.YW)L!9.L6.;..I`$Z#..J.S.......A..Eo.......*~..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4827d11ed506017d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	196
Entropy (8bit):	5.411939675965392
Encrypted:	false
SSDEEP:	3:m+lklkX6v8RzYGRQrRRvMlTKh/lHCPal/lU4p3gKVJdZoMm2vlpK5kt:m6nYFRZMlGhgPaltZpwQ1onQK6t
MD5:	347EC74C9C54F0F27CFBE99DEA10E037
SHA1:	CCFCB21C97BD6A4D97B7AFC9C289EA6872A819AA
SHA-256:	257B5EA05C729345B52B7238752CB8B382ED74568AC135C4F31B69900F6DE95D
SHA-512:	1E4CDD645F644D23692AB0EA6BC7E4FB74D9160E280AEE00636C5F1C1B07C8E3C9727982084B2649C91D2D8DE79FA8DF0FA25C2B2E9F0253B237729910DE9608
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...D@......_keyhttps://js.hs-banner.com/8163022.js .https://piktochart.com/..C]W&/.............*..........j....r....vf{n~Mpo..\}F.W....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4f316a51b12971ff_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.560057677555368
Encrypted:	false
SSDEEP:	6:mD9YS2GITWolvDMlGGygq8SoUlJY7DK6t:gdol7h58pF1
MD5:	896AB3B9C66D638237A7DD156F15ADBE
SHA1:	7EC05AD792E5AEE16EF34D0140E8C5A515823D26
SHA-256:	A4BAAE498BCB690626239D51A67A9F76FC7CA5F4EF3E59278C44219549FEF944
SHA-512:	DC1B690D639615C5FEC836AA9B296D769792F6675CA2736D1B8B917FFA1D97A5FAEF29B5DDC1B689B0B7BDCF0D3FF46C376B225729B106F77A67457E9BCDDC4D
Malicious:	false
Reputation:	low
Preview:	0\r..m......b...M:F....._keyhttps://create.piktochart.com/assets/0-12328b9d54bdab438f26-bundle.js .https://piktochart.com/}8B]W&/........................mM].%.O.5...1.L.iO........r..A..Eo......_:...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\65e6498e539a29eb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	242
Entropy (8bit):	5.535683078178174
Encrypted:	false
SSDEEP:	6:mqlXYS2GIiqdlf0SnZMlG2KtgmlmR8hH4pK6t:LwdlvZhltEIc
MD5:	9E8E1FDAA293AD2E42BEDE1E85E79F6F
SHA1:	BB8EBD5A69BE0D5DDC6CEAD8AD50859B523AC571
SHA-256:	33556AC6DD0469D1C42CFE79653C35BBEB2C717305F23E8E980C32CD9ECA0998
SHA-512:	5FA711E6D76B820B087FF93364E3DFE468F58C22D5937624BA7125730324D2C60B636DF38ABA626E7B40B0F567B1CC3301493188F793A053A55574C15F9A1B9B
Malicious:	false
Reputation:	low
Preview:	0\r..m......n...eW)....._keyhttps://create.piktochart.com/assets/runtime~magic-bundle-f36cc413ca689855c72c.js .https://piktochart.com/L..]W&/...................A.E,...Ch.;...S..s..@.%T...}....A..Eo.........t.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71c6bfad12ed3bc2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	224
Entropy (8bit):	5.484626353114828
Encrypted:	false
SSDEEP:	6:m/YqiMiM6N3Ef9MlGQLhHgGoNN3LGzwslAWK6t:3zTNUf9h3r3LGzr
MD5:	F17507B993E00EEE0AA0EAAFD103380C
SHA1:	81B6B902FB22C44A9D67187ED2405488CAEDB267
SHA-256:	FA86778D0C9910842BDEBDEC7C6D8F8E83DBF8D4ED4D69A8C31617C8C06A9293
SHA-512:	33DB4B591FA7A342F13E132B6DE8CA1BE64169CE7A4D44B630EC4E65CCC0177AB791AE2016013190BB1359FE91DC454CBC4AC82DA4D347EAE211524286FD13D4
Malicious:	false
Reputation:	low
Preview:	0\r..m......\.....<?...._keyhttps://z.moatads.com/addthismoatframe568911941483/moatframe.js .https://piktochart.com/5n?]W&/.......................g."..e7..n.0}B=c....xA.......A..Eo........{..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8dbfa43630072d16_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	293
Entropy (8bit):	5.666154582837906
Encrypted:	false
SSDEEP:	6:mSQ/gEYS2GIf+kn5HY44JV/EAeiSF7MlGggxZzWus7P4IDK6t:cIQ6J5HY44/eiSZh91kv
MD5:	5201EBD38F79A9DABC71DDDED648E51B
SHA1:	7D120F6CE6EE6367883090A86088D22E6202E232
SHA-256:	D23286CB919150EE1928B4D7E78EF346D73C84C17716F8618A026D2B80236BC2
SHA-512:	479EF3A9F1098BCB256C7AF751B1D5579FE936970AC00E7C8151D8E1D43087FD4233685E717E856E2E9D0A8E57D16A68B092AD51E5A3E6C3C353AC6196577C02
Malicious:	false
Reputation:	low
Preview:	0\r..m..........b..,...._keyhttps://create.piktochart.com/assets/shared/module/oldie-browser-8dd053866fb9c0f8595e7ecc8a15a1f1d157162811397689bd0a2b9134bb4d22.js .https://piktochart.com/.R,]W&/......................k.[T..._.;..qft..L. ....>..:xm..A..Eo......).5.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8e2a1c4ca92f95b7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	79992
Entropy (8bit):	6.0749473739181665
Encrypted:	false
SSDEEP:	1536:aAvkTiDk1TFmsTcIgPL4pdgMYzmvYt7UTgd7pEiYzWIkNnpZ6F9dze:7vkTHTjTcIgUpdozmumgd1RgenX6F9I
MD5:	E5B5D0B455D46B152087D12112771DA5
SHA1:	0290590F6F3B8A749522E5594E88710729489227
SHA-256:	F05E1C0A0897C1C405FE2637A24912170FCB8BBB1EDD6D6C6BCFA1BF824DF6C5
SHA-512:	DD1118F75151A34E65D17FC69BA7FCB3C7559D81C9879BC37442BD90D4ACFBCE70C87EAFB6B27AA3A36DF943E6FE01E1410C34E959E9988DF269455C26BDB030
Malicious:	false
Reputation:	low
Preview:	0\r..m......@...k..>....D1EFDCEE4475C92A4220DB81BE8ADAF994B420B38392F8406EA498D1220FA46D..............'.......O....07...4..............8.......`.......D.......................................P...................x...............0....................(S.D..`B.....L`.....(S.]..`p.....L``....u.Rc............R.....Qb:.K?....n.....Qb...j....q.....Qb.g......r.....Qb..1B....t.....QbN.......v.....Qbf..g....x.....Qbn.......y.....Qb........z.....Qbj.~.....A.....Qb.P......B.....Qb..%K....C.....Qb.@.....F.....Qb..2.....E.....Qb.l......D.....Qb..Eg....G.....Qb.1:....H.....Qb...=....J.....Qb..I.....I.....Qb~.......K.....Qb.d.:....aa....Qb".H.....L.....QbFq. ....N.....QbR.f.....O.....QbjM.....P.....Qbj.me....M.....Qbf9p.....da....Qb........ea....Qb>..I....Q.....Qb......S.....Qb:.[.....R.....Qb...n....ia....Qb.jI.....U.....Qb&T.....ha....Qb...d....T.....Qb.......V.....Qb.Tt.....W.....Qbj.f.....Z.....QbB1......Y.....Qb...H....X.....Qb........ba....Qb.\.;....ca.....................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91c01328c9fc2b6d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	283
Entropy (8bit):	5.856543367205551
Encrypted:	false
SSDEEP:	6:mpGRXYGLSmXZCLRJ9Syep0N+2MlGcHugUX2iajUNVkYN8JK6t:1gZN5hZOjAe
MD5:	E2EAB46B0E4DB1C6A9ACD433C445FD9C
SHA1:	32C1EC2061830B5F40C21FD763AC61537D2436CF
SHA-256:	BC6CB3D7FF4C8BEEE1A7C85E4BEF2AC0CCA27E5AD5560DE23632242CC57624D2
SHA-512:	68440CB30AE058821A0150F5ACFBB403450772BDB2F2577881112373BA398BB4DDDB35A60BBB2FC3E9474ED4E8FBFAEFAC9A27AA497A14203A025E5218F97CA4
Malicious:	false
Reputation:	low
Preview:	0\r..m..........)>.$...._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-TZB2X4X&gtm_auth=JgKKw811eIFTYt99LuIllA&gtm_preview=env-2&gtm_cookies_win=x .https://piktochart.com/9u3]W&/....................C....[.{.'..l.c.CP.`...]i.3..A..Eo......2............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9be232425752a77d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.3837691228157265
Encrypted:	false
SSDEEP:	6:mtYAWQf257IMlGKgzaklPFDQm419OK6t:ee50hplPFsm0K
MD5:	0D89F6E3070948F158512E01F2A951DB
SHA1:	7DB5D6AD2AF33C71BED6A7708478D73CC284A4BA
SHA-256:	5968AB54A04083767C583EEA25BB0056823C84AB6A60FDF547798B1EC811CDB2
SHA-512:	51625B2453CFF207735AA48C6DBE7C37D5011C3618EDC42A6579324DC1708F5EE1D896E71773792AF7449AE1F6AF4C4E896B6CC8DC9FE4A1596706CD8F7D40A5
Malicious:	false
Reputation:	low
Preview:	0\r..m......K...).2+...._keyhttps://connect.facebook.net/en_US/fbevents.js .https://piktochart.com/..A]W&/...................f.1....UL..8nBr?2.^DO.[6H.O.E..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ab74d73a1ef97342_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.620253169172695
Encrypted:	false
SSDEEP:	3:m+l7flzA8RzYS2TKIhIiTBBQ1JpvDvMlTKhflH/lHCdelLnfRtiJ0ex9244mtllR:m2YS2GIhfmtvDMlGhtgd6LjC1TK6t
MD5:	C1F63D1D65373656CA8010C403F7486A
SHA1:	4D0A0327FC5083783D21C1A3DDB208AB9E824615
SHA-256:	F40F1EA517B210F168E48B3193FD2BCBB407F5FE40CD1449DA295908F3FD35CB
SHA-512:	E2749E87C5A46DED3E3F7FCA3E10B76693EBF67F0A6E28126A81385056F19A10219DFDCD9EA06219902497C7AA6657B3C91E4F8C351562D3FD050744A0DD1060
Malicious:	false
Reputation:	low
Preview:	0\r..m......c.....$N...._keyhttps://create.piktochart.com/assets/50-96e7d07fdff0911b44a2-bundle.js .https://piktochart.com/.FD]W&/.............8........v..:AX.H.v..._...1..,.f..X.M.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b6b3d5da9b0df756_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.543671653935531
Encrypted:	false
SSDEEP:	6:m6Z/gEYS2GIDTwo4kvDMlGjntgYBuRZnt/k4PhK6t:lZ1O0vk7hzRBoZnqo7
MD5:	DAB5F0989E8F46FB90655A1EB845401D
SHA1:	1185B02F0AAE82F1F921D36AE0A9DC27FF2AB23E
SHA-256:	AFBAE8E50745CCA52EE3BC2DAF713A2E2CE787D04C7533572B31E52845C91788
SHA-512:	5583511DAD43FA7E4628CA5C48DB6BD0381282C4DE6E50DA80C8130BD843FF0C33F761E2C28C39D9789C73DA05D02398F8DA12224655D21EE90926552E26E458
Malicious:	false
Reputation:	low
Preview:	0\r..m......f....ip....._keyhttps://create.piktochart.com/assets/magic-9602756920677fa84a49-bundle.js .https://piktochart.com/..]W&/.....................*.0".....[_._3.PB.9.&.X..h!.].=.A..Eo.......B9..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d7f4fb9b5d8e2e09_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	235
Entropy (8bit):	5.589220813639063
Encrypted:	false
SSDEEP:	3:m+l3tBDt08RzYl4J13kLsqizuLtFWLKVRvMlTKHTaH/lHCUFlllmwWfk0hygK5mp:mY1YKkLsSbVZMlG+guQOqm4N9RK6t
MD5:	1B54494C72F9EC21188EFD793DB3ECEF
SHA1:	FFBEC2D5C3E1F4A4D4D60CC066A414FF792D06E3
SHA-256:	54199573D999433BBEDCDB50A4FB6BDCD901B16F1592D3AC25A85D808E45A122
SHA-512:	5CF989E81D94E2F13F6E55D282B52CAAB6F9C4D82281D246E626B5454AA15AA06CA37F9B73467B214EFCE53A5C8B5B7CFBF716A84FB0191982B05391AC7C3317
Malicious:	false
Reputation:	low
Preview:	0\r..m......g.....d&...._keyhttps://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js .https://piktochart.com/.^r]W&/.....................=...2.+..B}...:....U[\|........A..Eo........B..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\db4b65f7477f4e6b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.616269794483283
Encrypted:	false
SSDEEP:	3:m+lW6sOA8RzYS2TKIG3vv6w9rvDvMlTKXt/lHCek1Ysc6Mkp9GoMmDuK7lXpK5kt:mREYS2GIUawVvDMlGXtgespb5DFnK6t
MD5:	905B9DDC3EBF904E39049253D536A59C
SHA1:	326131C7F761D79BC289CF5D282C7903D29673E8
SHA-256:	6A47E307C6315C1B855C05518CF0105AB177B8249C257C8A32EBCD5E65013D23
SHA-512:	A0748F164A05954F25A957BC4D248C11871FFB115C421DF235EEC387C4954DC8C9670D408F5425F03B95A628A28FCA4EF2DB80C1483C269D8DB7A6BCAAF08F2E
Malicious:	false
Reputation:	low
Preview:	0\r..m......b..........._keyhttps://create.piktochart.com/assets/7-33479796fc828dbb502d-bundle.js .https://piktochart.com/..B]W&/........................#G#f'.{......C6..Y-.V@.i5.N..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd6f4ba140e73b7c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.467637783839296
Encrypted:	false
SSDEEP:	6:maMgEYqTGMAwIDMlGnFg7fDbUOS1AhXhK6t:4g6IxDhngbU91C
MD5:	84195175CF3FE599AC314C8DDABFD39C
SHA1:	96CBFB3E63821E8381C43AC33831FB8F7F14F3BF
SHA-256:	42CD597CB04B35331FB57AC52FA374237B76765430C47D42215645CC8A2A37BF
SHA-512:	79236A8616A5924150F70B7039FDAF138B061C84BE81147A4AA8494A48FF5CC51E9E69085AD151E2A2B4B1D473E724F24350B564B8545E917EE52066C414A70B
Malicious:	false
Reputation:	low
Preview:	0\r..m......Y....M.8...._keyhttps://beacon-v2.helpscout.net/static/js/vendor.3987c6ee.js .https://piktochart.com/..o]W&/.............s........72..... f#fgn..7.R..wHKQ....Y.A..Eo.......D...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd7f95b54e3ba22e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.525679222746599
Encrypted:	false
SSDEEP:	6:mkVYS2GIAxvDMlG7gYlJJuZwnvAHK4Tl/hK6t:3tFx7hZJuZIYHt7
MD5:	3CC83D0CEE73D6BB60C81F4621511DAE
SHA1:	3031F385C3265AC302B5DA12D4DC78FE5BE6A11A
SHA-256:	CA19D7E62BB4D131B77C62CBED7FC00232DC0A480E06A54A4F928E7E92B154A9
SHA-512:	666B37C8C8F3679BAC978C349F31690336492E63212B7A5809D775FEB7C93A90703311DD4D20DE9CAF5033291EEE2AF6450FA5A0D5D89FB57EC26F1225C21E43
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.....o....._keyhttps://create.piktochart.com/assets/6-d91ac5ca25e3adc1ca9a-bundle.js .https://piktochart.com/..B]W&/.....................(S..[.!V..............3lEG....A..Eo........I.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ddd24a849a7d969b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	219
Entropy (8bit):	5.466243049221306
Encrypted:	false
SSDEEP:	3:m+lPWRK8RzY9ITGVWooDBGKuKG3orsDvMlTKL/lHC+EllkpkAED+9koMmkxpK5kt:mlRnYqTGMhrIMlGLg+MlKhKK6t
MD5:	955086BB90B3AEA40B12AE33C1C2C907
SHA1:	91E7D17BCCD47F34CEF4622F0C07952863080FE5
SHA-256:	DC32D63BD9977444B4F588BF211E8D3ADC3058F1B844313336BB151DB2FC8314
SHA-512:	E8A20BD3B6B9BE959880EAD4BDDB29166B0C5B39DA5A4A6A4C1802584C577AA3397BE84AC7873B31883D1D22A446EAD5109082210ED1B22ACDA35469002682C0
Malicious:	false
Reputation:	low
Preview:	0\r..m......W.....o....._keyhttps://beacon-v2.helpscout.net/static/js/main.8d8df292.js .https://piktochart.com/..r]W&/....................C......\.t...#.4...W.....q...&.A..Eo......zm...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f00c39eff1ea5177_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.504639742654215
Encrypted:	false
SSDEEP:	6:m1XXYwBsNRRYGDMlGyCtgMlsuTaXERhnzRnK6t:gXj6hNvlJaXERhdp
MD5:	8C0AB6F6577A6B6A71FD16067349F918
SHA1:	33656F824A37A6D0129CDF40335CC33E219F9C51
SHA-256:	4993587F5A3BDCFD3A34F122E10E10A7FBEAA1F59D83675E816A64A2C90CF575
SHA-512:	5A308F83D4E7995DF7F2628FBADDEFC42F9AB90FA92677F55C2A42734B12852DD5A54A0FA2A52F1B0DBFE677CE6E373F2DC9514728559A7BF60B33B814ACF1A4
Malicious:	false
Reputation:	low
Preview:	0\r..m......Z...1......_keyhttps://s7.addthis.com/static/counter.d27508c102582d608697.js .https://piktochart.com/i.^]W&/.............\.......I.cc.e.w..~.4...v..d.........A..Eo.......]...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f53bc223cfda59dd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	197
Entropy (8bit):	5.366012129256448
Encrypted:	false
SSDEEP:	6:myzXYNGcVUkRZMlGAxKFgPh/lJ1z0R826Ah7DK6t:MpvhAxXD1S82J71
MD5:	7EB00873E8921DA013A95BFD36B632FE
SHA1:	D4DD65F13F2BFBC932D7414A6C9703B31734A7C0
SHA-256:	677243420BEA555A1EAFEF0FAB9C2451F5EBD4F0494DD0FCC4B914B90C65E9E5
SHA-512:	7051C9FFA485FAD3FD5DED84687B1CEF4D8DA97E0B9688FAC2D7943E21582EF03C8CC0CCE9BE868002B2610D82432021EADC70F9F20E5DB5A6793195082F066D
Malicious:	false
Reputation:	low
Preview:	0\r..m......A...U..t...._keyhttps://js.hs-scripts.com/8163022.js .https://piktochart.com/tC4]W&/.....................d.X...-.....V...o$J.:.F.[C.....A..Eo........F(.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fe39d35c85990904_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.548219862072835
Encrypted:	false
SSDEEP:	6:mzYS2GI6vDMlGi+FgZakltfGNJyVlNK6t:ix7hi+Kak+NJyP
MD5:	96E1EB8B8C2AD6B3989C8B3AC2DF1501
SHA1:	12804424D9AFF5A39F9771693CB854F360BEC66F
SHA-256:	4AE94604C41B8B6A048FE6F203D750E39931D446AED0D202B6956AC092F5E371
SHA-512:	28F41F2F7533EA8E54A8FE6F34B84FB4BDDDCFA7141589DE3EF27A7779240A84DA16130D42BE9913E75BF3F591360CF42A6FE572A686A618BCAE38006A0389E0
Malicious:	false
Reputation:	low
Preview:	0\r..m......b...`.V....._keyhttps://create.piktochart.com/assets/1-fa45cb67e5e65f3b8807-bundle.js .https://piktochart.com/..B]W&/.......................S.{..*..!.\..C!....5.`{.1(...A..Eo......"............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	768
Entropy (8bit):	5.133435431707859
Encrypted:	false
SSDEEP:	12:oTr9Y8KGgegNfQ6ynybm/t6kgU5rrtaBFLr3:on+8KCnfPl5rrt6FLL
MD5:	1836173F2E0B1FF04D519286AA5FCCC9
SHA1:	90745C47376692D4D9AFED1AA8BD4E58C405FF8A
SHA-256:	0A7137AE500AAF3757E3AB679070D5C2538CE76987A80FB390A5DBA0518EF605
SHA-512:	58B418E49C2599750DB39CE6C479ED723594FED3F325F3A8292689548BA0B65C64D0317E0957BD08BA037B026947B35B49D86C39E324B23AE87E5068CD88D520
Malicious:	false
Reputation:	low
Preview:	....j...oy retne.............y............}..J..@.o]W&/.........\|;.@.Ko.@.o]W&/............]....@.o]W&/.........h......8.@`]W&/.........wQ...9....P]W&/..........c:,P.IA..P]W&/.........9.k`...'..P]W&/..........=...C.!..P]W&/...........;N......P]W&/.........l.z/..K...A]W&/.........&.;....C..A]W&/.........d.p.t,./..A]W&/.........Bs..:.t...A]W&/.........}.....'H..A]W&/.........kN.G.eK..A]W&/.............\.9...A]W&/..........q).Qj1O..A]W&/.........}.RWB2..A]W&/..........w....!..A]W&/..........;.....q..A]W&/.........../.L.*.@y2]W&/..:.......Y..#.;.@y2]W&/.........m+..(...@y2]W&/............m.;&.@y2]W&/.........V......@y2]W&/.........T.\'.sC.@y2]W&/..........).S.I.e.7#]W&/..........-.06....7#]W&/............/...3...5../..........^}.Np.....5../...........z]W&/.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.6081720755788804
Encrypted:	false
SSDEEP:	48:TekLLOpEO5J/Kn7UiAVw6TStN/3y5b4g0AgUzDGPa0N:dNwYfy5b4KC
MD5:	9E62570A5A3FB790378D0A1F73A95D52
SHA1:	EC3CA4F7256B6A336FCE7BCD735F569EE45AD06D
SHA-256:	4DC237B4835A6C0262411379797B3E6334ABE0ED2D6FE5FBC9E59678582BDEE6
SHA-512:	8762F386B02116D0298EA21A2397CBCE45116EEF10256E2E425AF2645E74323EFF55B9627414BCF33CC0F74E30BCA01B1BCAAEC9519DD3824C6CC6506615988A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9705211376291758
Encrypted:	false
SSDEEP:	24:vIL4rtEy80AqLbJLbXaFpEO5bNmISHn06UwJ8:vI+hAq5LLOpEO5J/Kn7U68
MD5:	D5F5956B24316DBE266DBE9F2BFD9728
SHA1:	66790CBC69067F92EB17163E501DFF9FE6687C0A
SHA-256:	BC03E70A911C639857C1CA362A73B9F80C024F7A5D3E07E3E69248450D40B9ED
SHA-512:	59831EB46C1177DE003800D0C1D65C20B71B9161E3CE7575A4B27A9D9A5DD3CF19660D25B22279A06E2663AF25B55CC679D6B240CBD21D9236F64513EC09ACD8
Malicious:	false
Reputation:	low
Preview:	..............\.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	23080
Entropy (8bit):	3.553801976012283
Encrypted:	false
SSDEEP:	192:3taMYiMQrbGDSxMYiMQrbGDS6ggq0bzjacbbbjajPhuJjMYiMQrbGDS6ggq0bzjM:9jtGt69+I+j2gt69+I+j2YH
MD5:	23CE8FF4D1AA071C5A4D7C493A8B08BB
SHA1:	ECE446EB9FF312D805437019E5E563D2B1D316D6
SHA-256:	18CF24985957FE733B96A6AC579A9D8FC6259AA832AD4F342C9CC10262EF7DE6
SHA-512:	CB3C487CA300E4BC99E1847B907B483F8A6022F49B21F6492D908524C1461EE77FB9242ACCE56D3AFA145D84D02C4189B9087C5977A5CB38B74EE2B08EF3774B
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...a7776c96_4c88_4700_824e_997f5c26c0e7......................BS..................................................................................5..0.......&...{2F4F8386-A58B-4B0C-A17B-2FAAF764E551}.............y..t...........F...https://create.piktochart.com/output/55231820-voir-le-document-complet..3...V.O.I.R. .L.E. .D.O.C.U.M.E.N.T. .C.O.M.P.L.E.T. .\|. .P.i.k.t.o.c.h.a.r.t. .V.i.s.u.a.l. .E.d.i.t.o.r...................................................h.......`.......................................................................8.......P...................................F...h.t.t.p.s.:././.c.r.e.a.t.e...p.i.k.t.o.c.h.a.r.t...c.o.m./.o.u.t.p.u.t./.5.5.2.3.1.8.2.0.-.v.o.i.r.-.l.e.-.d.o.c.u.m.e.n.t.-.c.o.m.p.l.e.t.....................................8.......0.......8....................................................................... ...................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.267376444120917
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+GgGg:qT5z/t2qoEwhXeLKBt
MD5:	7FA0F874EABF1EED31988230680AD210
SHA1:	E71B360F1E8D5C278A051AD03DFB9027ACCF38C3
SHA-256:	09E15F8939364145E710C314EBD93FD19BF60C2B6B20BF8023315D617B6B141B
SHA-512:	AF4C2E595AA0B1FD96474A0E73530B38BE5F2906B10BE1DEFC0A9221129A3E5BB8D0816777550863AD426C5C836ECA1F0C384986C2A1108E2E4CA20EF10A7824
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	319
Entropy (8bit):	5.236215562081879
Encrypted:	false
SSDEEP:	6:m0sid3+q2P923iKKdK8aPrqIFUtpjWXZmwPjS6NVkwO923iKKdK8amLJ:hov45KkL3FUtpC/PW6z5L5KkQJ
MD5:	655AEF83C5873AAA4CE7D9C41C1822A0
SHA1:	7D7A28E43A10C29B86462F66D3E4B335622163C3
SHA-256:	437F2217D64B36BA2D4B7EC6D5AFA825EE00D84B2246E4E9AA8F97ED7F86A7B0
SHA-512:	28F7C0EAC6DCF68581AD2AD7673E8B3C9A9D6C696F10D794286D452BA1E3909A895F878FD5A66C256753A91354A12EC1C82374FED94A35E647E83F9F019DA22B
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.654 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/22-19:22:47.655 748 Recovering log #3.2021/07/22-19:22:47.656 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	627
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	9D7435EA49A80FDD66E4915F513017F9
SHA1:	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
SHA-256:	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
SHA-512:	0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.139038975653961
Encrypted:	false
SSDEEP:	6:muoSQ+q2P923iKKdK8NIFUtp2gZmwP/LQVkwO923iKKdK8+eLJ:C3+v45KkpFUtpr/P/kV5L5KkqJ
MD5:	7C6C6985C238A4E4F8F6183B411F1A9F
SHA1:	6643CD5A5AE50C26DBEB568C60F09041F9109655
SHA-256:	3A5C9A31B488C53CC641E58F1B25D53862A8C47734C6C8BF6542816404392376
SHA-512:	589CD64D15A25B66C368F689417C532AD334B9F601A2645933F5BE6E62D4D634C9D44F84030CA73DCF2C3C9A22B5BD91233D83C2E4AC6DB67E0957EEF45AFA63
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:52.073 132c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/22-19:22:52.074 132c Recovering log #3.2021/07/22-19:22:52.075 132c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.134011305061023
Encrypted:	false
SSDEEP:	48:0Bmw6fU9o0lu7IEjodzLvTjVYYtGj9npqLC+Vsp8IVsu+nPB81rldq2TD21j:0BCGoiu7GP9YBj9nppimWumC9v/TD21j
MD5:	9A985E67D45126C9660BCA87272C9CB7
SHA1:	0E51790CD29CEF5E4B16B60801681CE32546E734
SHA-256:	D668F6C9B7C687F50386C22E5A7566CA28EA149BD4B35CC03792ABA3C3A1C40D
SHA-512:	278593F77AA82239DF655D96759AD6C10F075D725D70A5A5940E5B0A8575519DD9AB0F1610F54AE53A85CD47CDFEAA9CF51048F7EB6AEDAF749EC6E5DB11A3A7
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16972
Entropy (8bit):	0.777482000071763
Encrypted:	false
SSDEEP:	24:qyLiXxh0GY/l1rWR1PmCx9fZjsBX+T6Uwpp3n:qdBmw6fUop3n
MD5:	E890FD6926E39FBD10C582845D881319
SHA1:	E864C4E2A39A95F17D5F4D6CBFA2FE7EFDB2546B
SHA-256:	DE844D61D93F14B7AE3542BE91727F92BBB4AE64ACF4DED27DD254C0E3ADC3A8
SHA-512:	634F6999DF1C6928E1D8E3027E6A918727B5738D01CD261573CF13BC2891C361333496B2EA11DBCDC5D7137921A951A276FB2BB776E8921DDB1761243937F853
Malicious:	false
Reputation:	low
Preview:	............F...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.207764867145805
Encrypted:	false
SSDEEP:	6:mO9XKDM+q2P923iKKdK25+Xqx8chI+IFUtp39IgZmwP39dDMVkwO923iKKdK25+M:dXiM+v45KkTXfchI3FUtpNx/PNlMV5Lk
MD5:	CADEAC1B859772EB3C27DAF21B3D5F7B
SHA1:	699FE43A366F8AA5D5A72504C8D3E1A1876402B3
SHA-256:	493510ABD8E22244BF865B9B09329803838B8CB91584EBBC11D26C7383291541
SHA-512:	7E126540FFF21BDCEE488AFDF8AF3DF31DD7673C1761EECD3468DD93D8C979734BFE9D9C804977CA1D973B00B706B285AE6E91954ECFE2065EAB0E1F119D1BE2
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.820 13fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/07/22-19:23:07.822 13fc Recovering log #3.2021/07/22-19:23:07.823 13fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.168610158847798
Encrypted:	false
SSDEEP:	6:mO9eEpDM+q2P923iKKdK25+XuoIFUtp39zgZmwP39GDMVkwO923iKKdK25+XuxWd:deiM+v45KkTXYFUtpNs/PN2MV5L5KkTZ
MD5:	6C79694B81A96CC143BDAF3E60E8BE76
SHA1:	AEF4C93AE2B3AA0732DB59A8971731615885BC56
SHA-256:	0789BB41B3E005871A5B442C0AE142122DC00A1EC5459B80F2AE58166446553C
SHA-512:	544F00EAD21504B618A4DFAF551511D90485803A97304C8EBA1ACD2039F8BD9EC27594BE0D70CA78204B8877E7638A7C3C70C6FF7234C5265D4C52B0C27BD4DE
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.807 13fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/07/22-19:23:07.810 13fc Recovering log #3.2021/07/22-19:23:07.811 13fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.225387069804218
Encrypted:	false
SSDEEP:	6:mO9dFajIq2P923iKKdKWT5g1IdqIFUtp39QUXZmwP39SzkwO923iKKdKWT5g1I3e:ddFajIv45Kkg5gSRFUtpNp/PNa5L5Kkn
MD5:	BDC1B1F79169C2450A14836C27B02B07
SHA1:	630A590F8CA0C78FF995E6E29895D6EA04086015
SHA-256:	F900893EC89B495638555F0EECFCF5EC3067DEBE346E47D2F15C0E81B8BDCB8A
SHA-512:	8BF03761540ABA4110A43C180054C998845B4085BEEAFBB42898BC52DFBDD392B0CD1692953B42CF26FF6C21FC28DDCC3BD2FA477632E3D0240754ECE2DFECA8
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.438 1514 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/07/22-19:23:07.440 1514 Recovering log #3.2021/07/22-19:23:07.441 1514 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1447818257424646
Encrypted:	false
SSDEEP:	12:TLBj/KwkHiR6fgEknPMzEHNuQSGI/nW0EY:TLBKRqnP1tuPr
MD5:	65FE53AC27A805F28959BD99D89F5625
SHA1:	6D8B9CE1383849240859FB893D0112862ACB6941
SHA-256:	CCF42130AC409300997CA84D32B53F2D0D56E29A948AFB5E19CCE6D6A2483CBF
SHA-512:	4AFD4E5EE0BCBCBA80923516935D2DF35953E8010B3E54A7054BB9CF49770C7BD6512A9696EBCD2DB4A684D469F084EE48708BBB011D0ED2DC0127079A3AEC44
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	819
Entropy (8bit):	5.446286811436835
Encrypted:	false
SSDEEP:	24:ha88iTJDw7twa9MonlIY78BJgskfa9yBD/enPWoNkyZ:888qWpOUa9v
MD5:	FEE22690164E3AA040194AD4E5F72C60
SHA1:	3B492C3BE41371AC90A36E2DC53999DE7C5469C5
SHA-256:	145F12D54794FFEBDC6D1088517784EB1624789B5A820CCA1869E31172E4FD3B
SHA-512:	36E1BE3CEF50A366A3BBE1C5D921A1EC04A1465BC2396D2BC93CA54E1619BFA51D198E947B4E8BF9786DFBDFC11551B9B7E1626E14C371CA2F22CAEA792B1290
Malicious:	false
Reputation:	low
Preview:	............."a....55231820..com..complet..create..document..editor..https..le..output..piktochart..visual..voir........55231820......com......complet......create......document......editor......https......le......output......piktochart......visual......voir..2.........0........1........2........3........5........8........a..........c............d.........e............h.........i...........k........l..........m..........n........o..............p...........r...........s.........t..............u..........v....:n..............................................................................................................B............. ........Fhttps://create.piktochart.com/output/55231820-voir-le-document-complet23VOIR LE DOCUMENT COMPLET \| Piktochart Visual Editor:................J..............%.36?.......&-

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.09034823236290725
Encrypted:	false
SSDEEP:	6:G3vn8v4WfjfsNrurWg9bNFlEwtCS/lTgel3l27s75fOhQd0Xi99pG/N2:2v8VfvWqLipS/Z3l27s75fOhG0S9LX
MD5:	113B5310F6D97604EFAA4FC6A6A161F9
SHA1:	49F796CE85A3E67AED90CE4D83CA4E6F80FEF884
SHA-256:	72BC078679C81133A61BD1EBA00A8F4F47F6F51FA5AC55FBEE3E192F2AA8DFD1
SHA-512:	C32B37B96A0BCFEE35063D0CB3CA8EB57C56C248B8BA78D80E75A8CBD5253D7FD8F3B9D9E9DDABD0A7510B27A679D88CF92119FF84B0FF53C859035542FAA52D
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12279
Entropy (8bit):	4.842113858419936
Encrypted:	false
SSDEEP:	192:A3/RBamFqABbr1Ty0Xdt3HCE5fg5IF3dr17:Av3amkABHz2CN
MD5:	D001E4B2BFDAB8E7CB4A31C4337ABD63
SHA1:	D2352FF353FA1CC784908A5E006FB70012B88AB4
SHA-256:	79947354E636FE319B9C86F66B9FF58C055A6F62B18F0A6544BFDAE1B8908D39
SHA-512:	0BBB5D8F229544E40EF921935A530C3BE02761349F79373C391941166FFB61A5AD2CF53E0D0F372BFAEB940F8E4D01A07FF1D1B6103DE9D79C062942A8DF21C0
Malicious:	false
Reputation:	low
Preview:	j0.>...*............"META:https://create.piktochart.com..........:.'_https://create.piktochart.com.._at.cww'.{"value":true,"expires":1627008775801}.'_https://create.piktochart.com..at-rand..0.36598255868471297.+_https://create.piktochart.com..new-updates.1.{.".d.a.t.e.".:.".2.0.2.1.-.0.7.-.2.3.T.0.2.:.2.2.:.5.4...6.5.6.Z.".,.".v.a.l.u.e.".:.[.{.".t.i.t.l.e.".:.".I.n.t.r.o.d.u.c.i.n.g. .T.a.b.l.e.s.,. .I.n.c.r.e.a.s.e.d. .S.t.o.r.a.g.e.,. .a.n.d. .M.o.r.e. .\|. .M.a.y. .2.0.2.1. .R.e.l.e.a.s.e.".,.".e.x.c.e.r.p.t.".:.".I.n. .r.e.c.e.n.t. .q.u.a.r.t.e.r.s.,. .o.u.r. .p.r.o.d.u.c.t. .t.e.a.m. .h.a.s. .b.e.e.n. .f.o.c.u.s.i.n.g. .o.n. .t.h.r.e.e. .a.r.e.a.s... .T.h.e. .f.i.r.s.t. .i.s. .a. .n.e.w. .v.e.r.s.i.o.n. .o.f. .P.i.k.t.o.c.h.a.r.t. .t.h.a.t. .w.i.l.l. .m.a.k.e. .i.t. .e.v.e.n. .e.a.s.i.e.r. .t.o. .t.r.a.n.s.l.a.t.e. .y.o.u.r. .t.e.x.t. .o.r. .d.a.t.a.-.h.e.a.v.y. .c.o.n.t.e.n.t. .i.n.t.o. .a. .v.i.s.u.a.l. .s.t.o.r.y... .T.h.e. .s.e.c.o.n.d. .i.s. .a. .s.e.t. .o.f. .h.i.g.h.-.i.m

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.129046469272929
Encrypted:	false
SSDEEP:	6:m0dS8lyq2P923iKKdK8a2jMGIFUtpjvz1ZmwPjpFUnlRkwO923iKKdK8a2jMmLJ:RSFv45Kk8EFUtpn1/PVFYz5L5Kk8bJ
MD5:	441ABD46000C13E950BD97F9BF6AB41F
SHA1:	C973751D341A81A1BA87D0196F68A8F329BC1161
SHA-256:	6240831226422A627FB7E21CFC045AE363EE0E11AE2E5F96694033071D6DA883
SHA-512:	18EA555B7395C34E8E366DCB77B8C566EE8B2DA5F061C523F73BA5A4C2861405935DB8A9365CFB00D475EF1229BEA1CCC7528A7D4C9780221707E021CD889D7A
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.320 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/07/22-19:22:47.322 17e4 Recovering log #3.2021/07/22-19:22:47.325 17e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.201122930131429
Encrypted:	false
SSDEEP:	6:m0dolyq2P923iKKdKgXz4rRIFUtpjdQ1ZmwPjd7lRkwO923iKKdKgXz4q8LJ:Rtv45KkgXiuFUtphQ1/Ph7z5L5KkgX2J
MD5:	121734C7063818CCB7C6BD73D0631E85
SHA1:	F93622AACFDCE24ADE3535401AD57EA3819C91DD
SHA-256:	150AF183A42DF01A62DEED918D0B6541ED3A1100D1B5591EBCDDCB1E5D8480A5
SHA-512:	B9EB78598439669EE8EA50C05DEF49AF498863C5BC07A7E8AC8193CC9B5D2BD7BF84DEDA6038702AD459917202A48B7CFA22F59A3FDF43B56497058571D7018F
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.684 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/07/22-19:22:47.686 17e4 Recovering log #3.2021/07/22-19:22:47.687 17e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.178590125178598
Encrypted:	false
SSDEEP:	192:wIElwQF8mpcS3aNHWXNffLHxqzFvHcgflLHxqeFXUN:iaN2XNXLEzh8g9LEexUN
MD5:	984D428A7A948D6BE0F94149B8647F93
SHA1:	138FB0DC5F3BEC1C2638A8B86C19EC96436D8EA3
SHA-256:	F30D576DEF74A2B527DED265E0FBE05BB80901A601789CB7465B50FDEDEFF2C6
SHA-512:	1BF5A76E8BFE438A29727C20FEFC4F9AE78995EB99C53B498C1E9B898F11667F9C265E19660B0AA592B2DB4CF83E6F25FFE84652F952F59DE91C85BDBAD3321C
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29252
Entropy (8bit):	0.6286256701331667
Encrypted:	false
SSDEEP:	48:LUqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU4E4:LUhIElwQF8mpcSK
MD5:	7B62A3211C4D9F46C933B73B095582F1
SHA1:	DD9E9804985FD8C52F3F5734891A4AD0B782FAE8
SHA-256:	09151CFD35D454A5F5AC4D01E933D9CA3C09156ED41232E54ED1C87F5981C295
SHA-512:	68D8D928726954FB75AEB57EBFF13CF21FB29709F07DC7ADE23375D28E5FA63CFCE4A00E68563F8848241F610452D6DFFEA6B27DB0234F440FA88999ACE424AF
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	248
Entropy (8bit):	4.131572182832036
Encrypted:	false
SSDEEP:	3:5lFlJlkS/ldllaWWSEG/z6Gi3wTXvSwL2TK9DlL1FUL1FUL1FUL1FUL1FUL1:5lllFllaZ3b3wewL2G95EEEEE
MD5:	BBBCE24BFA5521F6934A62D9771F4EC8
SHA1:	2C6F239BD05F1E6528D0C916F563B1A08B63819C
SHA-256:	8FC069C10A6BC8618E874BB7399F91EA5436EDB2A1A39072EAF4BED0BF3F0E41
SHA-512:	39DDD8F61923DC2F3AA51D60698C4B9EF3DBA929E6FF78ACA8990B20451888A7A12E28CCC5C49B8BAE2E8750A8ECD2E98DB0B33BDB7D813FEDF35DC5E89BF51A
Malicious:	false
Reputation:	low
Preview:	..&f...............$...l................next-map-id.1.Mnamespace-a7776c96_4c88_4700_824e_997f5c26c0e7-https://create.piktochart.com/.0V.e................V.e................V.e................V.e................V.e................V.e................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.13978280478321
Encrypted:	false
SSDEEP:	6:m0Ngyq2P923iKKdKrQMxIFUtpjVvUnz1ZmwPjVI0jRkwO923iKKdKrQMFLJ:bv45KkCFUtppvy1/Ppp5L5KktJ
MD5:	FB11991C306F7ABF9838DA11FCEA19A8
SHA1:	11A3FFA85F31625CE3B07D6EC0FA5EA56715576A
SHA-256:	9594D0879751285082CA0E9021D79E18A2C8D1AE97C1F45D928D72CA7F9FB672
SHA-512:	3CC03C99478782FE0A26761564EAC0404F10E842B8EF6B1A6E88FB8A83AC8AE2E8BD1765CEDA3B1E8928336E6388DE7A9C1E7EACB76D7AB395B9D6ECD7382878
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.598 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/07/22-19:22:47.600 17e4 Recovering log #3.2021/07/22-19:22:47.601 17e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.152127656574546
Encrypted:	false
SSDEEP:	6:m0Ac1M+q2P923iKKdK7Uh2ghZIFUtpjuF7ZmwPjCMVkwO923iKKdK7Uh2gnLJ:p1M+v45KkIhHh2FUtpSh/POMV5L5KkIT
MD5:	B1B1067ED2AA6172EB7014578DC14970
SHA1:	0FAA4D88877EC21DF270620703F2534507B8D201
SHA-256:	1D3311E32AF82692057D24E15ECBA71642F9F317814415907AA656B1FB45FCE0
SHA-512:	0B9539F75D1510D358E34FAB1FE21A4F3312B4760C3B22D6FAF90FD2DBD5C8D1B46EF43602466365D18C42C2BB1BD313C1E4120D84F8B402C49FD2A49406B384
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.218 16fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/07/22-19:22:47.230 16fc Recovering log #3.2021/07/22-19:22:47.237 16fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\5a776fe8-c5e7-412a-aa9a-00022882cdd5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.956993026220225
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5rAcJksDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdVAsBdLJlyH7E4f3K33y
MD5:	0C03D530AC97788D62D27B2802C34D83
SHA1:	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D
SHA-256:	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
SHA-512:	D5905C124060997A14322D12DECE5C00C63F7174743C740C974D00E88B03F203909CC2AC972B2759E8087B0B10F6306C6E66BF853319B5AC96907F34C8456C80
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542588505091","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.264864539060411
Encrypted:	false
SSDEEP:	6:m0PUpM+q2P923iKKdKusNpV/2jMGIFUtpjdZmwPjYMVkwO923iKKdKusNpV/2jM4:r/+v45KkFFUtpR/PlV5L5KkOJ
MD5:	A6BD0AA535440BFD6BAD72E837EAA0A8
SHA1:	F479EE542783882FF95A5C0C1B5A6E6ED6BAEED2
SHA-256:	01B3ECABBE1DFCED7DBB1395110B921FA4C1674A9A3DACD2D58BB3C933749272
SHA-512:	F9F69AB0AB05CC80A06DE977A9DECA031930866F8D81343F2072EC2C5EE7393C4DF7AB2669E0D27CD6963DEE1022D2744627F38082EE97741242B257FDD915BF
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.633 171c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-19:22:47.635 171c Recovering log #3.2021/07/22-19:22:47.635 171c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.271106614597946
Encrypted:	false
SSDEEP:	6:m0ZQ+q2P923iKKdKusNpqz4rRIFUtpjZ5gZmwPjIQVkwO923iKKdKusNpqz4q8LJ:2+v45KkmiuFUtpdW/PRV5L5Kkm2J
MD5:	EAEB047815D80E43F9E92CC6DD9A759E
SHA1:	55E8AA77731C36CA0AB2A1D53A4428D2E51398BF
SHA-256:	EC44E47BAF94E65D8DAAC2A0B6984BACBC9ECACE55A14A883EE53163883E1A53
SHA-512:	3F988D34695D2BE693BD58707A1DCA852476D1DB6F95DEDAD461328C772982B5E8520D77922D090D603D6C9DA653DFFBDDDB057A5F72F744702A806FEC94100C
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.691 132c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/07/22-19:22:47.693 132c Recovering log #3.2021/07/22-19:22:47.694 132c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.258894578291829
Encrypted:	false
SSDEEP:	6:mO9TTq2P923iKKdKusNpZQMxIFUtp39TUZmwP39TUkwO923iKKdKusNpZQMFLJ:dHv45KkMFUtpNA/PNo5L5KkTJ
MD5:	4188D9B0E2EEF8C7ACA99F584934C7F3
SHA1:	E0936078AF8D19096F92A37A1BAA51C582157BCC
SHA-256:	62DF94D66D8E1488719F599AC51A823197C316DA9CB6C3EBE13013C3EAB86DFA
SHA-512:	D6C572D7DDF0CE2855E059964BB62F4E71726104CC166F78BF0BB842A60CA8DBC7E663569F53B1330022EAFE04DFE096F13D7DB1265B1FD83BF31810C40DE09F
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:06.092 1764 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/07/22-19:23:06.094 1764 Recovering log #3.2021/07/22-19:23:06.094 1764 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	592
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E8E:8N
MD5:	B505641E5E90B7CF4BC869DD1B4BE451
SHA1:	0EC7B13DC043E054AB48B8F45FE49EF1209C01AA
SHA-256:	2755F85F14CF33404CEEBF053D0CB79DC3B98D643A51075737E6A5BE154FE1D9
SHA-512:	610AF095630C93B0586F4D9CA84FA75454C472C557D4FDBC0D5C1851F9AABF8653079A7ADE4659ABADDEDC2E02E58AD13C7244CD004B0AA5A462307F293F83A3
Malicious:	false
Reputation:	low
Preview:	.'..(....................................................................................................................................................................................................................................................................................................'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.16843344047493
Encrypted:	false
SSDEEP:	12:ddQ0Iv45KkkGHArBFUtpNdpy1/PNdH5L5KkkGHAryJ:de0645KkkGgPgXyXjL5KkkGga
MD5:	97E86E407101D218F34720C806489319
SHA1:	7012D1825C17C340F7ADA70F4E8196DD080432E0
SHA-256:	D7BFB0FB5642F327EB1E48F8F50E590AAC7EA19F7F04F9E25728391731635C94
SHA-512:	B7C8760C78A8449AD44C908EDDE560CF7DAB23D23DAB66BCB65C8A02A37D027BBA47C66C06E60BDA2C14214A895402BB23EE04113C7A9159A03AC1C0C24646EB
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:08.108 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-19:23:08.110 17e4 Recovering log #3.2021/07/22-19:23:08.111 17e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	431
Entropy (8bit):	5.1845631614525605
Encrypted:	false
SSDEEP:	12:ddgv45KkkGHArqiuFUtpNdMyX/PNdMyF5L5KkkGHArq2J:ds45KkkGgCgXyGyoL5KkkGg7
MD5:	50B7126D3E77641A3A33AFEA9EE52751
SHA1:	8ECAB6C4B7F73E7032FD2061C27861D9A93A0514
SHA-256:	84F17CC66995CF443997AEEE2455CA00891E290D4FDAE4E89B5E7D193C6EF994
SHA-512:	8A4F25F85EF4E9FFB8749EAAB4203E7B7192D5519016E5118306060E23FA22639D356224883E73C95B2C910120F3026B00A0BF31289D62FFC1CD3201D52E0A2F
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:08.119 4a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/07/22-19:23:08.122 4a4 Recovering log #3.2021/07/22-19:23:08.122 4a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljl:5ljl
MD5:	E9C694B34731BF91073CF432768A9C44
SHA1:	861F5A99AD9EF017106CA6826EFE42413CDA1A0E
SHA-256:	01C766E2C0228436212045FA98D970A0AD1F1F73ABAA6A26E97C6639A4950D85
SHA-512:	2A359571C4326559459C881CBA4FF4FA9F312F6A7C2955B120B907430B700EA6FD42A48FBB3CC9F0CA2950D114DF036D1BB3B0618D137A36EBAAA17092FE5F01
Malicious:	false
Reputation:	low
Preview:	..&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.164338264346878
Encrypted:	false
SSDEEP:	12:05+v45KkkGHArAFUtpECX/PECXiV5L5KkkGHArfJ:0+45KkkGgkgazCXEL5KkkGgV
MD5:	A4A857E1685AF3FEF19F26266DDA0674
SHA1:	0FE6A2EE5C1D945C96EA6115D1C2C48EE21904A2
SHA-256:	F11D10239339F77A91E1EE125341A57AF48A59B04BA7B613A8160EA51C8D194C
SHA-512:	CA6BD8DD027642A159CEDDC3E98203D9F84A233DE78EFDFAF1EDC0AB8A90A1F327B4A60CE59AC6A2C44CA878C828312EA2DCB86A987E5F4479641E549D70A04C
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:23.579 132c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/07/22-19:23:23.581 132c Recovering log #3.2021/07/22-19:23:23.582 132c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\f9be0920-44a8-41f4-93e8-e3dd8dc6477b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.976576189225149
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5OV/sDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdysBdLJlyH7E4f3K33y
MD5:	5886A009EB58EE06A16EFD6D1BA9A046
SHA1:	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40
SHA-256:	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
SHA-512:	D24F30A2E35F903AC10AACC4425C58BECB1C6BE2BA30A3C2B9D9D46CE04914AA71F55B3B16ED89081AD65A7090C77F5DC4A258B7B98D71E6A994D176536FBB27
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542597817103","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Reputation:	low
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.184953516738247
Encrypted:	false
SSDEEP:	6:m0ArK4q2P923iKKdKpIFUtpjuFRE9ZmwPjoFREPkwO923iKKdKa/WLJ:t4v45KkmFUtpSrE9/PcR05L5KkaUJ
MD5:	3D2AA726F94EC9972087AC2FAB8BFC39
SHA1:	0D55912932D4219D6B62FA92CF1176F9A31EAEA9
SHA-256:	C13BE0FA0ED4B8740CD6D2099F38F2F9E7D0FE037475168BEDFE33C640300492
SHA-512:	DEE6C5045113FDD41005B1019F693F73FA0E6BF27E11E8E43705BD2DA3CEDF5899E656A7ABBDAEB8FC7F17099C91322DA8D011B2DA9C9B24015BA33D2F255E95
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:22:47.218 4a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/07/22-19:22:47.230 4a4 Recovering log #3.2021/07/22-19:22:47.236 4a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	401
Entropy (8bit):	5.320228047034096
Encrypted:	false
SSDEEP:	6:mO9USK4q2P923iKKdKks8Y5JKKhdIFUtp39UDZmwP39UTokwO923iKKdKks8Y5JF:dzpv45KkkOrsFUtpNe/PNr5L5KkkOrzJ
MD5:	05BBCA769457E1A14643BAAA031787D2
SHA1:	B6A684EC44FC814A443F202453EB3E3D07077BAE
SHA-256:	8DCC84C21C5491FDCF14AF292B316A25BC15C5CABD69BDE52D1D13BC645D2866
SHA-512:	7CFCFDEC6F48FDC02AE93A9C041415EA76D8BA4B0876FB07D74858FA45F8F2AAF0C16EC4981B3AD9AF0169BD015707F5555CA446F5C0F7BB0F26841ACAE36BFE
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:09.553 4a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/07/22-19:23:09.555 4a4 Recovering log #3.2021/07/22-19:23:09.556 4a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.0220552088742
Encrypted:	false
SSDEEP:	3:1//Rn:1R
MD5:	476B7D50CCAB542BB7C4638314D6C329
SHA1:	CBD5DE2762A588181365B1D9393C9B75BAD12602
SHA-256:	1D329D054FF1E90241A8B69345800E085E242CB8B306D953BF9F2B1E741D97E8
SHA-512:	4B5667E1FE317F34DF2FA97E35635443DBE0B92CB7BFA8A660C7E1BDB5FBF14F35B3693D5FF083CC15AAF9CD76AAAC667684D3D9DB30EA0F3F7E5C3C77EB24B2
Malicious:	false
Reputation:	low
Preview:	......Zsh.??

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\810afb19-41a1-44f6-9b3e-8fdf3d654ef1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	175509
Entropy (8bit):	5.489440694064333
Encrypted:	false
SSDEEP:	1536:rKbsLAR2A4VBQV1111111111111Nr366R6faFR+up0y0y2im1OsFcgYzQNL9X:rKbsLAR2fe/FZntrslfX
MD5:	33EABC19FDF40F3D36B6870EF5861957
SHA1:	CF3EF59C3940B58C314E9F6A1616751553F2D9A2
SHA-256:	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
SHA-512:	47CFEDB1FDBC9BC09905C70F69A5114C64A8FC791BCA480D24972275276F00CEB230C579B4217337F9C69ECB2AB3221A3B549F06E8074D76BCE2F31773FB69F5
Malicious:	false
Reputation:	low
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .w`...M..(............. ..............................+.O-8&]P>/^Q?-^&:?I.1;<....qye.f.%.......X...E.....I...k}....{.m.t.CP..........E...\...............=H..,A..,J..;P......................................................................................nnp}nnp}........~~~........!...!---2---2... ........................................(............. ................................!...7.#.:3,";3,!<.&'/............NPLYt.F.K.%.....L..C.....1...`...KOPVutz}..A.BxX.......P...Q.....1...x...tqpyxuux...0D..DP..........G...........uojuppnw....t\|..9F..-=..+:..5:..rr......llkrkkmw................................ggitllkv................................hhgssss~............YY\eYY[e............nnnzXXXa.............................RRR\..........................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:SeFcn:Sec
MD5:	61B979ECA159ECAC9C7F8F1D6FD43E9D
SHA1:	0373696351FC2172E811DA8393DEC84036FA34A0
SHA-256:	AB05E0A6FF7E8FFF89F924B279D93AFC72ACCE817C4D250C60BB8059CC534303
SHA-512:	C95825DA33CBDDFA627D9FF9A5B8371BC5F4E643A09573B6E1E839A83B619F53D878C344030B9701DCBC24D4CECCC016CF4D298D10EE8C37D1B5FEC1A51682B6
Malicious:	false
Reputation:	low
Preview:	F......r...(R..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.4195167105896935
Encrypted:	false
SSDEEP:	3:tUKIE9SFpgZmwv32E9SRO0V8s2E9SRO0WGv:mO9spgZmwP39X0Vv39X0tv
MD5:	82B8E0924B813402CF79AD665B47F8FB
SHA1:	D1C65836F9139508495D6E8A27CDA3D84A3E30F9
SHA-256:	8F91EBCC39B488B86DD1AB5E3093686EA881923F07667E98D140F047ED0E56D8
SHA-512:	0F0666C3F41EE641A9749F7F9499FD687E5FDB563A48A22B6D163430C93B0B6453E150AE7682A8407D886536FD5AA8CFDDC68AB83E9D70A5B59413B6C5D4DD5C
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:07.143 13fc Recovering log #3.2021/07/22-19:23:07.177 13fc Delete type=0 #3.2021/07/22-19:23:07.177 13fc Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Reputation:	low
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fd407ea9-afbb-4a74-912f-e0aa9d694848.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	24055
Entropy (8bit):	5.533603404802064
Encrypted:	false
SSDEEP:	384:FCstELlDFX+1kXqKf/pUZNCgVLH2HfDMrUcHGdHGQnTRrGNI4j:YLl9+1kXqKf/pUZNCgVLH2HfArUQGBGJ
MD5:	A3132A3836ED37DA1EC42679D288373C
SHA1:	DBBC1660DDEAF6415A75B01D67A782EED626DDF9
SHA-256:	98453A8A195AF1F75122E2D41CEBB7195B5130AE38D8D0F622DD4B82B7E3447E
SHA-512:	A829189247083F77C7F79C93F98AE57C4B23A022A11FC6F0989FB4CD6937B8BFE52668E5A4C71BC366C49ABDFD0EC05BF2FA214269DE7899A3242A7F6E2B1AB1
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271480567206798","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.20893485174274
Encrypted:	false
SSDEEP:	6:mO9dfQ+q2P923iKKdKfrzAdIFUtp39dDpgZmwP39dhQpQVkwO923iKKdKfrzILJ:ddo+v45Kk9FUtpNdq/PNd1V5L5Kk2J
MD5:	1AD332666F304186F16C25B4416CA121
SHA1:	888E1BA71CFF2EB2F61052798084F0BFB704E7D8
SHA-256:	0E51FDB56A91B687A5B8E7B78DB5C64D2DBF688E5393C9AF4BCE8D0390D3C04C
SHA-512:	6CD55C4218BFE01362C798306F269982FE4B7C69F7A5B895FD2C87C43397750798B6B4141CC56F1D35232F55EBA32143B3376407AB18AC904DCE2089D54EA889
Malicious:	false
Reputation:	low
Preview:	2021/07/22-19:23:08.640 132c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/07/22-19:23:08.642 132c Recovering log #3.2021/07/22-19:23:08.643 132c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source IP	Dest IP
07/22/21-19:23:06.697011	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.63	192.168.2.5
07/22/21-19:23:08.406606	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.57	192.168.2.5
07/22/21-19:23:08.408339	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.61	192.168.2.5
07/22/21-19:23:10.120968	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.63	192.168.2.5
07/22/21-19:23:11.469480	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.57	192.168.2.5
07/22/21-19:23:11.472406	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.61	192.168.2.5
07/22/21-19:23:16.589097	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.63	192.168.2.5
07/22/21-19:23:17.953343	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.57	192.168.2.5
07/22/21-19:23:17.956244	ICMP	399	ICMP Destination Unreachable Host Unreachable	162.241.150.61	192.168.2.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 19:22:52.371006966 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.382167101 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.383011103 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.386492968 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.422457933 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.422564030 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.422822952 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.423764944 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.423850060 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.424110889 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.426506996 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.426618099 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.426801920 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.438990116 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.440563917 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.440655947 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.467305899 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.468962908 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.471373081 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.471410036 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.471477032 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.474961042 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.474982977 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.475006104 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.475136042 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.488981009 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.489005089 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.489027977 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.489048004 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.489105940 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.489130974 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.496929884 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.510741949 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.510773897 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.510848045 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.741411924 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.742928028 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.743895054 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.753196001 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.755855083 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.757869005 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.757935047 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.758907080 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.759104013 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.759227991 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.759387970 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.759437084 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.784888029 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.784923077 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.785173893 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.787734032 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.787774086 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.787934065 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.791739941 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.792716026 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.795021057 CEST	443	49713	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.795146942 CEST	49713	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.799952030 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.799971104 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.811657906 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.811714888 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.811728001 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.811738014 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.811821938 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.812184095 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.813337088 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.827089071 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.827136993 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.827155113 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.827169895 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.827188015 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.827225924 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.828943968 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.831594944 CEST	49711	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:22:52.831782103 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.831815958 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.831859112 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.831882000 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.831964016 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.832032919 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.832076073 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.832088947 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.833856106 CEST	49715	443	192.168.2.5	172.217.168.45
Jul 22, 2021 19:22:52.847372055 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.865067005 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.869838953 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.881392002 CEST	443	49711	142.250.203.110	192.168.2.5
Jul 22, 2021 19:22:52.885924101 CEST	443	49715	172.217.168.45	192.168.2.5
Jul 22, 2021 19:22:52.943670988 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.943799973 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.943820953 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.943837881 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.943876982 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.943916082 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.945116997 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.945139885 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.945218086 CEST	49714	443	192.168.2.5	104.26.13.189
Jul 22, 2021 19:22:52.945329905 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.945684910 CEST	443	49714	104.26.13.189	192.168.2.5
Jul 22, 2021 19:22:52.945740938 CEST	49714	443	192.168.2.5	104.26.13.189

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 19:22:39.097749949 CEST	61805	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:39.155018091 CEST	53	61805	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:40.221313000 CEST	54795	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:40.278399944 CEST	53	54795	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:40.518443108 CEST	49557	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:40.578129053 CEST	53	49557	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:41.423778057 CEST	61733	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:41.484067917 CEST	53	61733	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:42.412998915 CEST	65447	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:42.465409040 CEST	53	65447	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:43.826333046 CEST	52441	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:43.878292084 CEST	53	52441	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:44.965151072 CEST	62176	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:45.014209032 CEST	53	62176	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:46.711350918 CEST	59596	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:46.760590076 CEST	53	59596	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:48.761889935 CEST	65296	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:48.813255072 CEST	53	65296	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:51.871392965 CEST	55161	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:51.928617001 CEST	53	55161	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.299844980 CEST	54757	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.313056946 CEST	49992	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.313093901 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.313635111 CEST	55016	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.315608025 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.360459089 CEST	53	54757	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.370101929 CEST	53	49992	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.373300076 CEST	53	55016	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.378417015 CEST	53	64345	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.382570028 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.843266964 CEST	57128	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.897883892 CEST	54791	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.900005102 CEST	53	57128	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.906568050 CEST	50463	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:52.947762966 CEST	53	54791	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:52.955704927 CEST	53	50463	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.193850994 CEST	50394	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.194490910 CEST	58530	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.195162058 CEST	53813	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.200031996 CEST	63732	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.200058937 CEST	57344	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.244442940 CEST	53	53813	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.251606941 CEST	53	58530	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.262561083 CEST	53	63732	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.266258001 CEST	53	57344	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.285761118 CEST	53	50394	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.342870951 CEST	54450	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.408551931 CEST	53	54450	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.843416929 CEST	59261	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.904256105 CEST	53	59261	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:53.985599041 CEST	57151	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:53.991218090 CEST	59413	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.057522058 CEST	60516	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.068702936 CEST	53	59413	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.068730116 CEST	53	57151	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.087304115 CEST	51649	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.149866104 CEST	53	60516	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.149947882 CEST	53	51649	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.167602062 CEST	56432	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.167640924 CEST	65086	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.169193983 CEST	52929	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.171351910 CEST	64317	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:54.229350090 CEST	53	56432	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.229374886 CEST	53	52929	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.229614019 CEST	53	64317	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.230139971 CEST	53	65086	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:54.411659002 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.473329067 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.473352909 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.473372936 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.474919081 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.476429939 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.478178024 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.478189945 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.547255039 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.547393084 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.547411919 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.547497988 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.547513962 CEST	443	64319	216.58.215.238	192.168.2.5
Jul 22, 2021 19:22:54.566695929 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.573857069 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:54.599649906 CEST	64319	443	192.168.2.5	216.58.215.238
Jul 22, 2021 19:22:55.534179926 CEST	61515	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:55.599709034 CEST	53	61515	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:55.914499044 CEST	56675	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:55.975691080 CEST	53	56675	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:56.007910967 CEST	57172	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:56.069447994 CEST	53	57172	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:56.267446995 CEST	55267	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:56.267472982 CEST	50969	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:56.272736073 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.322052002 CEST	53	50969	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:56.327737093 CEST	64362	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:56.337419987 CEST	53	55267	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:56.337918997 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.337954998 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.338005066 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.338360071 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.339795113 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.340610981 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.396342993 CEST	53	64362	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:56.420269012 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421333075 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421372890 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.421385050 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421411037 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421433926 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421456099 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421477079 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421498060 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421516895 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421538115 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.421560049 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.423666000 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.424680948 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.426805019 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.429020882 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.429088116 CEST	443	50970	172.217.168.3	192.168.2.5
Jul 22, 2021 19:22:56.436172009 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436366081 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436389923 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436489105 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436566114 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436657906 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.436758041 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:56.461976051 CEST	50970	443	192.168.2.5	172.217.168.3
Jul 22, 2021 19:22:57.073492050 CEST	54766	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:57.113959074 CEST	61446	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:57.125384092 CEST	53	54766	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:57.128494024 CEST	57515	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:57.173775911 CEST	53	61446	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:57.185369968 CEST	53	57515	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:58.078910112 CEST	58199	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:58.130574942 CEST	53	58199	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:58.248349905 CEST	65221	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:58.316319942 CEST	53	65221	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:58.637203932 CEST	61573	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:58.699628115 CEST	53	61573	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:58.806554079 CEST	56562	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:58.896047115 CEST	53	56562	8.8.8.8	192.168.2.5
Jul 22, 2021 19:22:58.954864979 CEST	53591	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:22:59.015944958 CEST	53	53591	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:05.598495960 CEST	63458	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:05.656308889 CEST	53	63458	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:05.784672976 CEST	50422	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:05.841326952 CEST	53	50422	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:06.284576893 CEST	53247	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:06.456288099 CEST	53	53247	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:07.586065054 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.650609016 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.650651932 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.650671005 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.651660919 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.652895927 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.653249979 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.718369961 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.719310999 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.723273993 CEST	58544	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:07.735671997 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.735697985 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.735704899 CEST	443	53249	142.250.203.110	192.168.2.5
Jul 22, 2021 19:23:07.736331940 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.768238068 CEST	53249	443	192.168.2.5	142.250.203.110
Jul 22, 2021 19:23:07.785353899 CEST	53	58544	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:08.285300016 CEST	53814	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:08.344357967 CEST	53	53814	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:09.645665884 CEST	51305	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:09.698276043 CEST	53	51305	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:12.631161928 CEST	59736	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:12.631237030 CEST	51058	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:12.631292105 CEST	52636	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:12.680207014 CEST	53	51058	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:12.683444023 CEST	53	52636	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:12.691370010 CEST	53	59736	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:13.225231886 CEST	53670	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:13.275252104 CEST	53	53670	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:15.907546043 CEST	55160	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:15.966136932 CEST	53	55160	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:16.622618914 CEST	61414	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:16.684710026 CEST	53	61414	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:27.675288916 CEST	63847	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:27.734105110 CEST	53	63847	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:48.162936926 CEST	50551	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:48.219871998 CEST	53	50551	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:48.565589905 CEST	57712	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:48.622248888 CEST	53	57712	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:48.733262062 CEST	61064	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:48.793876886 CEST	53	61064	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:51.317840099 CEST	61891	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:51.368551016 CEST	53	61891	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:57.208761930 CEST	61585	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:57.267064095 CEST	53	61585	8.8.8.8	192.168.2.5
Jul 22, 2021 19:23:57.995587111 CEST	65163	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:23:58.069186926 CEST	53	65163	8.8.8.8	192.168.2.5
Jul 22, 2021 19:24:05.210817099 CEST	58969	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:24:05.268326998 CEST	53	58969	8.8.8.8	192.168.2.5
Jul 22, 2021 19:24:11.610820055 CEST	53977	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:24:11.670958996 CEST	53	53977	8.8.8.8	192.168.2.5
Jul 22, 2021 19:24:14.458736897 CEST	57147	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:24:14.520036936 CEST	53	57147	8.8.8.8	192.168.2.5
Jul 22, 2021 19:24:16.062160015 CEST	52381	53	192.168.2.5	8.8.8.8
Jul 22, 2021 19:24:16.122131109 CEST	53	52381	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 22, 2021 19:22:52.313056946 CEST	192.168.2.5	8.8.8.8	0xa880	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.313093901 CEST	192.168.2.5	8.8.8.8	0x7e3c	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.315608025 CEST	192.168.2.5	8.8.8.8	0x512e	Standard query (0)	create.piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.193850994 CEST	192.168.2.5	8.8.8.8	0x7d6e	Standard query (0)	s7.addthis.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.194490910 CEST	192.168.2.5	8.8.8.8	0x1fca	Standard query (0)	js.hs-scripts.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.200031996 CEST	192.168.2.5	8.8.8.8	0xd657	Standard query (0)	assets.pinterest.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.342870951 CEST	192.168.2.5	8.8.8.8	0xa821	Standard query (0)	fonts.piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.843416929 CEST	192.168.2.5	8.8.8.8	0x2894	Standard query (0)	piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.985599041 CEST	192.168.2.5	8.8.8.8	0xd4aa	Standard query (0)	z.moatads.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.991218090 CEST	192.168.2.5	8.8.8.8	0x38a4	Standard query (0)	connect.facebook.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.057522058 CEST	192.168.2.5	8.8.8.8	0xe813	Standard query (0)	m.addthis.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.087304115 CEST	192.168.2.5	8.8.8.8	0xe240	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.167602062 CEST	192.168.2.5	8.8.8.8	0x38e8	Standard query (0)	js.hs-analytics.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.167640924 CEST	192.168.2.5	8.8.8.8	0xd8dc	Standard query (0)	js.hsleadflows.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.169193983 CEST	192.168.2.5	8.8.8.8	0x3db2	Standard query (0)	js.hsadspixel.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.171351910 CEST	192.168.2.5	8.8.8.8	0xab4a	Standard query (0)	js.hs-banner.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.007910967 CEST	192.168.2.5	8.8.8.8	0x4439	Standard query (0)	c0.piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.267446995 CEST	192.168.2.5	8.8.8.8	0x2236	Standard query (0)	platform.twitter.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.267472982 CEST	192.168.2.5	8.8.8.8	0x2487	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.327737093 CEST	192.168.2.5	8.8.8.8	0xad01	Standard query (0)	api-public.addthis.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.073492050 CEST	192.168.2.5	8.8.8.8	0x200a	Standard query (0)	syndication.twitter.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.113959074 CEST	192.168.2.5	8.8.8.8	0xb0fa	Standard query (0)	beacon-v2.helpscout.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.128494024 CEST	192.168.2.5	8.8.8.8	0x84a9	Standard query (0)	track.hubspot.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.078910112 CEST	192.168.2.5	8.8.8.8	0xa549	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.248349905 CEST	192.168.2.5	8.8.8.8	0xea8f	Standard query (0)	d3hb14vkzrxvla.cloudfront.net	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.637203932 CEST	192.168.2.5	8.8.8.8	0xbdf3	Standard query (0)	create.piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.806554079 CEST	192.168.2.5	8.8.8.8	0x3931	Standard query (0)	assets.pinterest.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.954864979 CEST	192.168.2.5	8.8.8.8	0xf4ca	Standard query (0)	c0.piktochart.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:05.784672976 CEST	192.168.2.5	8.8.8.8	0x6129	Standard query (0)	forms.hubspot.com	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:06.284576893 CEST	192.168.2.5	8.8.8.8	0x977	Standard query (0)	prosalonbox.org	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:07.723273993 CEST	192.168.2.5	8.8.8.8	0x90c4	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 22, 2021 19:22:52.370101929 CEST	8.8.8.8	192.168.2.5	0xa880	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:52.370101929 CEST	8.8.8.8	192.168.2.5	0xa880	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.378417015 CEST	8.8.8.8	192.168.2.5	0x512e	No error (0)	create.piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.378417015 CEST	8.8.8.8	192.168.2.5	0x512e	No error (0)	create.piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.378417015 CEST	8.8.8.8	192.168.2.5	0x512e	No error (0)	create.piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:52.382570028 CEST	8.8.8.8	192.168.2.5	0x7e3c	No error (0)	accounts.google.com		172.217.168.45	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.244442940 CEST	8.8.8.8	192.168.2.5	0x77e8	No error (0)	www-googletagmanager.l.google.com		172.217.168.8	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.251606941 CEST	8.8.8.8	192.168.2.5	0x1fca	No error (0)	js.hs-scripts.com		104.17.211.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.251606941 CEST	8.8.8.8	192.168.2.5	0x1fca	No error (0)	js.hs-scripts.com		104.17.213.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.251606941 CEST	8.8.8.8	192.168.2.5	0x1fca	No error (0)	js.hs-scripts.com		104.17.210.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.251606941 CEST	8.8.8.8	192.168.2.5	0x1fca	No error (0)	js.hs-scripts.com		104.17.212.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.251606941 CEST	8.8.8.8	192.168.2.5	0x1fca	No error (0)	js.hs-scripts.com		104.17.214.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.262561083 CEST	8.8.8.8	192.168.2.5	0xd657	No error (0)	assets.pinterest.com	s.pinimg.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:53.262561083 CEST	8.8.8.8	192.168.2.5	0xd657	No error (0)	s.pinimg.com	s-pinimg-com.gslb.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:53.262561083 CEST	8.8.8.8	192.168.2.5	0xd657	No error (0)	s-pinimg-com.gslb.pinterest.com	2-01-37d2-0006.cdx.cedexis.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:53.262561083 CEST	8.8.8.8	192.168.2.5	0xd657	No error (0)	dualstack.pinterest.map.fastly.net		151.101.112.84	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.266258001 CEST	8.8.8.8	192.168.2.5	0x6843	No error (0)	www-google-analytics.l.google.com		216.58.215.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.285761118 CEST	8.8.8.8	192.168.2.5	0x7d6e	No error (0)	s7.addthis.com	s8.addthis.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:53.285761118 CEST	8.8.8.8	192.168.2.5	0x7d6e	No error (0)	s8.addthis.com	ds-s7.addthis.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:53.408551931 CEST	8.8.8.8	192.168.2.5	0xa821	No error (0)	fonts.piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.408551931 CEST	8.8.8.8	192.168.2.5	0xa821	No error (0)	fonts.piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.408551931 CEST	8.8.8.8	192.168.2.5	0xa821	No error (0)	fonts.piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.904256105 CEST	8.8.8.8	192.168.2.5	0x2894	No error (0)	piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.904256105 CEST	8.8.8.8	192.168.2.5	0x2894	No error (0)	piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:53.904256105 CEST	8.8.8.8	192.168.2.5	0x2894	No error (0)	piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.068702936 CEST	8.8.8.8	192.168.2.5	0x38a4	No error (0)	connect.facebook.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:54.068702936 CEST	8.8.8.8	192.168.2.5	0x38a4	No error (0)	scontent.xx.fbcdn.net		157.240.17.15	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.068730116 CEST	8.8.8.8	192.168.2.5	0xd4aa	No error (0)	z.moatads.com	wildcard.moatads.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:54.149866104 CEST	8.8.8.8	192.168.2.5	0xe813	No error (0)	m.addthis.com	m.addthisedge.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:54.149866104 CEST	8.8.8.8	192.168.2.5	0xe813	No error (0)	m.addthisedge.com	ds-m.addthisedge.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:54.149947882 CEST	8.8.8.8	192.168.2.5	0xe240	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229350090 CEST	8.8.8.8	192.168.2.5	0x38e8	No error (0)	js.hs-analytics.net		104.17.71.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229350090 CEST	8.8.8.8	192.168.2.5	0x38e8	No error (0)	js.hs-analytics.net		104.17.70.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229350090 CEST	8.8.8.8	192.168.2.5	0x38e8	No error (0)	js.hs-analytics.net		104.17.67.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229350090 CEST	8.8.8.8	192.168.2.5	0x38e8	No error (0)	js.hs-analytics.net		104.17.68.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229350090 CEST	8.8.8.8	192.168.2.5	0x38e8	No error (0)	js.hs-analytics.net		104.17.69.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229374886 CEST	8.8.8.8	192.168.2.5	0x3db2	No error (0)	js.hsadspixel.net		104.17.115.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229374886 CEST	8.8.8.8	192.168.2.5	0x3db2	No error (0)	js.hsadspixel.net		104.17.114.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229374886 CEST	8.8.8.8	192.168.2.5	0x3db2	No error (0)	js.hsadspixel.net		104.17.113.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229374886 CEST	8.8.8.8	192.168.2.5	0x3db2	No error (0)	js.hsadspixel.net		104.17.116.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229374886 CEST	8.8.8.8	192.168.2.5	0x3db2	No error (0)	js.hsadspixel.net		104.17.112.176	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229614019 CEST	8.8.8.8	192.168.2.5	0xab4a	No error (0)	js.hs-banner.com		104.18.21.191	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.229614019 CEST	8.8.8.8	192.168.2.5	0xab4a	No error (0)	js.hs-banner.com		104.18.20.191	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.230139971 CEST	8.8.8.8	192.168.2.5	0xd8dc	No error (0)	js.hsleadflows.net		104.17.234.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.230139971 CEST	8.8.8.8	192.168.2.5	0xd8dc	No error (0)	js.hsleadflows.net		104.17.231.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.230139971 CEST	8.8.8.8	192.168.2.5	0xd8dc	No error (0)	js.hsleadflows.net		104.17.233.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.230139971 CEST	8.8.8.8	192.168.2.5	0xd8dc	No error (0)	js.hsleadflows.net		104.17.230.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:54.230139971 CEST	8.8.8.8	192.168.2.5	0xd8dc	No error (0)	js.hsleadflows.net		104.17.232.204	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:55.975691080 CEST	8.8.8.8	192.168.2.5	0xe7e0	No error (0)	gstaticadssl.l.google.com		172.217.168.3	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.069447994 CEST	8.8.8.8	192.168.2.5	0x4439	No error (0)	c0.piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.069447994 CEST	8.8.8.8	192.168.2.5	0x4439	No error (0)	c0.piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.069447994 CEST	8.8.8.8	192.168.2.5	0x4439	No error (0)	c0.piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.322052002 CEST	8.8.8.8	192.168.2.5	0x2487	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:56.322052002 CEST	8.8.8.8	192.168.2.5	0x2487	No error (0)	star-mini.c10r.facebook.com		157.240.223.35	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.337419987 CEST	8.8.8.8	192.168.2.5	0x2236	No error (0)	platform.twitter.com	cs472.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:56.337419987 CEST	8.8.8.8	192.168.2.5	0x2236	No error (0)	cs472.wac.edgecastcdn.net	cs1-apr-8315.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:56.337419987 CEST	8.8.8.8	192.168.2.5	0x2236	No error (0)	cs1-apr-8315.wac.edgecastcdn.net	wac.apr-8315.edgecastdns.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:56.337419987 CEST	8.8.8.8	192.168.2.5	0x2236	No error (0)	cs1-lb-eu.8315.ecdns.net	cs41.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:56.337419987 CEST	8.8.8.8	192.168.2.5	0x2236	No error (0)	cs41.wac.edgecastcdn.net		93.184.220.66	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:56.396342993 CEST	8.8.8.8	192.168.2.5	0xad01	No error (0)	api-public.addthis.com	ds-api-public.addthis.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:57.125384092 CEST	8.8.8.8	192.168.2.5	0x200a	No error (0)	syndication.twitter.com		104.244.42.8	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.125384092 CEST	8.8.8.8	192.168.2.5	0x200a	No error (0)	syndication.twitter.com		104.244.42.72	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.125384092 CEST	8.8.8.8	192.168.2.5	0x200a	No error (0)	syndication.twitter.com		104.244.42.200	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.125384092 CEST	8.8.8.8	192.168.2.5	0x200a	No error (0)	syndication.twitter.com		104.244.42.136	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.173775911 CEST	8.8.8.8	192.168.2.5	0xb0fa	No error (0)	beacon-v2.helpscout.net		52.84.109.11	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.173775911 CEST	8.8.8.8	192.168.2.5	0xb0fa	No error (0)	beacon-v2.helpscout.net		52.84.109.24	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.173775911 CEST	8.8.8.8	192.168.2.5	0xb0fa	No error (0)	beacon-v2.helpscout.net		52.84.109.95	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.173775911 CEST	8.8.8.8	192.168.2.5	0xb0fa	No error (0)	beacon-v2.helpscout.net		52.84.109.20	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.185369968 CEST	8.8.8.8	192.168.2.5	0x84a9	No error (0)	track.hubspot.com		104.19.154.83	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:57.185369968 CEST	8.8.8.8	192.168.2.5	0x84a9	No error (0)	track.hubspot.com		104.19.155.83	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.130574942 CEST	8.8.8.8	192.168.2.5	0xa549	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.130574942 CEST	8.8.8.8	192.168.2.5	0xa549	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.316319942 CEST	8.8.8.8	192.168.2.5	0xea8f	No error (0)	d3hb14vkzrxvla.cloudfront.net		52.84.107.89	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.316319942 CEST	8.8.8.8	192.168.2.5	0xea8f	No error (0)	d3hb14vkzrxvla.cloudfront.net		52.84.107.8	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.316319942 CEST	8.8.8.8	192.168.2.5	0xea8f	No error (0)	d3hb14vkzrxvla.cloudfront.net		52.84.107.143	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.316319942 CEST	8.8.8.8	192.168.2.5	0xea8f	No error (0)	d3hb14vkzrxvla.cloudfront.net		52.84.107.207	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.699628115 CEST	8.8.8.8	192.168.2.5	0xbdf3	No error (0)	create.piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.699628115 CEST	8.8.8.8	192.168.2.5	0xbdf3	No error (0)	create.piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.699628115 CEST	8.8.8.8	192.168.2.5	0xbdf3	No error (0)	create.piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:58.896047115 CEST	8.8.8.8	192.168.2.5	0x3931	No error (0)	assets.pinterest.com	s.pinimg.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:58.896047115 CEST	8.8.8.8	192.168.2.5	0x3931	No error (0)	s.pinimg.com	s-pinimg-com.gslb.pinterest.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:58.896047115 CEST	8.8.8.8	192.168.2.5	0x3931	No error (0)	s-pinimg-com.gslb.pinterest.com	2-01-37d2-0006.cdx.cedexis.net		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:22:59.015944958 CEST	8.8.8.8	192.168.2.5	0xf4ca	No error (0)	c0.piktochart.com		172.67.71.238	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:59.015944958 CEST	8.8.8.8	192.168.2.5	0xf4ca	No error (0)	c0.piktochart.com		104.26.12.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:22:59.015944958 CEST	8.8.8.8	192.168.2.5	0xf4ca	No error (0)	c0.piktochart.com		104.26.13.189	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:05.841326952 CEST	8.8.8.8	192.168.2.5	0x6129	No error (0)	forms.hubspot.com		104.19.155.83	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:05.841326952 CEST	8.8.8.8	192.168.2.5	0x6129	No error (0)	forms.hubspot.com		104.19.154.83	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:06.456288099 CEST	8.8.8.8	192.168.2.5	0x977	No error (0)	prosalonbox.org		162.241.69.226	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:07.785353899 CEST	8.8.8.8	192.168.2.5	0x90c4	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 19:23:07.785353899 CEST	8.8.8.8	192.168.2.5	0x90c4	No error (0)	googlehosted.l.googleusercontent.com		142.250.203.97	A (IP address)	IN (0x0001)
Jul 22, 2021 19:23:57.267064095 CEST	8.8.8.8	192.168.2.5	0xc2ea	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 22, 2021 19:22:53.346935987 CEST	104.17.211.204	443	192.168.2.5	49720	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sun Jul 04 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Mon Jul 04 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:53.346935987 CEST	104.17.211.204	443	192.168.2.5	49720	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.464327097 CEST	104.17.71.176	443	192.168.2.5	49733	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 14 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Thu Jul 14 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.464327097 CEST	104.17.71.176	443	192.168.2.5	49733	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.464395046 CEST	104.17.115.176	443	192.168.2.5	49734	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sat Jul 17 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Sun Jul 17 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.464395046 CEST	104.17.115.176	443	192.168.2.5	49734	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.484622002 CEST	104.17.234.204	443	192.168.2.5	49736	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 07 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Thu Jul 07 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.484622002 CEST	104.17.234.204	443	192.168.2.5	49736	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.503180027 CEST	104.17.234.204	443	192.168.2.5	49737	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 07 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Thu Jul 07 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.503180027 CEST	104.17.234.204	443	192.168.2.5	49737	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.506468058 CEST	104.17.71.176	443	192.168.2.5	49738	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 14 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Thu Jul 14 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.506468058 CEST	104.17.71.176	443	192.168.2.5	49738	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.514960051 CEST	104.17.115.176	443	192.168.2.5	49739	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sat Jul 17 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Sun Jul 17 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:54.514960051 CEST	104.17.115.176	443	192.168.2.5	49739	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:57.214173079 CEST	104.244.42.8	443	192.168.2.5	49749	CN=syndication.twitter.com, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Feb 05 01:00:00 CET 2021 Thu Sep 24 02:00:00 CEST 2020	Sat Feb 05 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:57.214173079 CEST	104.244.42.8	443	192.168.2.5	49749	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030		b32309a26951912be7dba376398abc3b
Jul 22, 2021 19:22:58.850111961 CEST	104.26.13.189	443	192.168.2.5	49763	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Thu Jun 17 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Fri Jun 17 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jul 22, 2021 19:22:58.850111961 CEST	104.26.13.189	443	192.168.2.5	49763	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19
Jul 22, 2021 19:22:59.142944098 CEST	172.67.71.238	443	192.168.2.5	49767	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Thu Jun 17 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Fri Jun 17 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jul 22, 2021 19:22:59.142944098 CEST	172.67.71.238	443	192.168.2.5	49767	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5752 Parent PID: 4252

General

Start time:	19:22:46
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://create.piktochart.com/output/55231820-voir-le-document-complet'
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 5012 Parent PID: 5752

General

Start time:	19:22:48
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,17532982768526373494,12220488661392661405,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://create.piktochart.com/output/55231820-voir-le-document-complet

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5752 Parent PID: 4252

General

Analysis Process: chrome.exe PID: 5012 Parent PID: 5752

General

Disassembly