Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es
Analysis ID:	1284320

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Multi AV Scanner detection for submitted file

HTML body contains password input but no form action

URL contains potential PII (phishing indication)

Invalid 'forgot password' link found

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 2720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1772,i,3602196203602994155,3050669248251571778,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

Virustotal: Detection: 8%

Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es
Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	Sample URL: PII: rramis@isciii.es

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: Invalid link: Forgot password?

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: Number of links: 0

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: Title: JDN Access does not match URL

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: Invalid link: Help

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: <input type="password" .../> found

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: classification engine

Classification label: mal56.phis.win@23/37@10/136

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1772,i,3602196203602994155,3050669248251571778,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1772,i,3602196203602994155,3050669248251571778,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	9%	Virustotal		Browse
https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d26p066pn2w0s0.cloudfront.net	13.32.27.14	true	false	high
accounts.google.com	142.250.184.237	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
access.jdn.de	212.23.144.169	true	false	unknown
www.google.com	172.217.16.196	true	false	high
clients.l.google.com	216.58.212.142	true	false	high
ipfs.io	209.94.90.1	true	false	high
clients2.google.com	unknown	unknown	false	high
logo.clearbit.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
216.58.212.142	clients.l.google.com	United States	15169	GOOGLEUS	false
212.23.144.169	access.jdn.de	Germany	12329	TMRDE	false
13.32.27.14	d26p066pn2w0s0.cloudfront.net	United States	7018	ATT-INTERNET4US	false
142.250.185.106	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.237	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1284320
Start date and time:	2023-08-02 11:44:21 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@23/37@10/136

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 34.104.35.123, 142.250.185.106, 142.250.186.42, 142.250.186.138, 142.250.181.234, 142.250.186.106, 142.250.184.234, 142.250.184.202, 172.217.16.202, 142.250.74.202, 172.217.18.10, 142.250.185.170, 142.250.186.74, 142.250.185.234, 172.217.16.138, 142.250.185.202, 142.250.185.138
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10867)
Category:	downloaded
Size (bytes):	12326
Entropy (8bit):	4.92464534065372
Encrypted:	false
SSDEEP:
MD5:	31FD0F6A8ECD71279D6788F44AF6B476
SHA1:	1C3DF3E17BF91EAF7872D5C4CAB8B6F5D969FC13
SHA-256:	578A4380E7CE5D200A66B5599CCED32D17451E9533510F9941BD5FE131A46E92
SHA-512:	09C810BA7749362F6D3725476200180AE8144D11CFA1362029151F469033DA082BEA6A6A8EB439B42A39E27819C0E627D2BFDC872A97BD974034D82A8E521FDC
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/client-578a4380e7ce5d200a66b5599cced32d17451e9533510f9941bd5fe131a46e92.css
Preview:	.icon-acc-filetype-code1:before{color:#4876B5}.icon-acc-filetype-code2:before{color:#4876B5}.icon-acc-filetype-data:before{color:#4876B5}.icon-acc-filetype-dll:before{color:#EB492E}.icon-acc-filetype-doc:before{color:#255999}.icon-acc-filetype-email:before{color:#4876B5}.icon-acc-filetype-exe:before{color:#4876B5}.icon-acc-filetype-file:before{color:#80397A}.icon-acc-filetype-font:before{color:#255999}.icon-acc-filetype-html:before{color:#EB492E}.icon-acc-filetype-image:before{color:#4876B5}.icon-acc-filetype-java:before{color:#255999}.icon-acc-filetype-keynote:before{color:#EB492E}.icon-acc-filetype-music:before{color:#4876B5}.icon-acc-filetype-numbers:before{color:#80397A}.icon-acc-filetype-pages:before{color:#255999}.icon-acc-filetype-pdf:before{color:#EB492E}.icon-acc-filetype-ppt:before{color:#F56E36}.icon-acc-filetype-raw:before{color:#1B7246}.icon-acc-filetype-rtf:before{color:#1B7246}.icon-acc-filetype-sharepoint:before{color:#4876B5}.icon-acc-sharepoint_followed_sites_folder:b

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (641)
Category:	downloaded
Size (bytes):	864242
Entropy (8bit):	5.3885680273249115
Encrypted:	false
SSDEEP:
MD5:	86F796956AF15770FB3B751380403013
SHA1:	BB39B11451A991924D69F9D36BF9519FDEB34678
SHA-256:	7592841BFF1B3B923888BBA18852C5DDC8BFB964BE0E73B36C54E2FCDCFDFA56
SHA-512:	64BE423157C499A3E76354A6692B0C96C777705E58423AFBA59E990C6EDAD5053B12A4B9F9CFADCE975AFF26EFCA5B50B0214F2D980D7600D3B3734066A4886E
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/client-7592841bff1b3b923888bba18852c5ddc8bfb964be0e73b36c54e2fcdcfdfa56.js
Preview:	/. AngularJS v1.5.8. (c) 2010-2016 Google, Inc. http://angularjs.org. License: MIT. WTFPL. @contributor_license Dojo CLA. jQuery JavaScript Library v3.5.1. https://jquery.com/.. Includes Sizzle.js. https://sizzlejs.com/.. Copyright JS Foundation and other contributors. Released under the MIT license. https://jquery.org/license.. Date: 2020-05-04T22:49Z. Sizzle CSS Selector Engine v2.3.5. https://sizzlejs.com/.. Copyright JS Foundation and other contributors. Released under the MIT license. https://js.foundation/.. Date: 2020-03-14. clipboard.js v2.0.6. https://clipboardjs.com/.. Licensed MIT ? Zeno Rocha. angular-translate - v2.9.0 - 2016-01-24.. Copyright (c) 2016 The angular-translate team, Pascal Precht; Licensed MIT. ui-select. http://github.com/angular-ui/ui-select. Version: 0.19.3 - 2016-08-17T06:16:41.345Z. License: MIT. Bootstrap v3.3.7 (http://getbootstrap.com). Copyright 2011-2016 Twitter, Inc.. Licensed under the MIT license./.(function(a,e){"object"===typeof module&&"obje

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65371)
Category:	downloaded
Size (bytes):	121809
Entropy (8bit):	5.103075937004214
Encrypted:	false
SSDEEP:
MD5:	6DAFF28F4DDF01BC961A8CB4D46CF94D
SHA1:	B3AAC8E6899F781661EEC405F974D08C0E8D9A9D
SHA-256:	B64AF21A8A65B545FBF92F634758257F60811EE396598DE3096C4A6F72BBD73E
SHA-512:	02B91AC1241577476293085F7FB279A6A46AD31BBB5BD210460085856C796AE95B92B1BF0E39F39AF729A811FB5C2A6FA8CD51E183BA352728691F6932026E7A
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/bootstrap/dist/css/bootstrap-b64af21a8a65b545fbf92f634758257f60811ee396598de3096c4a6f72bbd73e.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}h

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21257)
Category:	downloaded
Size (bytes):	22409
Entropy (8bit):	4.939531210346261
Encrypted:	false
SSDEEP:
MD5:	A873589879BE812201B272FED796A3FF
SHA1:	0C8BE936AE026B02AAB2DC93BB2F90A7DF6F333A
SHA-256:	1548651E8C9F66B584352422DABF38D9A57A0F8D584E5C900C5F830F8B4D035E
SHA-512:	91A03F7EB6C1E339DA029344F7545A7B33010426A38F503C2C16D2D3B132837B6F30F46983FEA29464C61DE32604171BC6B1495985CD4D73E4DA696FE4A81861
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/font-awesome/css/font-awesome-1548651e8c9f66b584352422dabf38d9a57a0f8d584e5c900c5f830f8b4d035e.css
Preview:	/!. Font Awesome 3.2.1. * the iconic font designed for Bootstrap. * ------------------------------------------------------------------------------. * The full suite of pictographic icons, examples, and documentation can be. * found at http://fontawesome.io. Stay up to date on Twitter at. * http://twitter.com/fontawesome.. . License. * ------------------------------------------------------------------------------. * - The Font Awesome font is licensed under SIL OFL 1.1 -. * http://scripts.sil.org/OFL. * - Font Awesome CSS, LESS, and SASS files are licensed under MIT License -. * http://opensource.org/licenses/mit-license.html. * - Font Awesome documentation licensed under CC BY 3.0 -. * http://creativecommons.org/licenses/by/3.0/. * - Attribution is no longer required in Font Awesome 3.0, but much appreciated:. * "Font Awesome by Dave Gandy - http://fontawesome.io". . Author - Dave Gandy. * -------------------------------------------------------------

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4538)
Category:	downloaded
Size (bytes):	4539
Entropy (8bit):	5.151439494525238
Encrypted:	false
SSDEEP:
MD5:	51E455571BDF656E5CFCF329471DA584
SHA1:	9214A60DECF91129404DB0884731205FAB9CBDF1
SHA-256:	F4788AA99C8EF9AE8D45E6E9F2CDE746D49D91AC006041E9BB2CE1FCF5D2C9C3
SHA-512:	DA37E06D0B1A825AC0E71BFF5583A5BCF9E5591715E73210A68C04F2D6E978F0F991B948422607D1531F87290F19848D474B6F5D776AF7C43F7A1EBF6093351B
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/open-sans-fontface/open-sans-f4788aa99c8ef9ae8d45e6e9f2cde746d49d91ac006041e9bb2ce1fcf5d2c9c3.css
Preview:	@font-face{font-family:'Open Sans';src:url("./fonts/Light/OpenSans-Light.eot?v=1.1.0");src:url("./fonts/Light/OpenSans-Light.eot?#iefix&v=1.1.0") format("embedded-opentype"),url("./fonts/Light/OpenSans-Light.woff?v=1.1.0") format("woff"),url("./fonts/Light/OpenSans-Light.ttf?v=1.1.0") format("truetype"),url("./fonts/Light/OpenSans-Light.svg?v=1.1.0#OpenSansBold") format("svg");font-weight:300;font-style:normal}@font-face{font-family:'Open Sans';src:url("./fonts/LightItalic/OpenSans-LightItalic.eot?v=1.1.0");src:url("./fonts/LightItalic/OpenSans-LightItalic.eot?#iefix&v=1.1.0") format("embedded-opentype"),url("./fonts/LightItalic/OpenSans-LightItalic.woff?v=1.1.0") format("woff"),url("./fonts/LightItalic/OpenSans-LightItalic.ttf?v=1.1.0") format("truetype"),url("./fonts/LightItalic/OpenSans-LightItalic.svg?v=1.1.0#OpenSansBold") format("svg");font-weight:300;font-style:italic}@font-face{font-family:'Open Sans';src:url("./fonts/Regular/OpenSans-Regular.eot?v=1.1.0");src:url("./fonts/Regu

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	3.061516628727445
Encrypted:	false
SSDEEP:
MD5:	29CC8CECD301500AA174D72508CEA723
SHA1:	7AAC8978AF36F7C03BF5DC5CBDCCE675F8327036
SHA-256:	1421B0DF7A6BD06DBD61B78C193CF410370011107245B1C2A1239F7D0E39B2CD
SHA-512:	7010C3A7A16D0EAAF995519371B276CA7123D09FB5478AF2BF2A115874340BC06EF905ECC74F6E6B746640312EDDA55DDC2C516E71E34D18111029C3672E2823
Malicious:	false
Reputation:	low
Preview:	............ .h.......(....... ..... .........................M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..d< ..s_.M ..M ..M ..M ..M ..M ...s_.zW?.M ..M ..M ..M ..M ..M ..d< .....yW?.M ..M ..M ..M ..X.......zW?.M ..M ..M ..M ..M ..M ..M .............................M ..M ..M ..M ..M ..M ..M ..M ..d< ......s`.zX?.zX?..fO.....zW?.M ..M ..M ..M ..M ..M ..M ..M ..M .........................M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..zX?.....zW?.d< .......o.M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M .......s_.zW?.....W...M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ...s`............M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..........W...M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..zW?..eO.M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M ..M

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (63760)
Category:	downloaded
Size (bytes):	63761
Entropy (8bit):	5.092023602687684
Encrypted:	false
SSDEEP:
MD5:	FC97CB50147D3501565D2ABF7416C89D
SHA1:	1F5A668826CF27B92873F346B3939A1A45BC4F4E
SHA-256:	52716529ECB237F733DC7CE76FB2BFE5F5D8EBD244795740D88325F40159D603
SHA-512:	43ADE595C318C9D8A0C461E08F2F56F268832779F360280655A810726994B8872805F480107E17B815E42BAB95EEC72B6168DBE507E01C588A19C8479372D47B
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/web_client_blue-52716529ecb237f733dc7ce76fb2bfe5f5d8ebd244795740d88325f40159d603.css
Preview:	html#login,html#login body{background:#0A326E;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=$mainLoginBgColor, endColorstr=$secondaryLoginBgColor);background:-webkit-radial-gradient(50% 40%, circle, #0A326E 30%, #02102A);background:-moz-radial-gradient(50% 40%, circle, #0A326E 30%, #02102A);background:-o-radial-gradient(50% 40%, circle, #0A326E 30%, #02102A);background:-ms-radial-gradient(50% 40%, circle, #0A326E 30%, #02102A);background:radial-gradient(50% 40%, circle, #0A326E 30%, #02102A);height:100%;width:100%;overflow:auto;font-family:"Open Sans", sans-serif;font-size:14px;color:#02102A}html#login body{display:table;padding:0 24px}html#login #sso_login{margin-top:18px;white-space:normal}html#login .main-outer{display:table-row;height:100%;text-align:center}html#login .main{display:table-cell;vertical-align:middle}html#login .header-image{margin:0 auto;max-width:520px;padding:12px 0}@media (max-width: 567px){html#login .header-image{padding:8% 0}}html#login .logo_

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.378783493486175
Encrypted:	false
SSDEEP:
MD5:	4C42AB4890733A2B01B1B3269C4855E7
SHA1:	5B68BFE664DCBC629042EA45C23954EEF1A9F698
SHA-256:	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
SHA-512:	0631C6EFD555699CB2273107FE5AF565FEC2234344E2D412C23E4EE43C6D721CB2B058764622E44FD544D840FF64D7C866565E280127C701CAAB0A48C35D4F5C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA0LjAuNTExMi4xMDISFwn1qHouAcBFOxIFDYOoWz0SBQ3OQUx6?alt=proto
Preview:	ChIKBw2DqFs9GgAKBw3OQUx6GgA=

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11985)
Category:	downloaded
Size (bytes):	12006
Entropy (8bit):	5.061061959093565
Encrypted:	false
SSDEEP:
MD5:	977B0A1F729CC13080115004FE5FC6FB
SHA1:	B3950E3073BF6CADEA17943D4C162C6E4899CB0C
SHA-256:	FD0F9012CDCE33CD144B954DF382E7474D06C4CF806FDDF240A71FFF0F1DF31F
SHA-512:	9313CC208F5748279FFDF8306DE4F90B83142EC85F4EB69FA8BB1B155DE01F3B0A738E228356B32A4639380BF6C5AF1B1630CDC41D2CED1D312355D092852721
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/font-access/style-fd0f9012cdce33cd144b954df382e7474d06c4cf806fddf240a71fff0f1df31f.css
Preview:	/!. Font Access. * -------------------------- /@font-face{font-family:'FontAccess';src:url("fonts/fontaccess-webfont.eot?v=3.2.1");src:url("fonts/fontaccess-webfont.eot?#iefix&v=3.2.1") format("embedded-opentype"),url("fonts/fontaccess-webfont.woff?v=3.2.1") format("woff"),url("fonts/fontaccess-webfont.ttf?v=3.2.1") format("truetype");font-weight:normal;font-style:normal}@font-face{font-family:'FontAccessFiletype';src:url("fonts/fontaccess-filetype-webfont.eot?v=3.2.1");src:url("fonts/fontaccess-filetype-webfont.eot?#iefix&v=3.2.1") format("embedded-opentype"),url("fonts/fontaccess-filetype-webfont.woff?v=3.2.1") format("woff"),url("fonts/fontaccess-filetype-webfont.ttf?v=3.2.1") format("truetype");font-weight:normal;font-style:normal}[class^="icon-acc-"],[class=" icon-acc-"]{font-family:FontAccess;font-weight:normal;font-style:normal;text-decoration:inherit;-webkit-font-smoothing:antialiased;margin-right:.3em}[class^="icon-acc-filetype-"],[class=" icon-acc-filetype-"]{font-fam

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 480 x 115, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18839
Entropy (8bit):	7.959488913057255
Encrypted:	false
SSDEEP:
MD5:	A3557E7017BDF01D23A01F2A2D0BEB78
SHA1:	16E92AF878EBBF85EC0BDB5986D782C4538FFFD9
SHA-256:	F311872A8743FC5E6B940B681388FCD7C7AAF62F686AED20EB542341A173A6B2
SHA-512:	A1A1DD949B4E94333FC81F0D52FC2C1B3D72F8D855C6042676E549DF4C31460D88A6ED55936B6993222949B32A57C141EBA580E6478BBC268C45DDB54FDEE636
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/customizations/acronisaccess_production/default/JDN_480x115.png
Preview:	.PNG........IHDR.......s.....@Q......gAMA....\|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.\|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u@~..(.. ...]..o..0 ~y...s..7.g...%...9.%(....3........H....@...C`...-p.n.......V..H.....@....A1....jP..A3h..A'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f.....z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (25306)
Category:	downloaded
Size (bytes):	25307
Entropy (8bit):	4.596696335719219
Encrypted:	false
SSDEEP:
MD5:	838314438A66C3919F6897F27B7BDC74
SHA1:	6F4E0444B8A2941B122E81236637C6D0ABC84C9B
SHA-256:	C3D45CCD927653E2A6C1129550969DCDC94D56BC1939600CA1B752AED2F0C0DC
SHA-512:	A6371A870A369171788EE978BD8798CAA01B4030CFA2E4433FA4E48F72E47BD79CAC79B5AE952B3F2051D2D68E079678B44F0892BAF32F93F9F529CFF6DC76D0
Malicious:	false
Reputation:	low
URL:	https://access.jdn.de/assets/ui-icons-c3d45ccd927653e2a6c1129550969dcdc94d56bc1939600ca1b752aed2f0c0dc.css
Preview:	@font-face{font-family:'iconfont';src:url("@uikit/ui-syntax/dist/fonts/iconfont.woff2") format("woff2"),url("@uikit/ui-syntax/dist/fonts/iconfont.woff") format("woff"),url("@uikit/ui-syntax/dist/fonts/iconfont.ttf") format("truetype");font-style:normal}[class^='i-']:before,[class*=' i-']:before{font-family:'iconfont';display:inline-block;font-style:normal;transform:scaleX(0.999);text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.i-a-logo--32:before{content:'\ea01'}.i-abgw--24:before{content:'\ea02'}.i-account-ab-o--32:before{content:'\ea03'}.i-acronis-cloud--32:before{content:'\ea04'}.i-acronis-storage-ab--32:before{content:'\ea05'}.i-actions-o--16:before{content:'\ea06'}.i-active-protection-ab-o--32:before{content:'\ea07'}.i-active-protection-o--16:before{content:'\ea08'}.i-active-protection-o--24:before{content:'\ea09'}.i-activities-ab-o--32:before{content:'\ea0a'}.i-activities-arrow-ab--32:before{content:'\ea0b'}.i-add-action--16:

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	5691
Entropy (8bit):	5.29154614462021
Encrypted:	false
SSDEEP:
MD5:	6C0B8173D19A83AE1295B013EE8DA32C
SHA1:	023B662599BB04AE916F08A92648F27A741BBD13
SHA-256:	4D246E31FD5E256987DFABD6CD90FBF997669F7569E4971A2817B51E76DFD2B1
SHA-512:	1FB6A86A76154DCCFC192306030B4EF0780675E6C4A3F11A038E6061492633A1B2B31436601B7A82D825105A94A8488EAB3E84E8C052A0FF2289EA41155E9BFD
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ
Preview:	<!DOCTYPE html>.<html lang="en" id="login" api-address="/api/v1">..<head>...<base href="https://access.jdn.de/">...<title>JDN Access</title>...<meta http-equiv="X-UA-Compatible" content="IE=edge" />...<meta charset="UTF-8">...<meta name="viewport" content="width=device-width, initial-scale=0.4">...<script>....// script for changing the initial zoom on mobile devices with bigger screens (tablets, etc...).... if (window.screen.availWidth >= 768) {.... document.... .querySelector("meta[name=viewport]").... .setAttribute('content', 'initial-scale=0.7');.... }...</script>...<link rel="shortcut icon" type="image/x-icon" href="/assets/favicon-1421b0df7a6bd06dbd61b78c193cf410370011107245b1c2a1239f7d0e39b2cd.ico" acc-favicon="" />...<link rel="stylesheet" media="screen" href="/assets/bootstrap/dist/css/bootstrap-b64af21a8a65b545fbf92f634758257f60811ee396598de3096c4a6f72bbd73e.css" />...<link rel="stylesheet" media="screen" href="/assets/open-sans-fontface/open-s

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Static File Info

Windows Analysis Report
https://ipfs.io/ipfs/QmdTwDBzfv7vcTnw34YZhB4VroSotz2NY5Hc5FzzQX8qxQ#rramis@isciii.es