Edit tour

Windows Analysis Report
https://app.smartsheet.com

Overview

General Information

Sample URL:	https://app.smartsheet.com
Analysis ID:	1322141

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.smartsheet.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1960,i,10428679393286180098,6197793199546172428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://app.smartsheet.com/b/home	HTTP Parser: No <meta name="author".. found
Source: https://app.smartsheet.com/b/home	HTTP Parser: No <meta name="author".. found

Source: https://app.smartsheet.com/b/home	HTTP Parser: No <meta name="copyright".. found
Source: https://app.smartsheet.com/b/home	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49752 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49755 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49752 version: TLS 1.0

Source: unknown

DNS traffic detected: queries for: app.smartsheet.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49755 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2616_779973217

Source: classification engine

Classification label: clean1.win@13/36@14/84

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.smartsheet.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1960,i,10428679393286180098,6197793199546172428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1960,i,10428679393286180098,6197793199546172428,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://app.smartsheet.com	0%	Avira URL Cloud	safe
https://app.smartsheet.com	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.68.77	true	false	high
app.smartsheet.com	34.225.51.240	true	false	high
www.google.com	142.250.72.132	true	false	high
clients.l.google.com	142.250.189.14	true	false	high
dbnyvf7f1p1a0.cloudfront.net	216.137.39.24	true	false	high
clients2.google.com	unknown	unknown	false	high
s.smartsheet.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://app.smartsheet.com/b/home	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.203.178.223	unknown	United States	14618	AMAZON-AESUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.137.39.24	dbnyvf7f1p1a0.cloudfront.net	United States	16509	AMAZON-02US	false
216.137.39.14	unknown	United States	16509	AMAZON-02US	false
142.250.68.10	unknown	United States	15169	GOOGLEUS	false
142.250.68.77	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.68.3	unknown	United States	15169	GOOGLEUS	false
34.225.51.240	app.smartsheet.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.72.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.189.14	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.188.227	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1322141
Start date and time:	2023-10-09 14:17:25 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://app.smartsheet.com
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@13/36@14/84

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.188.227, 34.104.35.123, 142.250.68.10, 142.250.68.106, 172.217.12.138, 142.250.189.10, 142.250.72.138, 142.251.40.42, 172.217.14.106, 142.250.176.10, 142.250.68.42, 142.250.217.138, 142.250.188.234, 142.250.72.170
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, content-autofill.googleapis.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 53712, version 1.0
Category:	downloaded
Size (bytes):	53712
Entropy (8bit):	7.995805532734641
Encrypted:	true
SSDEEP:
MD5:	D4B32D9976E80EDEC90FF20142C87EBD
SHA1:	808FC9F0BA6EE923C37AF30688E055BD27823D5F
SHA-256:	332B7905E7A8A5D87E37F7814EF2505EC81D6C0C3783F2C6532BE916EA87DA72
SHA-512:	2A424ABEBCDE3B65530893A8AAE817160C178557F267DA07966B0853558571A320E5B94028EEC8C93251FA879C0BA9B9D68E184C78616064D85C7C7F96CC23AB
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/fonts/ttNormsProBold/TTNormsPro-Bold.woff2
Preview:	wOF2...................n........................?FFTM...>...F....`..^.....T..2..`..6.$..\. .....T[.....).....Z..c.e:e.....@..\.j...I#.1<F<T.9.8Vl...0m.Y.".........4dj:.t.1+$d.6.....{dJ...9#......4vi.7..K,...1.y.kL...D..6.3........f7....?....x....:..K\.....+n.C....t.....#.%..3..&..B,G...;I....[,.....L.7..#...z)t,....a.."c....k+3........].%Mn.kxW..m.Nf...;...Lk..W...>.!#...i...mwX......C.........%..&.O..i}.v.....k<......o..F..f..lT..}.?....7...m.#F6.S.ew..R..qW.....p....3..E..C..5fl...\|>7&...E%..P.2..q.?..k.B...0....UNT....]kF._....i..[dU.^..i...mrf...\.[...G...ny.RUs....[.O+....,..AU.A.~o...&.%.....*...V..6..:.W:<Xt._....j....0:.......1.}T]....?......N..@..f .o..,..W..V.q.~w.+.$HN,H. ..\|)..K..x.+&n.zR.e.@...lS.D>..y.[..1y...]p...vw.;}.....w...1U......ab.D..cef`.....UA.Lrm.^\|0...O..s@.m......).....2ny.....s....).....U(x;.S/.....p'....^..-...............g.....e...g.).Y.......Q..).B.I./G....P..,>..H....I%.&H.'.g....4.>.../.?.( ......{D..1.f.6-....r.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	533342
Entropy (8bit):	5.757654592261442
Encrypted:	false
SSDEEP:
MD5:	8D7342503652931E654C1CF87275A8D5
SHA1:	5BD8A509926EA0A587F68A850AF7F05B7F909B8E
SHA-256:	CF4ECA47E8F9930DA1B09062917FB525DAD39C797FD40D8AFC7A5E5511D1D9B2
SHA-512:	1A71450041AF682C6A26873060777F3D4684E5565FA030A1E73BC443B01C5AFD776F84E67CBF3F281971AD3E0D5D04F8CD06E384CA099B441C045F49DA934B84
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/javascript/core_259.0.0.js
Preview:	var LogActionId,b,HomeNavTreeControlId,c,MessageBarUpsellControlId,d,ClientEventLookup=function(){return function(){this.LOG_ID_OPEN=1,this.LOG_ID_CLOSE=2,this.LOG_ID_RESIZE=3,this.LOG_ID_MOVE=4,this.LOG_ID_DRAG=5,this.LOG_ID_DROP=6,this.LOG_ID_BACK=7,this.LOG_ID_MAXIMIZE=8,this.LOG_ID_HELP_OVERLAY_UNKNOWN=8200,this.LOG_ID_MINIMIZE=9,this.LOG_ID_HELP_OVERLAY_GETTING_STARTED=8201,this.LOG_ID_INSERT=10,this.LOG_ID_HELP_OVERLAY_SHEET=8202,this.LOG_ID_DELETE=11,this.LOG_ID_HELP_OVERLAY_SHEET_READONLY=8203,this.LOG_ID_RENAME=12,this.LOG_ID_HELP_OVERLAY_REPORT=8204,this.LOG_ID_DISCUSSION_EMAIL_DISCUSSION=12300,this.LOG_ID_FILL=13,this.LOG_ID_HELP_OVERLAY_SHEET_UPDATE_REQUEST=8205,this.LOG_ID_DISCUSSION_PRINT_DISCUSSION=12301,this.LOG_ID_COPY=14,this.LOG_ID_HELP_OVERLAY_HOME_SHEETS=8206,this.LOG_ID_SUBMIT=15,this.LOG_ID_HELP_OVERLAY_HOME_FOLDER=8207,this.LOG_ID_DISCUSSION_DELETE_DISCUSSION=12303,this.LOG_ID_EXECUTE=16,this.LOG_ID_HELP_OVERLAY_HOME_WORKSPACE=8208,this.LOG_ID_DISCUSSION_EMAIL_C

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 219 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2570
Entropy (8bit):	7.895758431405341
Encrypted:	false
SSDEEP:
MD5:	DA9052E8598E1DF82DE601519B84AAC7
SHA1:	789B10751F6D6EA85E6B88425645E34C35072F11
SHA-256:	FEE7186FB34049752089B798CE8A80C40C3E9A4796EDB0AEBC99A6624E4FAA66
SHA-512:	E80561D0B600BB1F292B100C75A9E05E45478886CF63B2566F3E861D4DFAA95C7D81953BEF74691270EAF26DE2CD2D37499C17A1D1FE20E047B9B890EE2BC551
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....... .............pHYs.................sRGB.........gAMA......a.....IDATx..OlT.....xy........YH...P6Zua....JL.V.Z\.!....j.....R.a#b.mq.D.....0...b...B.........;...M&w.......=......3.I...hz...G2X43&...0SL...~;...CH......t.^......S..uq..mY4......n....G.a.4.l....5.p`.:3>......G..._...f..[.x...X.h(g.yb.)..M;.=.3G...xx.T.U..5...L...P.z.o...JD.-.......l5..+.us..w....p.......\o.M.._.....<<.j..l.=....{....:........mQe.i.(j..(x..kf...#..v..u..f..&i.....:v^]07.I.x.y..u..sm...gw.>........x..A.i3.....t.......Kcf..O.....r...[...{:.G.xP........dn..{..3...u`}..RA?......Ae\.o% qec.&.u.~w.$...S&....;v........;P..r.bt..6.y..8.....j....!.../J..S......%n.....}`4....7.?..Fe..W..[Y.qhK. .20aC..._u$."d"..M.V.b.}:.....1.z....?v.\.....y.t.a.V]./...r_...1,....7.+....#.Vy>.Q.R.....F......q.EE....v...*...k..V.X8..D.9.q.........O+......=..A..K/j.....Z>g+..g#iM..I.as.,.R6.....r..v'q.b.Ch>H.2...&w...pZ.....9..9i34./G.m..V.1s.\..B../.a.x\|.(

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7381)
Category:	downloaded
Size (bytes):	7382
Entropy (8bit):	5.340955133917528
Encrypted:	false
SSDEEP:
MD5:	DD6DDB342E5CC215998F75E57214B101
SHA1:	0AFEC227E2B76D7F48698D886AF8826672440295
SHA-256:	5788666E7B9AADD67B4222EC55EAEB91C6E276A5C73A5D7D1A982D6F6CCC3B15
SHA-512:	410E0E2FB826DC9C60D04160CC158A466EF4ED7A88E00C6690A1E4AFA46DF0551C34C8D74CE33806A6AA15677CB69FCE131FA2AAD28C3FC6098ECC20BFCB0681
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/css/fonts.2x_259.0.0.css
Preview:	@font-face{font-family:'Roboto';font-style:normal;font-weight:300;src:local("Roboto Light"),local("Roboto-Light"),url("../fonts/roboto/roboto-300.woff2") format("woff2"),url("../fonts/roboto/roboto-300.woff") format("woff"),url("../fonts/roboto/roboto-300.ttf") format("truetype");unicode-range:U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116,U+1F00-1FFF,U+0370-03FF,U+0102-0103,U+0110-0111,U+1EA0-1EF9,U+20AB,U+0100-024F,U+0259,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF,U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:local("Roboto"),local("Roboto-Regular"),url("../fonts/roboto/roboto-regular.woff2") format("woff2"),url("../fonts/roboto/roboto-regular.woff") format("woff"),url("../fonts/roboto/roboto-regular.ttf") format("truetype");unicode

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	90816
Entropy (8bit):	5.290545293055245
Encrypted:	false
SSDEEP:
MD5:	4AAF8D14DCDCAC3190460D338E9ADD2E
SHA1:	E9CDACF2005E21AB5B08D780128C99B3F2D5F439
SHA-256:	D374406B67DE8084E9127502E4D8F14A3F60DF399EA9AB8ECE2FA8C8FD545DE0
SHA-512:	8CDD595B4895F504CBB40D80E5E3D9C8A3B217A22020A6E74887ECADD638AF250CAAA087FC8D64815A1CFB7D4DF129A052496C8718ECEDE3F8398CFC51563921
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/javascript/login_259.0.0.js
Preview:	function addPlaceholderSupport(e){$(function(){jQuery.support.placeholder=!1,"placeholder"in document.createElement("input")&&!e&&(jQuery.support.placeholder=!0)}),$(function(){if(!jQuery.support.placeholder){var e=document.activeElement;if(!$(e).is("input")){var t=$("[autofocus]");e=t&&t.length?t[0]:null}$(":text").each(function(){""!=$(this).attr("placeholder")&&addPlaceholderElements($(this))}),$(":text").keyup(placeholderKeyupHandler),$("input[type=email]").each(function(){""!=$(this).attr("placeholder")&&addPlaceholderElements($(this))}),$("input[type=email]").keyup(placeholderKeyupHandler),$(":password").each(function(){""!=$(this).attr("placeholder")&&addPlaceholderElements($(this))}),$(":password").keyup(placeholderKeyupHandler),e&&setTimeout("$('#"+$(e).attr("id")+"').focus()",10)}})}function addPlaceholderElements(e){e.before('<div class="clsPlaceholderFauxContainer"><div id="'+e.attr("id")+'-faux" class="clsPlaceholderFauxField">'+e.attr("placeholder")+"</div></div>");var t=

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	6965
Entropy (8bit):	3.8497490882599923
Encrypted:	false
SSDEEP:
MD5:	E6330AF4535890DF279884590BB3DAB5
SHA1:	C0D88BA962EA980C862AE37F13EBDBCDBFC00D35
SHA-256:	E06864B4E96851249E24BD36EE9DB9E1B3F9A883753A208179C6781FA19EE382
SHA-512:	8CE2919F68D145ACD10DF7C9407F110F2BEA29123A2B4BF1D19178D59B337D0738A0A0ADC6328703BDF874EC6FCF1A9FF294864D6477E55EC23D89B7235C67DB
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="95" height="26" viewBox="0 0 95 26">. <path fill="#003059" fill-rule="evenodd" d="M6.008 13.685c.35.138.652.316.907.535.254.22.453.488.598.804.144.316.216.7.216 1.154 0 .55-.117 1.02-.35 1.413-.234.39-.536.71-.907.958a3.813 3.813 0 0 1-1.268.536c-.474.11-.952.165-1.432.165-.81 0-1.522-.124-2.133-.371-.612-.248-1.158-.7-1.64-1.36l1.402-1.155c.303.302.64.57 1.01.804.372.234.825.35 1.36.35.235 0 .47-.023.712-.072.24-.048.454-.123.639-.227a1.4 1.4 0 0 0 .453-.391.895.895 0 0 0 .175-.546.941.941 0 0 0-.257-.68 1.857 1.857 0 0 0-.618-.423 4.57 4.57 0 0 0-.763-.248 23.912 23.912 0 0 0-.71-.154 12.542 12.542 0 0 1-1.135-.33 3.478 3.478 0 0 1-.948-.494 2.288 2.288 0 0 1-.66-.784c-.164-.316-.246-.707-.246-1.175 0-.507.106-.95.319-1.328.213-.379.494-.691.845-.939.35-.247.748-.432 1.195-.557a5.054 5.054 0 0 1 1.35-.185c.66 0 1.292.123 1.896.371.605.248 1.086.66 1.443 1.237l-1.443 1.092a2.825 2.825 0 0 0-.814-.69c-.323-.186-.718-.278-1.185-.278-.44

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15905)
Category:	downloaded
Size (bytes):	15906
Entropy (8bit):	5.2529557368802635
Encrypted:	false
SSDEEP:
MD5:	D8C35AA8F067A3F0CA32FE93120E72EC
SHA1:	71A20C98DD162AC72B0741B41A46131B5AE08051
SHA-256:	0D4EED3C938B26DB4C8AEBCB52FD94662AA131FC13E7234B0C2E78B270602921
SHA-512:	45DE995D3A0F7EEE6954AD5C94485EE57D12D5DE07B8ADAC6DBA4351AB6A6F04E1E4BC2C87CC43A6240C90D76BD8D9B29F587F52FE24E95DA998842CE805ACFD
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/css/loginLodestar.2x_259.0.0.css
Preview:	HTML{height:100%}BODY{cursor:default;font-weight:normal;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}BUTTON,INPUT,SELECT,TEXTAREA{font-size:13px}BUTTON,INPUT,SELECT,TEXTAREA{font-family:Roboto,Arial,Helvetica,sans-serif,"Segoe UI Emoji","Segoe UI Symbol"}BUTTON.enableLodestarStyles,.enableLodestarStyles BUTTON,INPUT.enableLodestarStyles,.enableLodestarStyles INPUT,SELECT.enableLodestarStyles,.enableLodestarStyles SELECT,TEXTAREA.enableLodestarStyles,.enableLodestarStyles TEXTAREA{font-family:"Inter", Arial, Helvetica, sans-serif, "Segoe UI Emoji", "Segoe UI Symbol"}BUTTON.enableLodestarStyles,INPUT.enableLodestarStyles,SELECT.enableLodestarStyles,TEXTAREA.enableLodestarStyles{line-height:1.3}BUTTON.enableLodestarStyles.enableLodestarLineHeight,INPUT.enableLodestarStyles.enableLodestarLineHeight,SELECT.enableLodestarStyles.enableLodestarLineHeight,TEXTAREA.enableLodestarStyles.enableLodestarLineHeight{line-height:1.4}@supports (font-variation-sett

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 84 x 84, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	455
Entropy (8bit):	6.6458865185127625
Encrypted:	false
SSDEEP:
MD5:	3BEEA425CF2A5C2342E44581EE443F95
SHA1:	428C2BC27020B84367AF462BE3D8387DC27BE5A8
SHA-256:	9864FDF995368063EA9A55FB0F6BAA42CFB677C33D704F959459B0848DBDA8B3
SHA-512:	19504F36710734C1B7C4115914B9866D161C1A9DA7C95064E75F3F40CE772C092623E1B9C5EF713B0061BAAD09FDD6C378F30742BC12C489CC08DA29ED553A72
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...T...T......k......sRGB.........IDATx...MCQ.DA..b.$:...........!%....J.`..&GO.....yy.^N.y..>n....x....>..^.ho......@{.(.......F.hp....0.@..?...Q......7........a...G......48..ho......@{.(.......F.hp....0.@..?...Q......7........a...G......48..ho......@{.(.......F.hp8.. @.?......;yy}..z^?.O.^...9..:...,..X`..P.c.q.B....9..:...,..X`..P.c.q.B....9..:...,..X`..P.c.q.B....9..:...,..X`..P.c.q.B....9..:...,..X`..P.c.q..S....w*.....IEND.B`.

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, interlaced
Category:	downloaded
Size (bytes):	621
Entropy (8bit):	7.402886584832342
Encrypted:	false
SSDEEP:
MD5:	CC7774F04D8FB612ABAE3C775B3A9CC6
SHA1:	D7D410E86DC33478E56FFB42A19F7F5446688C36
SHA-256:	7C86A21946F41CAA278FE0B4D96DF61A8D2C7F3F027493E8342F3DD39DB0A3E9
SHA-512:	9FE10F0DE014FB5F1312D0D0F5281DC07C32D0A1BE047D809DC46D88355200A285ED989655EF64AB14B79C0511E4EE5AC7DEC6C9E96A42A5BB03793C59F6B9EA
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/images/fav_prod2.png
Preview:	.PNG........IHDR.............h.......sRGB........'IDAT8.c`..e... ....7..a<&...`.1`. 6\..add......{r=#\..*..D.. ...V.j...T..R.a.H..v....(.0s^.-Csy....;Cjt..GD.X!...f.%yi...W..K7.%A........n.X;...R.s.. .mga.0.b.........^...$.w...0?........+...f.sb.X.....g...,.1....[..eX4...k...B..p,.8.d..E.T...;'.s...h.....X.X.~.T..020.X.m....o._}.P.E...9.@\|....!"......3H1..B:E....o.....O...v.>.l.y.9..\|....s.ch(Iep..`....@.1..b...3Ct..CmQ2XsPR9...:Cr.?..O2...p.......a....aA7.g/^38.d1.......LLL.o._......,.q..]...v...~0xG..5............X..).{.4..S.'`XL`.....8P.220U2........^..L...)'..x....q...@........{q8.....IEND.B`.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 227180, version 1.0
Category:	downloaded
Size (bytes):	227180
Entropy (8bit):	7.998672302796162
Encrypted:	true
SSDEEP:
MD5:	66C6E40883646A7AD993108B2CE2DA32
SHA1:	7A2602D2EBB08CE895E33ADDB6FE595F1029431E
SHA-256:	17FE38AB302C7E5DBFB5C3D87801092D79BE958500DB6412ED3BC0F126BD53D3
SHA-512:	8A166F9044346CCE8CA92B00F5DAC0DE6D0FF64AB72FBF390A268049FFFB72BE2BDA1397AE0EE97E37CF33E3C309CC630A638AB9151F944D8D05AD652D6CF261
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/fonts/inter/Inter-roman.var.woff2?v=3.19
Preview:	wOF2......wl......84..v...............................D...J?HVAR.i.`?STAT....../l...$..Z..T.0..z.6.$..N. ......-[...el...........LM..>.......\..........A{.u:.,a.P4./$....Y.f.h.+..e. ..............p..[o&...4M..)-..B[.r.. .........a..l($4Q.S..aE<...eC.a))..Y.ZC..h.6.\Q.b%z!Tm.w....Y.z.......".Y..Y#....Z.K.B.I....D5.eJ....gde....~\+C.B#Jk...X.......;j.....U....vUY4l.v...4'.......PY.kH.5.:..u..b...9.BT.Z[!..Q....M..2...E.F..P.fc%....VD/..H!..Z...#.)...0..rzv.qpv..c...f....tH\|I.....ZX.@cu}.....I.f.}c....`.-...k.h.V...i.Ma...R.x.p.{....D.4...b.]...b...."........)....N=$..8.y.2...d.........!K.}$!..x..[..d[..(.Rj.!.Zi.1ZqZx%d&UA..e.....x...i.7E[....+.J....0.+3U.....z...4.Y..a..2W....S..!D.\|QtZ..;_..{....U!..8T.I.....:F..dV.%..dP..1..!r..1"...:..[.1..(.O.jBV..D.A..KB.....].v.u\|.;...^..sz...,y......d..A3+..?......F..=.IwSO...9.eD..-j"cR....0H`..%R........(....~o:.%.. ..h.\...$iw..7.&..1^1....;..X......rR.G...k.a.Z......x......\|.':> ....._...l

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3723
Entropy (8bit):	7.935821284965516
Encrypted:	false
SSDEEP:
MD5:	11B1105F8B8516098E91B36F52C77C1F
SHA1:	C058637FA783BAE1BF3CA0D36BC884E761F925B2
SHA-256:	174B1CF225E5D72596D3D4B62880B4950C7A0BAD706ADA28B797E8A706CCE0DA
SHA-512:	92458B328DF0B6A6A3BFF67F48DB971FA6CC3BF3183C6F6EFF7F76FC392BBB1A850F6344D7AB96E619A6947918C803FBEAA8FADE6AB9172643ED739AAB835C8E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Z...Z.....8.A.....sRGB........EIDATx..]{p.E...M6..J........)...`b.....! ".O..Uuru..<.%.W...?,.N...U"....H.JP.;@yS.I `v...._/.Yf..3..d.T%=._...o....g...v4N.0.2...d.cd .,.......f.B.L..VB..h+..#.!..wT..".`V.e/}...U....w0...\|..X......A.0!.Q..i@.?....wX=]..-.[.HB.>Sb.^b.A.=..v...c....0J...:... ]...@.N#...}.vG.4v>.....,.(=E({;U6....g..F..;..0..c.ad...WD.:3.%v...H.....Yu.f......yD%.Yh..x6.86uJ...%.]N7o.....X.7.......E.."%.$..kw./...D_.....a.......L<J..i....P.$.^aD7N...E}..].(...CO.,.i.$B..(..(45M.{.$.$...6........r....h.U8....S B...A)]....n...+.n..Se..-.I..b`...n..t.K..N.?.K...:.w.;..F+D..do.F..1....#.......(.I....Fa.Z.\.^x.Dh..=j....z.n..6.h..d.E..y....`@U.......VTD7M.....t..+.Y.yh..q..Dk..=b..8)o......y..FCT.g...z+F.m..H.r&+mH..y...Z...P.{.Vc.. ...w..ze.......f..\{!x_..ES...Rie.%m.^?.S'd;...X.*...%=.$G$...jx.fDC..<.. c.,.odm.C/.V.s%.c..<...7.\....T.[...F......d.p.M.{Eaj.4N..JT........ ..I4w.7.....4T0!.X.......}....

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.462814895472356
Encrypted:	false
SSDEEP:
MD5:	761A9269F0C208796F93CB76D1402A1F
SHA1:	3105E999BD0C6AAA410173BA2C0DF497E07E692B
SHA-256:	A511E6F5052AFA164B0169D96FE81766BE13234D74393892A541DE223BD19066
SHA-512:	3CAD0CC777F9BC56D67251DA1215092096B2800035DCBCF45CE277A82C9BD45E0E043E2568903D283F8494F515FDA564B2FC762AACAD533B465C9A61D77BCA51
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwk60vGdxMg97xIFDetj00sSBQ1gWOdv?alt=proto
Preview:	ChwKEQ3rY9NLGgQICRgBGgQIZBgCCgcNYFjnbxoA

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 5120 x 2880, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	247421
Entropy (8bit):	7.649866424817495
Encrypted:	false
SSDEEP:
MD5:	9F80DD54E33F4AE393A8AD32D4FB56F9
SHA1:	E0CA9B3E502A7C775658BAEDA9CDB4085899E55B
SHA-256:	3F13B74A96DB409D18051A477B39AE61AB292F4F5434AB46005172405423F1E2
SHA-512:	687644ED4DBE73337ADF52C4F1933CF235DF7444703DCC7D09C2B196ABA83849219D82B4246D185A64ACF20203748A709225B6B32590FF1CB415DC17D5C607F4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......@......%e.....PLTE..............q..........................y........\|....}....A...........>.@.C....j.....y......q.........v..z....w..t..r.......m........j..b..h..e........v..s.......x..}..W..m..b..Z..d..a..^......x.........................................s..~........u......w.............p..t....x....d......{.......W}.r.....{..j..........}........x..m..x......k..z....z............C...h..b..k..j..`......b.......w..o.....c......f.............d........................w..}....j..........k..d..g..n.....{..]..............\|.............s............IDATx....n.0.E........?.@......dl...z.........H[.......<cK/O+....X........2#.....T{.M}).X....W.r..!.b.@...........A..............'......k...K>...i...l....O...a........A.$......V....\...^...a...f.....s.hY...K....y_./..(..@.....@. .e.#...uQ.uD...3.....<S.i...h.n0s.~

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	6962
Entropy (8bit):	3.8533584081413874
Encrypted:	false
SSDEEP:
MD5:	D257D2992501B4EB6DE7A497BE5DAD92
SHA1:	3BB7799ABD49A33BC533F5547EBDADFEC4B30C28
SHA-256:	0E52038A11F968B6BDC8F058E6C961A1E1A62909616214E2701DF73520250E08
SHA-512:	5F5F29F4222B97386E697269894A2A65F82CFDB9DFCA9F9B5A89A0293A097DBAADF58D0237513FC0BB3519E49193DFCD4247418C7DF32AA795A0EFB3B52B7F39
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="95" height="26" viewBox="0 0 95 26">. <path fill="#FFF" fill-rule="evenodd" d="M6.008 13.685c.35.138.652.316.907.535.254.22.453.488.598.804.144.316.216.7.216 1.154 0 .55-.117 1.02-.35 1.413-.234.39-.536.71-.907.958a3.813 3.813 0 0 1-1.268.536c-.474.11-.952.165-1.432.165-.81 0-1.522-.124-2.133-.371-.612-.248-1.158-.7-1.64-1.36l1.402-1.155c.303.302.64.57 1.01.804.372.234.825.35 1.36.35.235 0 .47-.023.712-.072.24-.048.454-.123.639-.227a1.4 1.4 0 0 0 .453-.391.895.895 0 0 0 .175-.546.941.941 0 0 0-.257-.68 1.857 1.857 0 0 0-.618-.423 4.57 4.57 0 0 0-.763-.248 23.912 23.912 0 0 0-.71-.154 12.542 12.542 0 0 1-1.135-.33 3.478 3.478 0 0 1-.948-.494 2.288 2.288 0 0 1-.66-.784c-.164-.316-.246-.707-.246-1.175 0-.507.106-.95.319-1.328.213-.379.494-.691.845-.939.35-.247.748-.432 1.195-.557a5.054 5.054 0 0 1 1.35-.185c.66 0 1.292.123 1.896.371.605.248 1.086.66 1.443 1.237l-1.443 1.092a2.825 2.825 0 0 0-.814-.69c-.323-.186-.718-.278-1.185-.278-.44 0-.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	829
Entropy (8bit):	4.260891152381842
Encrypted:	false
SSDEEP:
MD5:	F6F916A318F00D77BE171E23543B0225
SHA1:	2468DA917E1F771C7D951F19A4AEF705F7AA3EE7
SHA-256:	34020B5624F2F7DAA7E3110A06CB558D0E13BECCFD3FD5FF7FA293A3A73375BE
SHA-512:	6656ED1B229A1EF37C782CF34F9BB6D162315E5F8E9A41813EC02A9B9DFE9A872C3E56FF25F7D828CE9D686F3462BCB04033E6C0B7BABC5AF46A2D2838F03AE1
Malicious:	false
Reputation:	low
URL:	https://s.smartsheet.com/b/images/img_login_apple.svg
Preview:	<svg fill="none" height="20" viewBox="0 0 17 20" width="17" xmlns="http://www.w3.org/2000/svg"><path d="m13.6007 10.6254c.0281 3.0266 2.6552 4.0338 2.6843 4.0466-.0222.0711-.4198 1.4354-1.3841 2.8446-.8336 1.2184-1.6987 2.4323-3.0616 2.4574-1.3392.0247-1.7698-.7941-3.30084-.7941-1.53058 0-2.00902.769-3.27669.8188-1.31552.0498-2.31728-1.3175-3.1578-2.5314-1.717501-2.4831-3.030027-7.0165-1.267637-10.07669.875517-1.51969 2.440137-2.48202 4.138387-2.5067 1.29181-.02464 2.51113.86909 3.30083.86909.7892 0 2.27095-1.07479 3.82865-.91694.6521.02714 2.4825.26341 3.6579 1.98387-.0947.05871-2.1841 1.27507-2.1614 3.80547zm-2.5168-7.4321c.6984-.84541 1.1685-2.0223 1.0403-3.1933-1.0068.0404612-2.22411.670851-2.94621 1.5158-.64714.74824-1.21389 1.94584-1.06097 3.09366 1.12211.08682 2.26848-.57021 2.96688-1.41616" fill="#000"/></svg>

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 245036, version 1.0
Category:	downloaded
Size (bytes):	245036
Entropy (8bit):	7.998948639474119
Encrypted:	true
SSDEEP:
MD5:	1F7CA6383EA7C74A7F5DDD76C3D3CEF2
SHA1:	6F20A046917BF86D4B6CC29C4E2515BD64D2CB9B
SHA-256:	D1401419DC30587008D4D7FE1230CA068442635EF9B46538E515725D68E0791A
SHA-512:	AA88D1E12AFBAF3B0488B89D96327B7D8B8465B419FB827C3FF78AB43A6B1137D5944CF79968EBA971CF6BDB7DC6DE4CB996DE8DD60E2100D29E36A07BF0EEE3
Malicious:	false
Reputation:	low
URL:	https://app.smartsheet.com/b/fonts/inter/Inter-italic.var.woff2?v=3.19
Preview:	wOF2.......,......e@..............................6...B...J?HVAR.a.`?STAT....../l...X..P..T.0.. .6.$..N. ..9...-[.......e%..%.s.[kj.s......:.y.V...T..2...6R..s;.r..&..c....5.......LV.G/g...............-..(.U....G..+.=.....H`.....b...._.G....".......+.+B......M,.DaW.V.jp...j.NW........=.z(m#.1..sD..\6...De.J.`..L.9..X...]H:r.u.[C..,....mH..h...W.Fc.......Da..;i./.z.........w.Ivqu..RX._.....{.FY.1"..%VT.Et.....Z.o4..#..[.4.E....@kr7..1.D.j"Qt.Z.X..x2&:......!.3EB...)9....kA.!.b'..@....vj.9.....+,G...{....i.ud..Q..rX.P.....v.p.1......S..,.-.e....;.?.nITx...-B.(Q..3.:u\|.....R.%....}.......=\|%.i.C0.....w...b.viZ...W..(.N.V[X..2tP.aK........c..[.w....NQD.......lM...ON1..f.}...i. {.SC..N..DD0.)K..."{.....b.%(......n....^n....\..Y.-.u.1.zlX1....D[M54QB.FnM8._......d.."J.LV.)...W .+.... ..vm.".o.P..F5.A\.o..Xc.8.......JZ...S....OZ.2.e....~..7...J..'...pw....S..._...'.O{.....ZJ$.-.5.J ..vF6.l.].<4.]/y..&..z.....P#._.0..>G..X...z.:h.........7.0.

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://app.smartsheet.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info

Windows Analysis Report
https://app.smartsheet.com