Edit tour

Windows Analysis Report
https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de

Overview

General Information

Sample URL:	https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de
Analysis ID:	1295472

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story.html?utm_source=SFMC&utm_medium=email&utm_campaign=&utm_content=&utm_term=7571921&sid=2156571	HTTP Parser: No favicon
Source: https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story.html?utm_source=SFMC&utm_medium=email&utm_campaign=&utm_content=&utm_term=7571921&sid=2156571	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: classification engine

Classification label: clean0.win@30/100@8/117

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5636 --field-trial-handle=1768,i,14152279351538676084,16133000751687287630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de	0%	Avira URL Cloud	safe
https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.18.13	true	false	high
www.google.com	142.250.186.100	true	false	high
click.mail1.wf.com	13.111.45.42	true	false	high
clients.l.google.com	172.217.16.206	true	false	high
clients2.google.com	unknown	unknown	false	high
ceomedia.wf.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story.html?utm_source=SFMC&utm_medium=email&utm_campaign=&utm_content=&utm_term=7571921&sid=2156571	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
172.217.18.13	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.16.206	clients.l.google.com	United States	15169	GOOGLEUS	false
23.45.104.221	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
13.111.45.42	click.mail1.wf.com	United States	22606	EXACT-7US	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.2
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1295472
Start date and time:	2023-08-22 21:51:18 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@30/100@8/117

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 34.104.35.123, 23.45.104.221
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, login.live.com, ceomedia.wf.com.edgekey.net, e8104.dsca.akamaiedge.net, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (885), with no line terminators
Category:	downloaded
Size (bytes):	885
Entropy (8bit):	4.604470459554573
Encrypted:	false
SSDEEP:
MD5:	C2C976E51FD9D4E23C59CC2CA45C6E82
SHA1:	A0A5B4D5380FD89C00A0468C5BEE141367942C6D
SHA-256:	0EBEE58A0C29E686C3B4FC83A45EE432B7E20E990FCC3094DD4C36FF6EB06B4A
SHA-512:	0E87CE96A4F586BDC2ED7A9DEC727352DE55FAE501B8BDB9A394C445C8D882FC0159688B997AF93311B81FE971D1C2B97020ADF19A31DB8E3037A4045D3CE8C9
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/5zqVvfYYJjZ_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.484%20--%3E%2000:00:04.864%0D%0ATask%20tiles%20put%20all%20your%20time-sensitive%20tasks%20in%20one%20place,%0D%0A%0D%0A00:00:04.865%20--%3E%2000:00:09.152%0D%0Agiving%20you%20quick%20access%20to%20items%20that%20require%20your%20review%20or%20approval.%20%0D%0A%0D%0A00:00:09.792%20--%3E%2000:00:15.008%0D%0ASelect%20a%20task%20tile%20to%20review%20pending%20payment%20approvals%20or%20payment%20exceptions%20and%20repairs.%20%0D%0A%0D%0A00:00:15.552%20--%3E%2000:00:20.596%0D%0AYou%20can%20also%20review%20and%20approve%20management%20tasks%20or%20pending%20documents%20and%20requests.%20%0D%0A%0D%0A00:00:20.664%20--%3E%2000:00:22.200%0D%0A%0AIt%E2%80%99s%20that%20simple!%0D%0A%0D%0A%0D%0A"}')

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (946), with no line terminators
Category:	downloaded
Size (bytes):	946
Entropy (8bit):	4.646088267801319
Encrypted:	false
SSDEEP:
MD5:	EA49C71C9F69A59A65B705325DA52967
SHA1:	8355D35E58055E83B12FBB751FE180F4CC7904B7
SHA-256:	3B804CD03FC3AC5F81295E4DDCD9E9906CA0303790D22355DCD7B3A203302FE9
SHA-512:	E59606E4F19EACE643D8E82F22BF860989C993AD263A89B4D975A6E0AF5EF8C42B1628B92AF43CD880068FED10A471B9412A53F4D2029EABC910EC219AF6B4AC
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/5womlYNk9X0_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.292%20--%3E%2000:00:01.968%0D%0AHello,%20and%20welcome!%0D%0A%0D%0A00:00:01.969%20--%3E%2000:00:03.957%0D%0AYour%20success%20is%20our%20success,%20%0D%0A%0D%0A00:00:03.958%20--%3E%2000:00:07.514%0D%0Aso%20at%20Wells%20Fargo%20we%E2%80%99ve%20challenged%20ourselves%20to%20reimagine%20%0D%0A%0D%0A00:00:07.515%20--%3E%2000:00:13.731%0D%0Athe%20digital%20banking%20experience%20in%20ways%20that%20will%20make%20it%20easier%20for%20you%20to%20manage%20your%20business%20finances.%20%0D%0A%0D%0A00:00:14.080%20--%3E%2000:00:17.583%0D%0AWe%E2%80%99re%20excited%20to%20introduce%20you%20to%20the%20Wells%20Fargo%20Vantage%20platform,%0D%0A%0D%0A00:00:17.584%20--%3E%2000:00:20.288%0D%0A%20the%20future%20of%20digital%20banking%20at%20Wells%20Fargo.%0D%0A%0D%0A"}')

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1101), with no line terminators
Category:	downloaded
Size (bytes):	1101
Entropy (8bit):	4.633955718330315
Encrypted:	false
SSDEEP:
MD5:	1572909E4B552A5515C24A89F2BA53EC
SHA1:	E7CCC35DA5146D36275587E00E5DDCC9843B06D1
SHA-256:	4A6DD57034133EEF09A28DE194FD733CB8305D3A3AF0A24EC482185E125460E2
SHA-512:	8A9E6CD08F9AD7B41997C6A72F1D309DD032505EAF7DD40E0431694302B9C6B4964C678FC25E357323EA1BB572B4CF255ED25A7E3E9885F5D5721ECC2736613B
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6WdipO4CoJB_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.256%20--%3E%2000:00:04.903%0D%0ANotice%20that%20we%E2%80%99ve%20grouped%20your%20services%20in%20the%20navigation%20bar%20at%20the%20top%20of%20the%20page,%20%0D%0A%0D%0A00:00:04.904%20--%3E%2000:00:07.392%0D%0Amaking%20it%20easy%20to%20find%20just%20what%20you%20need.%20%0D%0A%0D%0A00:00:07.968%20--%3E%2000:00:12.456%0D%0AWant%20to%20review%20and%20approve%20payment%20exceptions?%20Select%20Payments%20\u0026amp;%20Transfers.%20%0D%0A%0D%0A00:00:12.576%20--%3E%2000:00:15.808%0D%0ANeed%20to%20view%20your%20latest%20credit%20information?%20Select%20Lending.%20%0D%0A%0D%0A00:00:16.384%20--%3E%2000:00:23.303%0D%0AThe%20navigation%20bar%20appears%20on%20every%20Vantage%20page,%20helping%20you%20confidently%20move%20through%20the%20experience%20from%20most%20anywhere.%20%0D%0A%0D%0A00:00:23.304%20--%3E%2000

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (39378), with no line terminators
Category:	downloaded
Size (bytes):	39381
Entropy (8bit):	5.035146357586628
Encrypted:	false
SSDEEP:
MD5:	3C5CE734F3A07628F21BC83FB3844490
SHA1:	0447E80F82B9C63A77BFC76F305F688C1981C12E
SHA-256:	56D4BE610013E5B044F17F365F8B083DB26E377308CD0B89E0DEF72E1BF62532
SHA-512:	2388A92413C98DC99C51C8A2462D2D18E8045BEDA6846DD3F84A0DCE86DD3A6CFC42DB6E90C5826DB3CA2EC25FB0EEE4009AC59FAA3A27592C02FAEC599827EF
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/data/js/data.js
Preview:	.window.globalProvideData('data', '{"version":"3.63.27628.0","bwVersion":"4.0","tincanVersion":"1.0","tincanLanguage":"und","projectId":"6TpjrpRR5Pg","courseId":"6dHcanwkGBN_course_id","entryPoint":"_player.61PprjRJDhL","iosFonts":"mobile/fonts.json","debugMode":false,"lessonDuration":0,"textDirection":"ltr","playervars":[{"kind":"playervar","name":"displayCaptions","value":false},{"kind":"playervar","name":"zoomToFit","value":false},{"kind":"playervar","name":"accessibleText","value":false},{"kind":"playervar","name":"menuSlideNumber","value":0},{"kind":"playervar","name":"menuSlideTitle","value":""},{"kind":"playervar","name":"menuSlideReference","value":0},{"kind":"playervar","name":"menuSlidesViewed","value":0},{"kind":"playervar","name":"menuTotalSlides","value":0},{"kind":"playervar","name":"menuProgress","value":0},{"kind":"playervar","name":"menuSectionSlideNumber","value":0},{"kind":"playervar","name":"menuSectionSlidesViewed","value":0},{"kind":"playervar","name":"menuSecti

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 21028, version 1.1
Category:	downloaded
Size (bytes):	21028
Entropy (8bit):	7.966828301497873
Encrypted:	false
SSDEEP:
MD5:	72862E7CF19603AD24F26BAF86DD0E08
SHA1:	4BD3F3F26F7A8EB357A09DA8636390A28A21F826
SHA-256:	16C11E59500457A4D210E5584E57CDCE82015483C1199119B562120E6510A67A
SHA-512:	F05C3A1A044AA0DF728BB56496F8E7388C3F5C4755018C0F9B380AFD9FBFF581D280AB0D1C1688D98BA125F213C4876EEF631B876EE529EF3B5076E511676D00
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/stylesheets/mobile-fonts/open-sans-bold.woff
Preview:	wOFF......R$.......T........................GDEF................GPOS................GSUB.......Y...t...OS/2.......`...`.u..cmap...t...........cvt .......].....-..fpgm...l........s.ugasp................glyf......8...X.....head..@....6...6....hhea..@........$.)..hmtx..A........l.M.kern..C............loca..M ............maxp..N.... ... .h..name..N........\..3Xpost..O........(..j.prep..Q<...........k....................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../....................3.......3.....f..................@. [...(....1ASC. . ...........X ........^..... ..x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.x.c.a.g``..$KY...e@.,q@.j...o@<..O.H.t.................c .p@..........3lbd.....-.}.M...!...!....x..TGw.F........)..)7.W..`.\|o.4@.Q9...K.../..B..c.oH.EG...,H..U...M.y..>.........[7o\...t.j.......^8......=r.^.o.

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 20848, version 1.1
Category:	downloaded
Size (bytes):	20848
Entropy (8bit):	7.969305611927268
Encrypted:	false
SSDEEP:
MD5:	0D0D7107450F05B72A4507D0D7687DD1
SHA1:	845BBCD4BD3D110360A1994E213F709EF73AC6E8
SHA-256:	A5D937D8CCD079F0088D8095AC27F8387AC099382A8201AB903962A37A41CA1D
SHA-512:	5168AA05368CB22DBEDA191F0330569FE1B96FB9ED98E90154974C8C7593E15600C0E054F3B7BDABD4C6A4A0D6B0DD6FC1DD26AA1AE1BDFA022FCDCDB23DCE81
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/stylesheets/mobile-fonts/open-sans-light.woff
Preview:	wOFF......Qp................................GDEF................GPOS................GSUB.......Y...t...OS/2.......]...`..Qcmap...t...........cvt .......]........fpgm...l........~a..gasp...............#glyf......7...U.0X..head..?....6...6.;.hhea..?........$...Zhmtx..@........l..].kern..B............loca..L4........s4..maxp..M.... ... ....name..N........V..2.post..N........(..j.prep..PT.......:..]....................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../.......x.c`fig.a`e.`..j...(.../2.1..`b.ffcfeabby....A!...A............l..D.Z8z.".....X.Y.........U...x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw...........)..)7.W..`*.....G..Kz.)e.\|..}.\|.1.3...suf...3.....w...H.-.....LOMN.1...~...w....W._.x...S'O..V...+.

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (65415), with no line terminators
Category:	downloaded
Size (bytes):	108966
Entropy (8bit):	5.076613795946198
Encrypted:	false
SSDEEP:
MD5:	FB89B377BFBE38C4EEE042F964FD5E75
SHA1:	014457351A393BCF0087EEEEBAA9B68C591F35DB
SHA-256:	0EC1E29FADD9042737A191A40014FB47D1565A6A7F2ED15BA251C3DA541D2FE0
SHA-512:	036E339405A356E6B47153DBF28CD58EDB6F8954E4ACA720EB93CE0FC714013CD79630E8BD76CF3DFA6FBF7AE5DD04D006D2F46FB1DD0CFF5EC312B2424983EB
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/data/js/paths.js
Preview:	.window.globalProvideData('paths', '{"Lib":{"commandset-0":{"nodeType":"g","children":[{"nodeType":"text","font-family":"Wells Fargo Sans Charse422CF029","font-size":"16px","fill":"#FFFFFF","fill-opacity":1,"children":[{"nodeType":"tspan","x":"4 15.6320009 24.0320015 27.8560016 31.6800017 40.4640021 44.0320022 47.4560025 55.4720032 64.4160034 73.5040037 76.928004 88.6880042 97.0880048 100.9120049 108.3520059 117.456006 131.6640081 140.0640087 143.9040089","y":15.888,"children":["Hello, and welcome!"]}]},{"nodeType":"text","font-family":"Wells Fargo Sans Charse422CF029","font-size":"16px","fill":"#FFFFFF","fill-opacity":1,"children":[{"nodeType":"tspan","x":"4 12.3520002 21.4560003 30.3040008 36.2720012 39.6960015 46.8960013 55.7440018 63.1840028 70.6240038 79.0240044 86.2240042 93.424004 96.8480043 100.6720044 107.8720042 111.2960045 120.4000046 129.2480051 135.2160055 138.6400058","y":56.624,"children":["Your success is our "]}]},{"nodeType":"text","font-family":"Wells Fargo Sans Ch

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	18
Entropy (8bit):	3.3502090290998976
Encrypted:	false
SSDEEP:
MD5:	14BCD11B30C02772E7760D3E5BBF0309
SHA1:	EE4D0937D0C5662D80BB2665291F8ADBAF6D6509
SHA-256:	536CF64CB28348FFB16FD8CC9F16E76D176AFDAD53F92FEF79EA5FF1CCC3541C
SHA-512:	F92F435B5E57E717AE21D4EB7D877FDDF61C9FFD08AB707BEC833DFB165EC90D99803280805D09330298E472F26189AECB36B0F64761411D1CB7966D3168A806
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/favicon.ico
Preview:	<h1>Error 404</h1>

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (520), with no line terminators
Category:	downloaded
Size (bytes):	520
Entropy (8bit):	4.717799997336763
Encrypted:	false
SSDEEP:
MD5:	503C97CC3405CC98C2C114679CC7265C
SHA1:	E6EE0A9B77CCF38B7D4E5EB79E6A7C19189F52E6
SHA-256:	906F4AB6D950B55848AE6025CDB773D55AE578C1789C4E232449E5E6DB91E845
SHA-512:	EA88AABD438EB154A8981377628C7FD310A0F879614E81D66577AD9A1F2E1A3EDBB5AA2E3199A5FCA0C5760FEF9786B29C4425BCBB595F53D092AD3E8EAB71CE
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6J816HyGoDu_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.768%20--%3E%2000:00:04.896%0D%0AWe%20look%20forward%20to%20hearing%20your%20feedback%20as%20you%20become%20familiar%20with%20Vantage.%20%0D%0A%0D%0A00:00:05.408%20--%3E%2000:00:09.920%0D%0AThank%20you%20for%20helping%20us%20as%20we%20work%20to%20build%20the%20future%20of%20digital%20banking%20at%20Wells%20Fargo.%20%0D%0A%0D%0A"}')

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.249791896188175
Encrypted:	false
SSDEEP:
MD5:	4942D51813CACBDB89FB17F6AA9118BB
SHA1:	8ECB4856862889A3B6D22187DC9A3F807D02FC06
SHA-256:	D7A0A2A24CD9F4E56ED6CBA8DC21043ADF413678B10D85ADA35FF8F32E4BE386
SHA-512:	C1EE7A6E0620BA464071BE689D4E4F583D7F23416F07ED15928F5B7DE220D08007F67E310C98E80AEA5C3E7F9DADFECD74D0AB50CC4BBE2396E86221A51186EE
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/user.js
Preview:	function ExecuteScript(strId).{. switch (strId). {. }.}..

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (648), with no line terminators
Category:	downloaded
Size (bytes):	648
Entropy (8bit):	4.671122337614662
Encrypted:	false
SSDEEP:
MD5:	114DED8CF861F02B5FC2FA9C07D80330
SHA1:	785912220D8E45D12B503C644FF1C986455088E7
SHA-256:	CB641746F1F8772C78F9E1B70908B17D088D115F80C94340DC9C151485EC758F
SHA-512:	92A92F913224316455BE71F6025A8EDE632273919978CDFCFA335DCA764527653B6AAB3642C98680DBD46AB9F5F8D8E8A167960587FE404D57A694A14AAC4A80
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/5we05BGHFCF_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:01.012%20--%3E%2000:00:05.307%0D%0AWe%20know%20how%20important%20it%20is%20for%20you%20to%20quickly%20access%20vital%20information,%20%0D%0A%0D%0A00:00:05.308%20--%3E%2000:00:11.327%0D%0Aso%20we%E2%80%99ve%20added%20Tasks,%20Notifications,%20and%20User%20Profile%20icons%20at%20the%20top-right%20of%20the%20page.%20%0D%0A%0D%0A00:00:11.328%20--%3E%2000:00:14.220%0D%0A%0AThese%20quickly%20take%20you%20to%20the%20information%20you%20need.%20%0D%0A%0D%0A%0D%0A"}')

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (65477)
Category:	downloaded
Size (bytes):	910594
Entropy (8bit):	5.406906332789719
Encrypted:	false
SSDEEP:
MD5:	8AE746E39BED598E222B61168F724ACE
SHA1:	CEEF43BC2D81EF392D633A663F844840017AC357
SHA-256:	F02B7F625E1CD48DFF6B483A08E4EC555D8212F3E295F554AF7DB5C32EFC1206
SHA-512:	28A95D523B9605585C514B8F5396BB91C6556AA92884A007220BE268087C38CE0AD0BAB09381D81F9772A42BF22B3971EF81DBE0228C8ABE815EE7248990CB9E
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/scripts/bootstrapper.min.js
Preview:	./! ds-bootstrap - v1.0.0.27628 - 2022-04-19 5:31pm UTC. Copyright (c) 2022 ; Not Licensed */(function(){var __webpack_modules__={3847:function(t,e,n){"use strict";var i,r;i=[n(8087)],void 0===(r=function(){Promise.resolve().then((function(){var t=[n(6486),n(6407),n(5273),n(5812),n(6295)];(function(t,e,i){Promise.resolve().then((function(){var e=[n(7510),n(9739),n(857),n(292),n(9229),n(1421),n(5611),n(4698),n(8766),n(7812),n(7594),n(4839),n(9343),n(8579),n(1251),n(8939),n(8880),n(5626),n(1419),n(2581),n(3034),n(3716),n(8901),n(9835),n(3400),n(9032),n(1070),n(3797),n(9904),n(6882),n(3005),n(4481),n(1291),n(8935),n(2972),n(9447),n(1681),n(7097),n(2075),n(5641),n(2499),n(1294),n(82),n(6194),n(4811),n(118),n(7235),n(7300),n(520),n(3586),n(5173),n(262),n(6978),n(5337),n(6334),n(6159),n(9005),n(4427),n(8945),n(4403),n(5485),n(6936),n(5470),n(3707),n(8467),n(8351)];(function(e,n,r,o,s,a,l,u,c,h,d,p,f,v,g,m,y,b,w,A,E,S,T,x,C,_,k,M,O,L,P,I,R,D,N,H,V,F,B,j,U,z,W,G,q,Y,X,K,J,Z,$,Q,tt,et,nt,it

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	129322
Entropy (8bit):	5.153783133760939
Encrypted:	false
SSDEEP:
MD5:	02380B7C95CBF50ACBF592BF6AE497AF
SHA1:	3BD2B9EC01A0EAF15D8CC86054231395879E63C8
SHA-256:	AA1D2517F96D5DAFCE7F4382D3A3A8AA816689232B1D9C59066FF467FECEB375
SHA-512:	E335508A928D7AAEA4586FB064696A1E602C68D0B52C2291F65019D26EFD653B98C45251155F9E9816AC72E6033A361337DAF31A82CA2C5CD947E02B836A1AB8
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/stylesheets/desktop.min.css
Preview:	@media(forced-colors: active),(-ms-high-contrast: active){.show-focus .tab-focus-box,.skipnav{forced-color-adjust:none;-ms-high-contrast-adjust:none}#outline-search-content .cs-listitem,#outline-search-content .search-clear{forced-color-adjust:none;-ms-high-contrast-adjust:none;color:WindowText !important;color:CanvasText !important;border:none}#outline-search-content .cs-listitem.cs-selected,#outline-search-content .cs-listitem:hover,#outline-search-content .cs-listitem.hover,#outline-search-content .search-clear.cs-selected,#outline-search-content .search-clear:hover,#outline-search-content .search-clear.hover{color:HighlightText !important;background:Highlight !important}#outline-search-content .cs-listitem.cs-selected .cs-icon polygon,#outline-search-content .cs-listitem:hover .cs-icon polygon,#outline-search-content .cs-listitem.hover .cs-icon polygon,#outline-search-content .search-clear.cs-selected .cs-icon polygon,#outline-search-content .search-clear:hover .cs-icon polygon,#ou

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	123979
Entropy (8bit):	6.114237651568577
Encrypted:	false
SSDEEP:
MD5:	E094307AD4ADD429424032C617CB0DF6
SHA1:	29F2E395ED917FD44FF1E383B70EAB3EE73E05CD
SHA-256:	58C6F68B313089AB449FF79676C8550880D7D05BC6BD51A5B29129F6475CB13B
SHA-512:	B0F9736DD031BDD16F442D2B6927738626514526858777AC19B3CBBFC605AF81279CF4134C658F8FA928E9AA41576D89BF10528A3520A9F1CA97817DE5C0D138
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/data/js/frame.js
Preview:	.window.globalProvideData('frame', '{"default_layout":"pxabnsnfns10111001101","textdirection":"ltr","renderingEngineType":1,"device":false,"fontscale":100,"captionFontScale":100,"kbshortcuts":false,"skip_nav_enabled":true,"chromeless":false,"outputtype":"undefined","theme":"unified","themeAccentColor":"0x4FBDF4","layouts":{"npnxnanbsnfns10111001101":{"kind":"layout","font":"Lato22AB4CAF","controllayout":"npnxnanbsnfns10111001101","colorscheme":"pxabnsnfns10111001101","string_table":"pxabnsnfns10111001101"},"pxabnsnfns10111001101":{"kind":"layout","font":"Lato22AB4CAF","controllayout":"pxabnsnfns10111001101","colorscheme":"pxabnsnfns10111001101","string_table":"pxabnsnfns10111001101"},"npxnabnsnfns10111001101":{"kind":"layout","font":"Lato22AB4CAF","controllayout":"npxnabnsnfns10111001101","colorscheme":"pxabnsnfns10111001101","string_table":"pxabnsnfns10111001101"},"npnxnanbnsnfns10111001101":{"kind":"layout","font":"Lato22AB4CAF","controllayout":"npnxnanbnsnfns10111001101","colorsch

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1739)
Category:	downloaded
Size (bytes):	6426
Entropy (8bit):	5.322022067070432
Encrypted:	false
SSDEEP:
MD5:	959F6EEC661D1E8F0033CCE0DBBC8354
SHA1:	36EDB9F8279D913B53A9C73E3AF969FE145ED950
SHA-256:	BF8766363391E3C8214DBA006B1A9A1D82AE964F52A5C7F9E5790DAD37C64BD4
SHA-512:	F93DDA2D25904E07D70A82D757DB9FE6DCCEBC7B5AF3E09E23524DC7C98C2AD3231CA46E76D465BD7155A317157EF109A503023BCB38D2C0E8F6F74F2BDEB8CB
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story.html?utm_source=SFMC&utm_medium=email&utm_campaign=&utm_content=&utm_term=7571921&sid=2156571
Preview:	<!doctype html>.<html lang="en-US">.<head>. <meta charset="utf-8">. Created using Storyline 360 - http://www.articulate.com -->. version: 3.63.27628.0 -->. <title>Welcome to Wells Fargo Vantage</title>. <meta http-equiv="x-ua-compatible" content="IE=edge"/>. <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no,shrink-to-fit=no,minimal-ui"/>. <meta name="apple-mobile-web-app-capable" content="yes"/>. <style>. html, body { height: 100%; padding: 0; margin: 0 }. #app { height: 100%; width: 100%; }. </style>. . <script>window.THREE = { };</script>.</head>.<body style="background: #282828" class="cs-HTML theme-unified">. 360 -->. <script>!function(e){var i=/iPhone/i,o=/iPod/i,n=/iPad/i,t=/(?=.\bAndroid\b)(?=.\bMobile\b)/i,d=/Android/i,s=/(?=.\bAndroid\b)(?=.\bSD4930UR\b)/i,b=/(?=.\bAndroid\b)(?=.\b(?:KFOT\|KFTT\|KFJWI\|KFJWA\|KFSOWI\|KFTHWI\|KFTHWA\|KFAPWI\|KFAPWA\|KFARWI\|KFASWI\|KFSAWI\|KFSAWA)\b)/i,r=/IEMobile/i,h=/(?=.*\bWindows

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (323), with no line terminators
Category:	downloaded
Size (bytes):	323
Entropy (8bit):	4.794185215217175
Encrypted:	false
SSDEEP:
MD5:	C70A5E3CDBDEED0C4798D164CC4605D2
SHA1:	11E664CC4F7DD67A80E6521C761E650F3F6A9C39
SHA-256:	33F9D017412BF89F6416D5D882F47D4CF72D5427B4ABC61A5008F8E1B7F100F6
SHA-512:	98C4F2CEA8ADB2BCBE80B82FD6DA1A9CFB321E2DF4E820E451DF8279DFBD2986EC435E7D5B10A95AC17615B460C17E0E67C661CA3BE313A2F1383C021482AAC3
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6BUxPPIbW6Y_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.320%20--%3E%2000:00:03.808%0D%0AThe%20homepage,%20serves%20as%20a%20hub%20for%20many%20of%20your%20key%20activities.%20%0D%0A%0D%0A"}')

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (65473)
Category:	downloaded
Size (bytes):	977303
Entropy (8bit):	5.297722173023708
Encrypted:	false
SSDEEP:
MD5:	91F1BF20C24F652DDB18F5EBBAF87FD0
SHA1:	B882812DC73CAF94187496284A88E12B8A2217D0
SHA-256:	ED1CB99DE1222D94DCA05A799D692CD83D457CE2E1443F71E17B3081C769C47A
SHA-512:	4FAF36C51E6A0E33FDDCE5526A8B969F5493EE5E5974AB52CF7604CC97CDBF282F39DE011EB687A8D2DA574B8FD87B560F0E8B1BF6074521621B5B8976494B98
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/scripts/slides.min.js
Preview:	./! ds-bootstrap - v1.0.0.27628 - 2022-04-19 5:31pm UTC. Copyright (c) 2022 ; Not Licensed */!function(){var e={64691:function(e,t,i){"use strict";var n;void 0===(n=function(e){var t=i(33305);return{AccessibleScrollBar:function(){return t.createElement("div",{className:["accessible-scrollbar scrollarea-scrollbar",this.props.hScroll?"horizontal-scroll":"",this.state.highlight?"highlight-scrollbar":"",this.state.isHidden?"hidden":""].join(" "),ref:"scrollBar",style:this.getScrollBarStyle()},t.createElement("div",{ref:"scrollBtn",className:"scrollarea-btn micro-scrollbar-btn",onMouseDown:this.onScrollBtnDown,onTouchStart:this.onScrollBtnDown,style:this.getScrollBtnStyle()}))}}}.call(t,i,t,e))\|\|(e.exports=n)},34653:function(e,t,i){"use strict";var n;function r(e){if(Array.isArray(e)){for(var t=0,i=Array(e.length);t<e.length;t++)i[t]=e[t];return i}return Array.from(e)}void 0===(n=function(e){var t=i(33305);return{AccessibleText:function(){var e=this,n=i(87435),s=i(87523).renderSemanticT

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (557), with no line terminators
Category:	downloaded
Size (bytes):	557
Entropy (8bit):	4.707667134957432
Encrypted:	false
SSDEEP:
MD5:	3B034E0B8260D1250EA4B5D28E7B74DC
SHA1:	45F34EE37EA48E2E732A8E607C25BF77CD6A3583
SHA-256:	EDC7078B64CA2D6FFF6A3436E256726C126E61AA451BE3293FD2A52AB964A54F
SHA-512:	4F5E61746A36B3833630A83620837266482371400DEED2BC202F554129CD163F06EFD921E50D6B3BB1F9F0DD7111B4361EF948B4D11A7A1080C94FE5B80819CA
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6JuOO7hjsum_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.480%20--%3E%2000:00:05.792%0D%0AThe%20new%20Create%20payments%20and%20transfers%20section%20gives%20you%20direct%20access%20to%20Wires,%20Foreign%20Exchange,%20%0D%0A%0D%0A00:00:05.824%20--%3E%2000:00:08.224%0D%0Aand%20more,%20right%20from%20the%20homepage.%20%0D%0A%0D%0A00:00:08.320%20--%3E%2000:00:10.304%0D%0AMaking%20payments%20just%20got%20easier!%0D%0A%0D%0A"}')

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (618), with no line terminators
Category:	downloaded
Size (bytes):	618
Entropy (8bit):	4.713333834327895
Encrypted:	false
SSDEEP:
MD5:	BB1CE2E1EC098F21E5B7BA60BEFC2FB7
SHA1:	AF0848F82456643C714BB92F4B7C8A782B7245F0
SHA-256:	EEC74A17840235A9D71143D2F98B071495C9DE4B9A96B192B13A5D7706341734
SHA-512:	904B52C3E9ECC9776877B7CEB9635988107ED8256313B60A52C6F61E6554149927C859969359E2064F3D94DFC8E15ABE5B20E1AFC23F797023EEB17F0F17A6E8
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/5ovwUhND89M_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.832%20--%3E%2000:00:07.964%0D%0ANear%20the%20bottom%20of%20the%20homepage%20you%E2%80%99ll%20find%20other%20helpful%20information,%20including%20important%20messages%20and%20links%20to%20learning%20resources.%0D%0A%0D%0A00:00:08.224%20--%3E%2000:00:14.004%0D%0AThese%20are%20just%20some%20of%20the%20many%20new%20features%20we%E2%80%99ll%20be%20delivering%20for%20you%20as%20we%20continue%20to%20develop%20Vantage.%0D%0A%0D%0A"}')

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13485)
Category:	downloaded
Size (bytes):	454468
Entropy (8bit):	6.069746572095354
Encrypted:	false
SSDEEP:
MD5:	1F54923B19620827196AF4E85BC22AA1
SHA1:	3DB466DC245FB5BFD2D18524F5B4FC1B81EA5728
SHA-256:	9734049F77F994B9DC20D370C1AD13D2F84917DD3DEA853AAA51157F6CBED99D
SHA-512:	2B48B1EDCC7813D9E8E9996EFF771A40047C737A2F8A6A56E78C4930FF55E1B9EEB5BB58C26A9ECE3DC817635BF5779F89E0655BDB439D6B1BB815163F7F90FD
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/data/css/output.min.css
Preview:	@font-face {. font-family: 'LatoBold Charset1_ Bold1967F23D';. src: url('data:application/font-woff;base64,d09GRgABAAAAACT4AA8AAAAATxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAABWAAAAFsAAABg2uetkGNtYXAAAAG0AAAAawAAARTp6OsvY3Z0IAAAAiAAAAArAAAALgfIGaBmcGdtAAACTAAAA5AAAAblclpyQGdhc3AAAAXcAAAADAAAAAwADQAYZ2x5ZgAABegAABWBAAAsFG2lYF5oZWFkAAAbbAAAADYAAAA2/N3yR2hoZWEAABukAAAAIQAAACQP9gfUaG10eAAAG8gAAACmAAAEPIwnChhrZXJuAAAccAAAARoAAAIKCUwKPmxvY2EAAB2MAAAAYgAAAix9TIrgbWF4cAAAHfAAAAAgAAAAIAH2B3NuYW1lAAAeEAAABoUAABAUPIRVK3Bvc3QAACSYAAAAEwAAACD/iwCgcHJlcAAAJKwAAABLAAAAS6YHlRd42mNgZlFh2sPAysDAWsEqwsDAKAGhmXcxLGD8wsHMxM/BxMTEwszEvICBYX0AQ4I3AxSUVAb4MCgwMPxmYvP6V8U4gX0b4yogdzJIjoWJdRmQUmBgAgCeLg7zAHjapc/NCcJQAAPg72EFD84gdQEH8KAnD51APKoVFf9tRdy24CDPhyO0CUlOCQRBL4mhLAxSzuQyo+QTU3MLSytrG1ulnb2Do5Ozi6ubu4enSu3l7dNoQoxpp1M/ftsxL8b9/5sO+AHU1FKrAHjaY2CAg/8Me4EYRO5jXcbAwHqGhYmB4d9G1m3/PwDZQv8//psBAP3jD34AeNqVVNty20YM5epmSU5zsSU5Md0G7EZuai5Z9xJHD5pMRrSkSZ7kTjtDpi9LX/IdfebXgHY/IJ/WgxUppa37EI9IA9izwB7gLNkzdM1kP2r

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (534), with no line terminators
Category:	downloaded
Size (bytes):	534
Entropy (8bit):	4.72554514818421
Encrypted:	false
SSDEEP:
MD5:	8D708323821743DF7439C62EFBCDDA2F
SHA1:	FF750635B57C660798289F8EF1E6E169286A1E4A
SHA-256:	90965B20E0A61F418FBFD44B38447C6FFC484837339F7A704AFF772D9CED0996
SHA-512:	E46065E5551940A5BACE1CCDB3FED716D0C193E4EFF17060BE809E5524B7B5BD6362083C1BA592FC65EFC6B447E1D2722832677D510C5EAF112A4913461A6864
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6L6a4hpGfHf_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.256%20--%3E%2000:00:05.652%0D%0ATo%20manage%20your%20profile,%20select%20the%20User%20profile%20icon%20at%20the%20top-right%20of%20the%20page.%0D%0A%0D%0A00:00:05.653%20--%3E%2000:00:11.712%0D%0AChange%20your%20password,%20update%20your%20profile%20details,%20find%20useful%20information%20%E2%80%93%20all%20from%20one%20place.%20%0D%0A%0D%0A"}')

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (65477)
Category:	downloaded
Size (bytes):	270753
Entropy (8bit):	5.455947780415102
Encrypted:	false
SSDEEP:
MD5:	8276849CBAE6FA201E6E386451052D95
SHA1:	E90829BCCA17071BD975C7E707D32DAF5574A955
SHA-256:	F8564CE9611EA00D8F039027BF7FE159BBE71B052F89800CD6CA0DF892E5C9A6
SHA-512:	CF5B7C14C0A210C8ABD14A05E92D86EFE1780353CA09D235D3DFBCE59BA2704BF4CA391BBD59137BECD4796F984DD0ABF9623C612904659476790C2AC97402A7
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/scripts/frame.desktop.min.js
Preview:	./! ds-bootstrap - v1.0.0.27628 - 2022-04-19 5:31pm UTC. Copyright (c) 2022 ; Not Licensed */!function(){"use strict";var e={64442:function(e,t){Object.defineProperty(t,"__esModule",{value:!0});var n=function(){function e(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}return function(t,n,i){return n&&e(t.prototype,n),i&&e(t,i),t}}();var i=DS,o=i._,r=i.pubSub,s=i.events,a=i.constants,l=[],c=function(){function e(t,n){var i=this;!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e),this.frame=t,this.frame.blocked=!1,this.preso=n,this.setupControlOptions(),this.layouts={},this.setLayout(this.frame.default_layout,a.refs.FRAME),this.resourceDescription=this.frame.resourceData.description;var l=n.getFirstSlide();for(var c in this.slideWidth=l.get("width"),this.slideHeight=l.get("height"),this.temp=[],this.frame.layouts)this.temp.push(

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (534), with no line terminators
Category:	downloaded
Size (bytes):	534
Entropy (8bit):	4.70536957351169
Encrypted:	false
SSDEEP:
MD5:	AD959C5DAF49D70BB671A2FC35694347
SHA1:	C4191049AF836C7C5C1F6C0E759183EA369226D7
SHA-256:	28EC300821E1BB371A2015EE44AEB329E150D0BBC173FEE4317210D8517EF0A6
SHA-512:	98CAC7EE50B6F9570D9607B1AC803A20F1BE199999413CA4479FA428470B3B98EE49E73539CDEE3E8F8B6AFB76BB24F4F059837FE4FA0296A7795024732AF27B
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/6AfJjql88XU_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:00.832%20--%3E%2000:00:07.635%0D%0AYou%20can%20now%20quickly%20review%20key%20account%20balances%20and%20view%20recent%20transactions%20for%20a%20selected%20account%20%0D%0A%0D%0A00:00:07.636%20--%3E%2000:00:12.748%0D%0Abecause%20we%20show%20your%20key%20cash%20accounts%20and%20lines%20of%20credit%20directly%20on%20your%20homepage.%0D%0A%0D%0A"}')

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 20248, version 1.1
Category:	downloaded
Size (bytes):	20248
Entropy (8bit):	7.965050620475398
Encrypted:	false
SSDEEP:
MD5:	CE659615885F33D928EB7FE276574106
SHA1:	84F97FC997632D2FFFB788CD07C92241F178A9A1
SHA-256:	819747B05DF4938922997E60E199603ECB04F4D987331BA5C3F7DB30A835C3BD
SHA-512:	938099E7AC8C58EE66FC954012F4AD3D5DF29F2F886A001017BC07294A5CD01D8B40BEDA31881A16412234AC59D824F82CB0F7DE7DD25FA8FAC49A6054179734
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/html5/lib/stylesheets/mobile-fonts/open-sans-regular.woff
Preview:	wOFF......O........l........................GDEF................GPOS................GSUB.......Y...t...OS/2......._...`.>..cmap...t...........cvt .......Y.....M..fpgm...h........~a..gasp...............#glyf......5...Qx...>head..=....6...6.v.hhea..=........$....hmtx..=........l..Y.kern..?............loca..J..........{..maxp..K.... ... .v..name..K........2../Jpost..L........(..j.prep..N$........C.......................................x...5.A...../0.E....-..E.m....2..mz.....)@.]-R...X...@..DN^Q].Md`....]h.,4s...../.......x.c`f..8.....u..1...<.f....................{...h..... 0t.vf.....&.O.....)B..q>H..u..R``.....9.x.c```d`.b.......@Z.A.....`.d.c8.p..?.!c0.1.[Lw.D...........\.J..(......T......... .ja.....jK.......?........=.s..........}.......Ly.. ...@w...@G7.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw...........)..)7.W..`*.....G..Kz.)e.\|..}.\|.1.3...suf...3.....w...H.-.....LOMN.1...~...w....W._.x...S'O..V...+....W

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1144), with no line terminators
Category:	downloaded
Size (bytes):	1144
Entropy (8bit):	4.596091042110381
Encrypted:	false
SSDEEP:
MD5:	CB44E1479646815FBE166E417D2674F4
SHA1:	C0E313F9D52F8B194CF1A9E781D2F3E07066A52F
SHA-256:	148A8917FB7FC0956ED2A5BD0A570D3C68DFB6F20D15CD9271806C6573311F66
SHA-512:	57423D8B16C2A67DB2C4048EEFFA947200BF80F4B31BB1C28DE2EC63F83C99ADCF70ED146D747D5CA8FA9D60A428AC3C330A841CAC92AE4887A05875122E2B3C
Malicious:	false
Reputation:	low
URL:	https://ceomedia.wf.com/ceo-demo/Tutorials/Welcome/story_content/61dtkELgdq5_captions.js
Preview:	window.globalProvideData('caption', '{"data":"WEBVTT%0D%0AKind:%20captions%0D%0ASource:%20Articulate%20Closed%20Captions%20Editor%0D%0ASource%20Version:%206.63.27628.0%0D%0A%0D%0A00:00:01.408%20--%3E%2000:00:06.816%0D%0AAs%20you%E2%80%99ve%20seen,%20the%20new%20homepage%20provides%20an%20integrated%20dashboard%20of%20your%20key%20activities%20and%20services%0D%0A%0D%0A00:00:07.104%20--%3E%2000:00:13.056%0D%0A.%20The%20modern%20design,%20streamlined%20navigation,%20and%20easy%20access%20to%20tasks%20and%20account%20information%0D%0A%0D%0A00:00:13.057%20--%3E%2000:00:16.116%0D%0A%20can%20simplify%20your%20day%20and%20give%20you%20more%20control.%0D%0A%0D%0A00:00:16.192%20--%3E%2000:00:20.384%0D%0AFor%20now,%20you%E2%80%99ll%20notice%20that%20Vantage%20links%20to%20some%20of%20the%20screens%20you%E2%80%99re%20already%20familiar%20with.%20%0D%0A%0D%0A00:00:20.416%20--%3E%2000:00:24.651%0D%0AThere%20will%20be%20more%20in%20store%20for%20you%20as%20we%20continue%20to%20design%20and%20evolve%

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Static File Info

Windows Analysis Report
https://click.mail1.wf.com/?qs=677f1d231d3260533f03bc83358f07f095891fd96e89368d729e9cda52c17371cc20ba4857d6c96724eeb18ca1d43b28fd83f0723df121de