Windows Analysis Report
https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

Overview

General Information

Sample URL:	https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s
Analysis ID:	612086
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on image similarity)

No HTML title found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on image similarity)

Source: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

Matcher: Found strong image similarity, brand: Microsoft image: 13434.0.img.3.gfk.csv A5DBD4393FF6A725C7E62B61DF7E72F0

No HTML title found

Source: https://www.office.com/	HTTP Parser: HTML title missing
Source: https://www.office.com/	HTTP Parser: HTML title missing

Source: https://www.office.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.office.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.office.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.office.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49742 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s HTTP/1.1Host: eccfo1.euConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/windows_logo.png HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/icon_check.png HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/Background.jpg HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/Background.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET /static/windows_logo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET /static/icon_check.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.office.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=office&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.office.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sw?cdnDomain=res.cdn.office.net/officehub&workload=officehome HTTP/1.1Host: www.office.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: OH.SID=f0c36293-6b4d-4da0-acec-3188508b41e6; OH.DCAffinity=OH-weu; OH.FLID=dcc9a78d-5ce4-4bf8-bc2c-2745c3d2072c; MUID=0AB22FE83C71638E10A33E643D0A6238; MSFPC=GUID=587d50bfc2a149aca238a67d4b7ec83d&HASH=587d&LV=202204&V=4&LU=1650459569395
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.office.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.gif?DI=4050&did=1&t=&CtsSyncId=B1BED8FFFBD34A5C951B4273A8E67A1D&RedC=c1.microsoft.com&MXFR=376D41D8FED76C0E172E5054FAD76A18 HTTP/1.1Host: c.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=MSHomePage&market=de-ch&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/de-DE/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/de-DE/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=officetemplates&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://templates.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/en-us/office?ui=en-us&rs=en-us&ad=usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Apr 2022 12:59:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 77Connection: closeX-Frame-Options: SAMEORIGIN

Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://api.onedrive.com/v1.0/drive/root
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, c7ba09d0-7de1-45fe-8a56-3a1f445c67f0.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://dns.google
Source: History Provider Cache.0.dr	String found in binary or memory: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s2
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://r5---sn-4g5edn6r.gvt1.com
Source: b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: c4cda97bb6908608_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/0.1084f963ccf1e5efe263.chunk.v6.jsH
Source: c4cda97bb6908608_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/0.1084f963ccf1e5efe263.chunk.v6.jsHP
Source: 1e33ede7037c06b6_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/1.fd278158fa9d8b20bceb.chunk.v6.jsH
Source: 1e33ede7037c06b6_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/1.fd278158fa9d8b20bceb.chunk.v6.jsHP
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.js/
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.jsH
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.jsHP
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.js(window.officehome_we
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.jsH
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.jsHP
Source: a550abe32264d142_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/3.ea9cbde63ad89ac51218.chunk.v6.jsH
Source: a550abe32264d142_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/3.ea9cbde63ad89ac51218.chunk.v6.jsHP
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.js(window.officehome_we
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.jsH
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.jsHP
Source: 3a82c52a9f5c535e_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/6.bb3c64a464eb6c7e03fb.chunk.v6.jsH
Source: 3a82c52a9f5c535e_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/6.bb3c64a464eb6c7e03fb.chunk.v6.jsHP
Source: d41d89949079b45d_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/7.9525c69adf30ccb6bbe7.chunk.v6.jsH
Source: d41d89949079b45d_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/7.9525c69adf30ccb6bbe7.chunk.v6.jsHP
Source: 2cd1b97aa306dd0f_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/officehome-async-styles.905b2cdbf3c642aad946.chunk.v6.j
Source: 3e87be93f887937a_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/officehome-async-styles.c8a41d69674f50299790.chunk.v6.c
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.js
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.js/
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsH
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsHP
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsa
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsaD
Source: 35e53ccd3cabf975_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~action-context-menu-rc~app-gallery-rc~appbar~cc
Source: 0e751cd85ef9bf6a_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~action-context-menu-rc~app-host-component~appba
Source: 52ee4db59ff83c5f_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~app-host-component~appbar~cc~confirmation-dialo
Source: fa813c9ad67834ac_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-cache-expiration.prod.jsa
Source: fa813c9ad67834ac_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-cache-expiration.prod.jsaD
Source: f1cdccba37924bda_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-core.prod.jsa
Source: f1cdccba37924bda_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-core.prod.jsaD
Source: ba23d8ecda68de77_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-routing.prod.js
Source: ba23d8ecda68de77_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-routing.prod.jsaD
Source: 67a473248953641b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-strategies.prod.js
Source: 67a473248953641b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-strategies.prod.jsaD
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-sw.js
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-sw.jsaD
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/3.6.3
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: index.txt.tmp.0.dr	String found in binary or memory: https://www.office.com/
Source: History Provider Cache.0.dr	String found in binary or memory: https://www.office.com/2#Office
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://www.office.com/sw?cdnDomain=res.cdn.office.net/officehub&workload=officehomea
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://www.office.com/sw?cdnDomain=res.cdn.office.net/officehub&workload=officehomeaD

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49742 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\1234a213-2489-4cfd-b9c7-327623f08c31.tmp

Jump to behavior

Source: classification engine

Classification label: mal52.phis.win@32/110@24/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,15692047485436063496,8923512637063361634,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,15692047485436063496,8923512637063361634,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62608233-798.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.156	b-0004.b-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.219.60	part-0032.t-0009.fbs1-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.200	dual-a-0001.a-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.205	accounts.google.com	United States	15169	GOOGLEUS	false
13.107.246.60	part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.163.85.65	eccfo1.eu	Sweden	12552	IPO-EUSE	false
142.250.185.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.238	clients.l.google.com	United States	15169	GOOGLEUS	false
15.236.176.210	microsoftwindows.112.2o7.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
sni1gl.wpc.gammacdn.net	152.199.21.175	true
accounts.google.com	142.250.185.205	true
eccfo1.eu	185.163.85.65	true
dual-a-0001.a-msedge.net	204.79.197.200	true
microsoftwindows.112.2o7.net	15.236.176.210	true
sni1gl.wpc.alphacdn.net	152.199.21.175	true
part-0017.t-0009.fbs1-t-msedge.net	13.107.219.45	true
b-0004.b-msedge.net	13.107.6.156	true
part-0032.t-0009.t-msedge.net	13.107.246.60	true
HHN-efz.ms-acdc.office.com	52.98.175.2	true
part-0032.t-0009.fbs1-t-msedge.net	13.107.219.60	true
cs1227.wpc.alphacdn.net	192.229.221.185	true
clients.l.google.com	142.250.184.238	true
FRA-efz.ms-acdc.office.com	52.98.207.226	true
googlehosted.l.googleusercontent.com	142.250.185.65	true
consentreceiverfd-prod.azurefd.net	unknown	unknown
www.office.com	unknown	unknown
support.office.com	unknown	unknown
outlook.office.com	unknown	unknown
substrate.office.com	unknown	unknown
assets.onestore.ms	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
mem.gfx.ms	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
static2.sharepointonline.com	unknown	unknown
c.s-microsoft.com	unknown	unknown
clients2.google.com	unknown	unknown
templates.office.com	unknown	unknown
support.content.office.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
portal.office.com	unknown	unknown
acctcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.office.com/	false		high
https://mem.gfx.ms/meversion?partner=office&market=en-us&uhf=1	false	Avira URL Cloud: safe	unknown
https://eccfo1.eu/static/icon_check.png	false	Avira URL Cloud: safe	unknown
https://www.office.com/	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://eccfo1.eu/favicon.ico	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://mem.gfx.ms/meversion?partner=officetemplates&market=en-us&uhf=1	false	Avira URL Cloud: safe	unknown
https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s	true		unknown
https://mem.gfx.ms/meversion?partner=SMCConvergence&market=en-us&uhf=1	false	URL Reputation: safe	unknown
https://mem.gfx.ms/scripts/me/MeControl/10.21162.3/de-DE/meBoot.min.js	false	URL Reputation: safe	unknown
https://templates.office.com/	false		high
https://mem.gfx.ms/scripts/me/MeControl/10.21162.3/de-DE/meCore.min.js	false	URL Reputation: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false		high
https://eccfo1.eu/static/Background.jpg	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/scripts/me/MeControl/10.21162.3/en-US/meBoot.min.js	false	URL Reputation: safe	unknown
https://eccfo1.eu/static/windows_logo.png	false	Avira URL Cloud: safe	unknown
https://mem.gfx.ms/scripts/me/MeControl/10.21162.3/en-US/meCore.min.js	false	URL Reputation: safe	unknown
https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s	true		unknown
https://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1	false	URL Reputation: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\4fe305bd-4cd5-48ac-b3dc-991f8423fdbc.tmp	ASCII text, with very long lines, with no line terminators	E8584CCC7F4AED90F9A70786B29E3646	6A0AE472B7CE6AA57B7CE2223DE467081524DF88	B479A896E840E30DF2FEA1697AD017DD0492991854037CCB2ED9C4A254F7A508
C:\Users\user\AppData\Local\Google\Chrome\User Data\61e17c56-b10f-4dfa-9a50-44046654a80c.tmp	ASCII text, with very long lines, with no line terminators	2BE8E2CF15DAF5D684D1434764E5F9EE	DB18D64ACE87257B2F403FE9AA35CD2DDEB47C31	1B4EFB4455A2A0AF27B830D9C173F5153C12BA76832EF9B5B72AA636DE632310
C:\Users\user\AppData\Local\Google\Chrome\User Data\6323971a-2b81-4c64-8465-44468cb28825.tmp	ASCII text, with very long lines, with no line terminators	9C1AFDA90BA2DBD62DA28D8A6408E711	101E2141DDD2CB3E4EC8B8E7FF4D381E3612149A	A407FE82BC180F95C5B851E5D15851F563C46C1036D172A924A726C5BE84858B
C:\Users\user\AppData\Local\Google\Chrome\User Data\94b3f03e-7aaa-43fb-8305-d87175143b7d.tmp	ASCII text, with very long lines, with no line terminators	8011704B283B328A5D62FA6C8DE94F53	314A9162F3A794FA3F1AD7891322E3065CD183A0	B90DE76C2228224D5B576A77908317BB4D4531D4B31AEC348437882B4858C600
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	BD4642AD6C750A12D912B20BCB92E14D	C549F0F48FDD4FBC62E51AC26D7E185160CE2123	4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\145cb28e-b790-4936-855b-40d3ed8d2289.tmp	ASCII text, with very long lines, with no line terminators	A16553A5743A16F1F57BB92BD06451E6	73350BEF0088B5E74EC8A7C491E28D79A8FFC9E9	59C2D71D5E2579C92EFAE3A1E79486F48CD64477CF584496ADAEC5EAF5864BD0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp	ASCII text, with very long lines, with no line terminators	EDC4A4E22003A711AEF67FAED28DB603	977E551B9ED5F60D018C030B0B4AA2E33B954556	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1dd6d89e-a1f2-456e-be89-f2845c3e964b.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	022339B91F6F9D8D820A078332798304	68A0A8E149817CC7CAB25185DF6CC8D592B6A6E4	A0B302A653BCF665F4C6D53BDB57445AF562BACBA19F9E5198ABD94F95D2D720
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5b8cf716-36a7-485d-89e2-91de2f670f6b.tmp	ASCII text, with very long lines, with no line terminators	4EF7CDF7524898A4F8FF50DE047E11F3	08473D28163D513833BFA5C1A58F507FECA29CA2	F43B03C4ED95F7E86925DAF7BFBE98D9F5A32B842DB7C432124D601825988199
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\78666485-5444-4616-bd84-43a9137943c4.tmp	ASCII text, with very long lines, with no line terminators	A78D8E8DF193DD4508CB84AF9A5F2E52	6E22F29A359DBC3CE3BBB2100A7DAFAE9F52183B	F159565B5CB638A29508FB3A2817B2C5F9301D1990994524695CC48525DC57B3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\93c1721e-d7bf-41cb-828d-55de63d123b1.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	7A84F3B46F56B721F2B50E059C575BAB	8B4827D27B830E1409FBDB54E73EA7EDBEF1A476	26175D4ACF08CFB115BFFF32C22BDE08B5743D78875DC34AE641BA89EB6A99CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94528073-bfb7-4e0f-a64c-3c3f1024fd08.tmp	ASCII text, with very long lines, with no line terminators	2CCECBD318DED9FB77DEFF68F56975A6	B571743A98DF089CF5DA8B43C32231A4E24950C5	DB0CD1C558D904B50AE483D635C477AE48550242AFD7846675949F192EDCFEF4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	38E9FF2CDC51EF1CC87C6E2113E9DF64	BD8A423B1B842E85A57E4B9B1D66EE8FC8FD9006	E7E3255AB33D2DC46984C67FB8C9E95500C8D85180E95B093303B1BABBE74D20
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	38E9FF2CDC51EF1CC87C6E2113E9DF64	BD8A423B1B842E85A57E4B9B1D66EE8FC8FD9006	E7E3255AB33D2DC46984C67FB8C9E95500C8D85180E95B093303B1BABBE74D20
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	2ADDF4049E0AFB14A765E6CD98796CA4	DB74A261D9CE9021C305A0A5723383FE8138C888	9D12E12CF7E45324123DBD5941BBDFB06E91A85BC475CAF9D45D4C8E1D9BA9F7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\000003.log	data	2B612B6F986CB950500C8472F54F8989	054F05C02194E35CE259FD90D07E3DEC428F55DB	835140B43EB1530060D63DD318807914FD4841597899EAD618FA38ED577976D3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\000005.ldb	data	746B5E0966C76AAB3C579BEDB55804C9	168CB3DF94710803124C0DE40F3748C36ACC1AC2	165C7D859A2DB95E0A82099B7918B69197031EEAA87D6B9955F0C6C04F5D7025
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG	ASCII text	709E450DA2BB46885FF408849B08AF54	A4B78FAC828B62517A45152CFB63C7DEAFBDFA06	F760682638CE1E59E5608E2B0557091EACF25DC20F66FBE5E2733EF5A7A68665
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001	data	E914C8DAF5C12309C2B374E6EBB2B26C	98C2254FA4657A03640D5C46A7815FFF76967AB2	0D48803BC7952C7C4D0D2301EF1594802458EAB2F41867F55F1E4CB54188E969
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	C73594C16AE59E9744D28A56F95173F4	3B97EB066B7D18E45B8551F4D44A7FE662B7005D	73AD5FE7B9A05E92F292513D46981027DCC93DC0DA5C04C8FC6DE85D81FC0EA4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	4EF7CDF7524898A4F8FF50DE047E11F3	08473D28163D513833BFA5C1A58F507FECA29CA2	F43B03C4ED95F7E86925DAF7BFBE98D9F5A32B842DB7C432124D601825988199
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	CF01D0E78B0934D9586C0173A8ADC45B	3A4F94C30439AA00BFA5D2D619C1C0268F8D92F7	81CAE8631D027C58E8DA0AE758861F0CC7988D17D64F8050497C38F0D6BD34BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\0e751cd85ef9bf6a_0	data	5215A94205B895F85A24FFD6DBBE3D99	F1CE2402995B1F0E95C745E4E81EF017ADE63881	50211341F52C10018AE4630BB154774F865187B5B440806711560EF0233D7079
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\1e33ede7037c06b6_0	data	C5C36B26BC0E6CF68D9E5609200AD1F9	AC06CF20A5588AFD96B13A4D4EA335DF065E31E0	D8C8884AC74AD3835F0C792D2D048CE26FD6E5EF32EF9831AC337CD39415201D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\2cd1b97aa306dd0f_0	data	FB8EC7ADD81EC5275218C936EF4C3698	E6CD7013B69BD7A9E6CB093F78BAC16BE32E5197	E1222DA5EA8ED9892FE12CBA28B8B7F11E41C8198E84115768DB3E225A03287A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\35e53ccd3cabf975_0	data	1112A5D715DB8D41F5EBA637ED6951EA	75F3E2345CC5E4DD7CFC9A184977FC5E29A9D642	D9A676A839DC3382F6C9E7952E39CFC995BF85F5D275F8895F4FF3381C1447D0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\3a82c52a9f5c535e_0	data	0054AB861CB42E243D2E7E99D34CDF7B	E0111B8650F881CC8EF2D69376E07957F76B9565	E4CA8359A183EAF371675B734975D5B2CC9F9396A9F5883BC22C3A3BCE3A5AC0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\3e87be93f887937a_0	data	A281CF1F19B45A98B4B89FDC74464C99	F7826B0A90DF8608772FADC9069B5EDDEC87C10D	171FE3FC99FDE51A191B600514521C6F4D69E843954DDD4683F00D52BD4B130A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\52ee4db59ff83c5f_0	data	36E96E3F69B2ABAA9E9836D3D8C5B69C	4ABB7BF7CD0D3753DC24BEFEBFA7BA74DD7F8211	25EBBA26A02EC2D5FD44C19CE1CB14161A00CFBBB73A44A88568587A2F273C90
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\53732ab194a6f092_0	data	3DC3F2CA22958BEF3C5D849F171742C6	7971A664683EBB0BFA0F6D4E36B0D79320769255	A43971531C0D325EF3CEC72F3D952099AC8CE60C3D87F3F88F7D05FAB484ED09
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\55bd6a192a835d40_0	data	D693E28EBBC401349163CF81958EB1A8	7BEB957ABF0DB496F8E7F2F9430FEFA29B5FF217	E7B555921B6416A4E098691E81FE55E49C76FAE6E6AD461ED30E35D18405F432
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\78f8433443804b69_0	data	DF3C892ECC1502A292CB6EE0983BD9CB	E1B5AB48BEDA3C1E9660B8B402F2146BF842E779	826EDB358EEDA9C17170461F023C5B949402F837FCF33CD566D5B23A26F6FF79
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\9bb2c13ad1549e8b_0	data	FFFADD53682C09C6EB2E918A62086EFB	74EACCF3630CE978BFF7BCC6B0F3868BFD234194	6606E97EC6D2ED90121E3B01836EA2EF940218DB9CC201EB8C828886DF5AC2B8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\9bb2c13ad1549e8b_1	data	C852F90977EBB472A89AEDB1081358A3	419DC6A4858BDBEFCE81647C6EB57D8BB9B73FF1	588F34DB372D277F3480AA1018B29E3034B57EB71A2AF825990B8E2C6F792649
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\a550abe32264d142_0	data	6E6AD0B5A90363441E9512FE6CD767FA	11DB70DCB51F31F1793EF8043085059F1A137F55	9781D9833B47338BC6D1A9DB6DC27FFA555DB73929FB8CC513D48C4640037B92
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\c4cda97bb6908608_0	data	CFCD27FBF20B98392D91E17B11ECAFD7	38ABCB598E1AA3B23F7954DE17A91F2DED1DF219	5E327B0D4AE74C47285480752C066B33AB8F4C15558FA01F076B425D3A0EE28F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\d2ec45260bc56989_0	data	01A12ACA75EB823D3810B1853572B7B8	8DB539C9DAF1F87F2E84F68AD31803A81E19CCB1	E8B11854903F41FA2563E05438CF32FC1E9A54C48A30BB133728C288CC59F352
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\d41d89949079b45d_0	data	D126D77D1130F9EB337E95B3AFEAA1DD	21656978BAC2B81F686BCC5FB2F7EE0FFEB23768	82FB77B8F1C34FCAB1E0F64E4F08B2D6C0104B2753D75A20D2A96A19156DA09E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\ef132878ad19e2a9_0	data	667AD2954A906AEDE66DE159F5604D9F	290A0051149221F3E4C60E1BC147F2CAE75CC0A3	E4EFC3BD726D87DFCEDFD5A1B318B8D6F5373B1CD64AF708BAF2F07F5B2526D1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\index	ISO-8859 text, with no line terminators, with escape sequences	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\index-dir\temp-index	data	F03B4093305EFFE2AC16ECDDF31FBBEC	0C217EB169E50737F7193CCA0E807A3A5678E161	79A27AF0A8FEB7A5839DE824CE4917B68A19D224BAC2CB944B19D0D71916B810
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\0d0342b3-e754-4bee-ab63-7f38f579838f\index-dir\the-real-index (copy)	data	F03B4093305EFFE2AC16ECDDF31FBBEC	0C217EB169E50737F7193CCA0E807A3A5678E161	79A27AF0A8FEB7A5839DE824CE4917B68A19D224BAC2CB944B19D0D71916B810
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt (copy)	data	82086C2013CD36029619CEFD70978F47	45520E25FCAFDEC076CF473E6644CC0FAE584ADC	5271B1FE5F36CB48A098D05341D87A28F85F2B3D3A0C32F8B8027EF0B6968998
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt.tmp	data	82086C2013CD36029619CEFD70978F47	45520E25FCAFDEC076CF473E6644CC0FAE584ADC	5271B1FE5F36CB48A098D05341D87A28F85F2B3D3A0C32F8B8027EF0B6968998
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0	data	D854561F145911FF58CA05824FBACEBD	405161E3F95A1E29CC7AE30F0F57D74FBF685BCF	4FBD677E973C25419E2378E6C3AC5493597F8AE01C2AB124497965B14BF3D52A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0	data	BDD443C94AB7AE2BBD453A7A03F2369A	C9BD358084360F947F5B43C31225CC400888661D	B7CBE3DAF45231F53091C100C9ED8B1E71F51554B39F5598FB14B72C9C646A28
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1	data	F8D8487FA3E34F3E2A01FB8E60CC2707	3DFC963716B4EEF7CD56106C98563EDDF654ADFF	6D35C018C58BBB2D9E3D7DBA8B4D95A0B6B6283F5562972D6FC90ADB421ECAEB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0	data	EE6CCC9A74D8E0389079705E4A5CFBDA	69CB6048A88485C0AFF4132276A658436C5018A5	00792EE0C095BF61FB291C380C5A5CC5C165F95D1EA2F82FE6CB1D186E00BA99
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1	data	2B9E000C0BF2FDA4DA203D38EA7D0499	3BD825F8E9AE33D1F021B4017C2BF0B6509D1BFD	500D22A986890B1A21CBEC0C224C30A3DCCA8BA0116150B0AD737C9F187A0C92
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0	data	5BFF64EC6507E003B3B2E0946AA6671D	C800A7810ECF1BB7A97E7257E89744D3575FE0CE	EE4D3BCAC7992A122B0C96E5D2AAF6925D8F6D4DE88AA070A5D994B84D6DC230
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1	data	59C153032915AC650B3D478DD6457FDD	ED6EB4732086291A7C24B054980195A102B964EC	DB71EBCA65B5076945EFA22A1215A207F9048042C8F2E40B717736D019991B72
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0	data	CCD4E53FD5B5914A1A0895F23EBD471F	9C9A7FE39C0C9B501B8DE0250251C659C9176628	E143BEAE6C7A10B7BD4608D32805C04759EC0CFFCA0A41403D73EF61C6B88B47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0	data	ACDB434E442FFC7F239B7F3ABE7F6DC7	2A6A2A546BDD1DA53355FAEBB198AE9C7FB4B2CA	6A046EE4551F703E9026084E62589DC05A73D6D4DD32AE68012663983AB00BE6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1	data	F9D6130493518F30F746E7595EDFAA23	303DAA73B33ABB4CE84E429BAE466EFDFE93027C	3EA3E9FD7395631929C0A5B07452813A50D3BBF0E21ACC8EEABF46928B59C35C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0	data	D4AF8E92F22F94F7B8074AE08B2A782E	A983D5DFF5303082075E3017485C4BDCB6DA0736	BC29196E5E3594059B0E636825C6D811C72F69C1DF9D4428F01FA5633A8949BC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1	data	36C0D3875FAF8A0212419FC3BA446500	13063274226D17F5BE15B416C3F98C56F45895A6	7FD2EDD8EB2C751575C8E0630287BD9A49D54617579AE317E45C035A0FDF818A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0	data	CC25C7AD7DE01C47A30A7415652A7A30	7C3D37F84CB383ACD0E07DF7407D0C2E884854D8	4001F0B96EFABCBDEECDAC5BA648648C7B7E0FFC73A732895D867B1DB9B8224F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_1	data	D278A233EBD2FFE7C1223D6867AE9890	64F38B0BEBD68E688C330CF684D79E3F74AC242D	13CA55605786D26BDC1992EB85E016C6EC023A29E32DC1458040D276B45262CF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index	ISO-8859 text, with no line terminators, with escape sequences	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index	data	50066C5C90E86244BB05CF9D01B54C29	38C57D0670700AAE12503C3235AE103D9D5C3E34	BA68FD22C6E5687301080596F2D84FA6E91204A6E11B41C254F7EB2BD05056D0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)	data	50066C5C90E86244BB05CF9D01B54C29	38C57D0670700AAE12503C3235AE103D9D5C3E34	BA68FD22C6E5687301080596F2D84FA6E91204A6E11B41C254F7EB2BD05056D0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	C401B619D9D8E0ADABC25A47EE49CFBA	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\c7ba09d0-7de1-45fe-8a56-3a1f445c67f0.tmp	ASCII text, with very long lines, with no line terminators	C401B619D9D8E0ADABC25A47EE49CFBA	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a00eaedd-82e7-4c5e-8703-57aace39a25b.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a7f25781-8835-4354-8261-dd4a66ab299e.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	CF01D0E78B0934D9586C0173A8ADC45B	3A4F94C30439AA00BFA5D2D619C1C0268F8D92F7	81CAE8631D027C58E8DA0AE758861F0CC7988D17D64F8050497C38F0D6BD34BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp	ASCII text, with very long lines, with no line terminators	C73594C16AE59E9744D28A56F95173F4	3B97EB066B7D18E45B8551F4D44A7FE662B7005D	73AD5FE7B9A05E92F292513D46981027DCC93DC0DA5C04C8FC6DE85D81FC0EA4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ed6e3fa4-d9c5-40c2-bcc1-f2b65fdf2de3.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	63540CACE36211BD72A3B321E03797DE	745C009AA4442B2AC866C56A5C5C37318A83B97C	3D851A1FE996307990FDA1B7FF00CC604732AAF28058C5FEC7F084FA019BEE87
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	2BE8E2CF15DAF5D684D1434764E5F9EE	DB18D64ACE87257B2F403FE9AA35CD2DDEB47C31	1B4EFB4455A2A0AF27B830D9C173F5153C12BA76832EF9B5B72AA636DE632310
C:\Users\user\AppData\Local\Google\Chrome\User Data\c65f6f81-39d9-44c2-84ea-46bc673fea40.tmp	ASCII text, with very long lines, with no line terminators	8011704B283B328A5D62FA6C8DE94F53	314A9162F3A794FA3F1AD7891322E3065CD183A0	B90DE76C2228224D5B576A77908317BB4D4531D4B31AEC348437882B4858C600
C:\Users\user\AppData\Local\Temp\1234a213-2489-4cfd-b9c7-327623f08c31.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\51072a29-ea6b-494e-9813-3bdf92f6a799.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\6828a631-52be-44c0-b741-704acd7a140b.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\1234a213-2489-4cfd-b9c7-327623f08c31.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\bg\messages.json	ASCII text, with very long lines	D7A97183BCBD5FB677AA84D464F0C564	CDBB279B864E2C0A51E0892B8714131802586506	76EFAD74EB8256B942727C42261147EB9CCA48DA284DB3CDCE5DC6A3B4346F02
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\ca\messages.json	ASCII text, with very long lines	58BA5F65ED971591D1F9D81848EE31D0	BDA3C8B74653334FC8F060CAFBCEA58DF0113AB7	CDD91587F5AF2C865776B36A5E9A07B10D21B9D911DE0B814B7A1E94B14AE885
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\cs\messages.json	ASCII text, with very long lines	43161EFFA28A0DBFC67B8F7DBE1B5184	FE0A9235A59B51B7F564F14FF564344927F035B8	3A04421DF5218E8ABD3B0E2AFE11E8338D7BDCBCD1ADB122416944B102BC9696
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\da\messages.json	ASCII text, with very long lines	31264DDBF251A95DE82D0A67FA47DB3A	3A48DC7AF26A153594C7849E1D92AAC31296459B	EDB51898A6C73D0090D6916B7B72EBAC71E964EABB5BA7CD68E21966024F0D23
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\de\messages.json	ASCII text, with very long lines	7639B300B40DDAF95318D2177D3265F9	BF9EFDF073231CB3FCFCA5CCCA25B079ECFC45BD	356A9D4ADFEC484DA824E7A72059B724B1686FC90082F4A4B667630436D593B0
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\el\messages.json	ASCII text, with very long lines	3026E922B17DBEE2674FDAEE960DF584	76602B1E3449F1B67DE42FD31A581B0821BFEFF0	876845B5A061FAB3CF2A1466E01015DC40DF8449F1CB4205F575CEBED8717BAD
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\en\messages.json	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\es\messages.json	ASCII text, with very long lines	3F4B0F56C2839839FC3E3270ED4CB7B6	0D74EA655EAE3990E95BD26F6E1467EDF3EB3478	1912EA5E0A62BBC669DC14AB5A5BD5514B0502C483EE1F27C3F8834384187079
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\es_419\messages.json	ASCII text, with very long lines	1FD5DAF46C4D7C4F571C263EC37B943B	A57EE5EF6861F88005C2230EA3D633A1B4CA105A	BCC2CF06F66E9E3BB4B7887D0EE0AE4A72A6C49F4B2A578A7733B78208984417
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\et\messages.json	ASCII text, with very long lines	0293A7BAE6EEE62C4067A80E262D6A2D	E76B07BD49FFBBFB6841B7335CBE7A9620714402	D06F20D4D68D1DBB89EF7D8E405D9499CB2EB2560217CD5B4A51AB1DD50CAB44
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\fi\messages.json	ASCII text, with very long lines	E5BBE7DBBE75F45BDCD49DB8C797106E	0F069D7D19768180945F0D8B67DC71262FD586A2	BFFB2248B4C66306133FA6ECBB1541F44B3BE22CC8D9A338D690E0B1D0C85532
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with very long lines	658DAD2AF2DC3AC1567D84E8B95F68B0	EE1121215960EC5ED5F7B6BDB8E4680731EBF83D	978BA6D814CF290016833BBAC22DC7C05C2C575B1D6429B9BB14F8C2156BCF29
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\fr\messages.json	ASCII text, with very long lines	1E32A78526E3AC8108E73D384F17450B	BFE2E47D888BA530A27DD1BDE25C46433C2A545C	80F6EE69F1E022812BCCC1DE1CDC53772CDF90F4E93224161B23FA607D45136A
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\hi\messages.json	ASCII text, with very long lines	B739E3B798D3EEB8AFB3E368455A8E97	56E206DD0AC7EB7B179911BE3F7DD78059CBD4F3	BA7A53A1398168719F2ACD58CC5FE06AB0B769ECA896D70E7208B18085B42FFA
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\hr\messages.json	ASCII text, with very long lines	9CF848209FF50DBF68F5292B3421831C	D29880B7B15102469123D8747BF645706CE8595B	EA1744C3CFBAA684A31A00067E8493ED114EFF3E878C797C9C55A7B122D855CD
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\hu\messages.json	ASCII text, with very long lines	4AD92AFDE3408FBBE43B0C3C71677650	3488901077F336A3196F9AE116E36DF1674E1ACA	61258FE04C23AE14FDC99EE846CEA71CC703990CC0F80C3934299646E86C475E
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\id\messages.json	ASCII text, with very long lines	9008516AA1D8F8C2B8ECE70B7E4963AD	EA7AD4BE77A80A4B9FB1E59A340010830E494747	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\ko\messages.json	ASCII text, with very long lines	3CAF23A8EA2332D78B725B6C99EC3202	95C3504F55A929449EF2E3AB92014562AACD39AD	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\lv\messages.json	ASCII text, with very long lines	1D21ED2D46338636E24401F6E56E326F	24497EDB25724BC4A57823C5CD06F50DB9647DD4	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\_locales\nb\messages.json	ASCII text, with very long lines	8F0168B9A546D5A99FD8A262C975C80E	B0718071BD0B7251D4459E9C87DF50C14622FBD6	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
C:\Users\user\AppData\Local\Temp\scoped_dir1944_1052436790\CRX_INSTALL\manifest.json	ASCII text	6CA25F3EF585B63F01BCDF8635120704	00C063811E31EA5F9A00F175A71EA25E7821F621	49D9DE983F7436BA786E6E04A5A20C10F41687AE06B266B1B6553F696719563D

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on image similarity)

Source: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

Matcher: Found strong image similarity, brand: Microsoft image: 13434.0.img.3.gfk.csv A5DBD4393FF6A725C7E62B61DF7E72F0

No HTML title found

Source: https://www.office.com/	HTTP Parser: HTML title missing
Source: https://www.office.com/	HTTP Parser: HTML title missing

Source: https://www.office.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.office.com/	HTTP Parser: No <meta name="author".. found

Source: https://www.office.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.office.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49742 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50165
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s HTTP/1.1Host: eccfo1.euConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/windows_logo.png HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/icon_check.png HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/Background.jpg HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: eccfo1.euConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5sAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/Background.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET /static/windows_logo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET /static/icon_check.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: eccfo1.eu
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.office.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=office&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.office.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sw?cdnDomain=res.cdn.office.net/officehub&workload=officehome HTTP/1.1Host: www.office.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: OH.SID=f0c36293-6b4d-4da0-acec-3188508b41e6; OH.DCAffinity=OH-weu; OH.FLID=dcc9a78d-5ce4-4bf8-bc2c-2745c3d2072c; MUID=0AB22FE83C71638E10A33E643D0A6238; MSFPC=GUID=587d50bfc2a149aca238a67d4b7ec83d&HASH=587d&LV=202204&V=4&LU=1650459569395
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.office.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c.gif?DI=4050&did=1&t=&CtsSyncId=B1BED8FFFBD34A5C951B4273A8E67A1D&RedC=c1.microsoft.com&MXFR=376D41D8FED76C0E172E5054FAD76A18 HTTP/1.1Host: c.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=MSHomePage&market=de-ch&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/de-DE/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/me/MeControl/10.21162.3/de-DE/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-aliveOrigin: https://www.microsoft.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/de-ch/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=officetemplates&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://templates.office.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/en-us/office?ui=en-us&rs=en-us&ad=usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 20 Apr 2022 12:59:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 77Connection: closeX-Frame-Options: SAMEORIGIN

Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://api.onedrive.com/v1.0/drive/root
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, c7ba09d0-7de1-45fe-8a56-3a1f445c67f0.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://dns.google
Source: History Provider Cache.0.dr	String found in binary or memory: https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s2
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://r5---sn-4g5edn6r.gvt1.com
Source: b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: c4cda97bb6908608_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/0.1084f963ccf1e5efe263.chunk.v6.jsH
Source: c4cda97bb6908608_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/0.1084f963ccf1e5efe263.chunk.v6.jsHP
Source: 1e33ede7037c06b6_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/1.fd278158fa9d8b20bceb.chunk.v6.jsH
Source: 1e33ede7037c06b6_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/1.fd278158fa9d8b20bceb.chunk.v6.jsHP
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.js/
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.jsH
Source: ef132878ad19e2a9_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/11.798076ff0c72108d10d9.chunk.v6.jsHP
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.js(window.officehome_we
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.jsH
Source: d2ec45260bc56989_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/2.56c3466450fa3caeadef.chunk.v6.jsHP
Source: a550abe32264d142_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/3.ea9cbde63ad89ac51218.chunk.v6.jsH
Source: a550abe32264d142_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/3.ea9cbde63ad89ac51218.chunk.v6.jsHP
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.js(window.officehome_we
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.jsH
Source: 78f8433443804b69_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/4.34c0ddb1f9655892d176.chunk.v6.jsHP
Source: 3a82c52a9f5c535e_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/6.bb3c64a464eb6c7e03fb.chunk.v6.jsH
Source: 3a82c52a9f5c535e_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/6.bb3c64a464eb6c7e03fb.chunk.v6.jsHP
Source: d41d89949079b45d_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/7.9525c69adf30ccb6bbe7.chunk.v6.jsH
Source: d41d89949079b45d_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/7.9525c69adf30ccb6bbe7.chunk.v6.jsHP
Source: 2cd1b97aa306dd0f_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/officehome-async-styles.905b2cdbf3c642aad946.chunk.v6.j
Source: 3e87be93f887937a_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/officehome-async-styles.c8a41d69674f50299790.chunk.v6.c
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.js
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.js/
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsH
Source: 9bb2c13ad1549e8b_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsHP
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsa
Source: 9bb2c13ad1549e8b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-2b087f173d4bf7a684cc.jsaD
Source: 35e53ccd3cabf975_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~action-context-menu-rc~app-gallery-rc~appbar~cc
Source: 0e751cd85ef9bf6a_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~action-context-menu-rc~app-host-component~appba
Source: 52ee4db59ff83c5f_0.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/bundles/vendors~app-host-component~appbar~cc~confirmation-dialo
Source: fa813c9ad67834ac_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-cache-expiration.prod.jsa
Source: fa813c9ad67834ac_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-cache-expiration.prod.jsaD
Source: f1cdccba37924bda_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-core.prod.jsa
Source: f1cdccba37924bda_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-core.prod.jsaD
Source: ba23d8ecda68de77_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-routing.prod.js
Source: ba23d8ecda68de77_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-routing.prod.jsaD
Source: 67a473248953641b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-strategies.prod.js
Source: 67a473248953641b_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-strategies.prod.jsaD
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-sw.js
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://res.cdn.office.net/officehub/versionless/workbox-v3.6.2/workbox-sw.jsaD
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 4cb013792b196a35_1.0.dr	String found in binary or memory: https://storage.googleapis.com/workbox-cdn/releases/3.6.3
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1c24b8db-b3a5-4ee8-bec0-cf737a423ed5.tmp.1.dr, b549085d-74d3-46da-a233-cd98b3b9bbd4.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: index.txt.tmp.0.dr	String found in binary or memory: https://www.office.com/
Source: History Provider Cache.0.dr	String found in binary or memory: https://www.office.com/2#Office
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://www.office.com/sw?cdnDomain=res.cdn.office.net/officehub&workload=officehomea
Source: 2cc80dabc69f58b6_1.0.dr	String found in binary or memory: https://www.office.com/sw?cdnDomain=res.cdn.office.net/officehub&workload=officehomeaD

Source: unknown

Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.163.85.65:443 -> 192.168.2.3:49742 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\1234a213-2489-4cfd-b9c7-327623f08c31.tmp

Jump to behavior

Source: classification engine

Classification label: mal52.phis.win@32/110@24/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,15692047485436063496,8923512637063361634,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,15692047485436063496,8923512637063361634,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62608233-798.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

ID:	612086
Product:	CloudBasic
Start time:	14:58:07
Start date:	20.04.2022
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report
https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://eccfo1.eu/1f34fac4-2ab4-4dfb-8248-a8cdec56b8f9/bS5iYWtrZXJAYnBkLm5s