Edit tour

Windows Analysis Report
https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome

Overview

General Information

Sample URL:	https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome
Analysis ID:	1340458

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

HTML body contains low number of good links

Found iframes

HTML title does not match URL

Creates files inside the system directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://encd.fa.em3.oraclecloud.com/fscmUI/faces/FuseWelcome MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2012,i,4006794349507548499,4314794317440220571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: Number of links: 0
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: Number of links: 0
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: Number of links: 0

Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: Iframe src: /hcmUI/afr/blank.html
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: Iframe src: /hcmUI/afr/blank.html

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: Title: Sign In does not match URL
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: Title: Sign In does not match URL
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: Title: Redirecting does not match URL
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: Title: Forgot password does not match URL

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: <input type="password" .../> found
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: <input type="password" .../> found

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule	HTTP Parser: No <meta name="author".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No <meta name="author".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j	HTTP Parser: No <meta name="author".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule	HTTP Parser: No <meta name="author".. found
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No <meta name="author".. found
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No <meta name="author".. found

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: No favicon
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No favicon
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: No favicon
Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: No favicon
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No favicon
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No favicon
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No favicon

Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: No <meta name="copyright".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No <meta name="copyright".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j...	HTTP Parser: No <meta name="copyright".. found
Source: https://encd.login.em3.oraclecloud.com/oam/server/obrareq.cgi?encquery%3DxYOjtbASgceJIQ9tz31xqRZAc8xkZVSZZs%2BEI3H0AfptD%2FxwBcgw7ALXBXwzxLiVISrGtA8NONHt84YL8w%2FiFDhEp4VA%2FtSqvTwYHfxEj2WnbkA%2FcgRs1xy09LL6CxiemJnsnkSNWHn3be0f6M2PdAZYLnRscYOONbVdbn%2Fdch30mIiO2YfLyqEV8HNIuorB%2BzFH5Vek4PDR5mMB%2BkZk1ouMOpmUDSFQT1MNQ77k488QkCxpxErMaNeYOsZm8vjg1icVKMQmBNdG6rfDp5isxYb9VY%2BitNLAmqtEcACmVOBpk4YQOQPHXH6IpBfa071To0l1A5fYCNQDHerRUPGu7Gxdoz38aI3IOBHG9AEXFrdzy1rUsCXixFJ%2BlFf%2BgtRNhD%2FLqfZ23L%2BmR4QRtQMVgZ%2Fj3xTcRq4WSGyG89y85Nma%2F2RuUchL8ZzSyyuF7P9ZN3ehooC2hKmX1LxXldo%2BZOmydFEjeHDRsu3%2BwTWfSqBrocLTRaROWPjHD%2FCmU%2BjHoy0JOOtEp8eT0x1PshLXpCfeizMBeHKMoy2Llp20%2FiBFYHpAHFiJwIMyWvpD00turPbebAIxxBKjqGxBu%2B%2F0Ryh4R3hnSimoWuNjcNmWeELfLHVzY21R0XPD4bAM3H961oxBTcTmha%2Bc50186AjAEjhgJgiUdVsJ9X8j8sp4DYNz9kRCrawdqriyyEPChw6zgnJ%2FJDJjFZzBBIeVpfU6BurGR1LIiz2wmiOnZxEGcLzWoDPzLpe4j%2FvEaVOMO7wKMTDA5J8kIUSW6H5UslFREeeJcVV10DSTT65ip5nFtBwZInbjloJsKx7RkUoduXrsBzev0EPpD10S8VY%2B%2BUkezX6LovIqnvvpZEWZOBEM%2B4S45QoXJAZJNtVT%2B3Ule...	HTTP Parser: No <meta name="copyright".. found
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No <meta name="copyright".. found
Source: https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49762 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: encd.fa.em3.oraclecloud.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.40.8
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.40.8
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49762 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_644_909146639

Source: classification engine

Classification label: clean2.win@18/148@38/169

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://encd.fa.em3.oraclecloud.com/fscmUI/faces/FuseWelcome
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2012,i,4006794349507548499,4314794317440220571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2012,i,4006794349507548499,4314794317440220571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
accounts.google.com	142.251.211.237	true	false	high
www.google.com	142.251.211.228	true	false	high
dp.aaaaaaaazfm77hhcelwow5aqm6poxel4bfs5vb3dsjjz7zu5rjdh37prpefa.idcsprod.uk-london-idcs-1.idcs.prod.oraclecloud.com.uk-london-idcs-1.oraclecloud.com	147.154.226.58	true	false	high
clients.l.google.com	142.250.217.78	true	false	high
fa-4E1669C1BC6B4D0A8EA705DA39023842.fa-origin.ocs.oraclecloud.com	147.154.239.78	true	false	high
part-0042.t-0009.t-msedge.net	13.107.246.70	true	false	unknown
autologon.microsoftazuread-sso.com	20.190.151.69	true	false	unknown
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
encd.login.em3.oraclecloud.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
encd.fa.em3.oraclecloud.com	unknown	unknown	false	high
idcs-7a329a56bca149639cdfc84a0fc019ab.identity.oraclecloud.com	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high
aadcdn.msftauthimages.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j7O9SF%2B3jELuWcVgZXVL6toKxJQo3HK%2BsNP7v%2BL6FmVYAWQC8alNgaT0Bs2JD%2FtE9UcHo3oCATjsmnEizdigblts95AGD4oB3Qpfd6Dn4bByNdsZtTbVm%2FEUG1acR256Q5TPKQxsjyaKb%2BJXmVl3M%2FJpnm8nWSkJCl7NQhBqgeZ4j2UL5QyQQBBrgVWRfgJGBruo0TldORt1aaSY3w%3D%3D&sso_reload=true	false	high
https://encd.fa.em3.oraclecloud.com/hcmUI/afr/blank.html	false	high
https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue&_afrLoop=41389816968729364&_afrWindowMode=0&_afrWindowId=null&_adf.ctrl-state=6jzaeyrft_1&_afrFS=16&_afrMT=screen&_afrMFW=1280&_afrMFH=907&_afrMFDW=1280&_afrMFDH=1024&_afrMFC=8&_afrMFCI=0&_afrMFM=0&_afrMFR=96&_afrMFG=0&_afrMFS=0&_afrMFO=0	false	high
https://encd.login.em3.oraclecloud.com/oam/server/auth_cred_submit	false	high
https://login.microsoftonline.com/2133b7ab-6392-452c-aa20-34afbe98608e/saml2?SAMLRequest=hVPRbtowFP2VyH127DiBEotQsSE0JLqyQSfEm%2BM44NWxqe2M8vd1YJG6h7I36%2Bqce8%2B553r88Nao6I%2BwThpdgCTGIBKam0rqfQGeN3M4ApHzTFdMGS0KcBYOPEzGjjXqSKetP%2Bif4rUVzkehkXb0bYBxAVqrqWFOOqpZIxz1nK6nj0tKYkyP1tRShSLz3sqy9YJuAwn0DZwswMH7I0XodDrFpzQ2do8IxgnaPi7X%2FCAaBqXuRHHRszo9t8cy54T1wWVPCTY%2FHYQzFEABcdejKyf3n8AxwnkH7yB3HwUd%2F7sIb7hRIFr9fX2R%2Brr4W7TyCnL022azgqun9QZEc2O5uKRRgJopF%2FYyC5lIzfwl1063C8KV2UsdN5Jb40ztjVZSi5ibBpEkTct7VsJhmhOYDQiHjBEM04zVpchHQzwSqDNFQLRwrhWLSwK%2BAASTFCYJTPAG5zQZ0BTvQPSrPynSndRiVgBZQTG3Gmo438mn%2B93y5fD6vFi9OLPFv39AcD0qemluO0cN87c30VVC1%2FoCDXl66c9g0nuVFXfwnqUkZ4NhyVmS5cEbr2o%2ByhiuOU5yVsayuvJCmIwrwZVpq24hNMtSVItqjD6o6u%2F%2Bexi8mK2MkvwcTZUyp69WMB%2B%2Bh7etAGhyZf37QSbv&RelayState=7eTU&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HmUqhtBZ%2Bpon9YX%2FlarSG6swd7%2BxYVjVyuYoL9r7sB4kfS7A%2FVVKOsnxMBPnnbMfQOL%2B%2F88nKN7GbiGGJL3m7XRQbNuq758xh2w5cNyX2aFfS64FDSrBKtLB%2ByPfGNCx%2FBa9j7O9SF%2B3jELuWcVgZXVL6toKxJQo3HK%2BsNP7v%2BL6FmVYAWQC8alNgaT0Bs2JD%2FtE9UcHo3oCATjsmnEizdigblts95AGD4oB3Qpfd6Dn4bByNdsZtTbVm%2FEUG1acR256Q5TPKQxsjyaKb%2BJXmVl3M%2FJpnm8nWSkJCl7NQhBqgeZ4j2UL5QyQQBBrgVWRfgJGBruo0TldORt1aaSY3w%3D%3D	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.211.237	accounts.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.217.78	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.211.228	www.google.com	United States	15169	GOOGLEUS	false
147.154.226.58	dp.aaaaaaaazfm77hhcelwow5aqm6poxel4bfs5vb3dsjjz7zu5rjdh37prpefa.idcsprod.uk-london-idcs-1.idcs.prod.oraclecloud.com.uk-london-idcs-1.oraclecloud.com	United States	31898	ORACLE-BMC-31898US	false
142.251.211.227	unknown	United States	15169	GOOGLEUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
142.251.33.67	unknown	United States	15169	GOOGLEUS	false
147.154.239.78	fa-4E1669C1BC6B4D0A8EA705DA39023842.fa-origin.ocs.oraclecloud.com	United States	31898	ORACLE-BMC-31898US	false
13.107.246.70	part-0042.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.215.234	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.53.122.82	unknown	United States	20940	AKAMAI-ASN1EU	false
20.190.190.129	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.32.75.151	unknown	United States	16625	AKAMAI-ASUS	false
20.190.151.68	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.190.190.194	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.69.206	unknown	United States	15169	GOOGLEUS	false
20.190.151.69	autologon.microsoftazuread-sso.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.69.202	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1340458
Start date and time:	2023-11-10 10:14:15 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/148@38/169

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.251.211.227, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 10 08:14:48 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.982058094528507
Encrypted:	false
SSDEEP:
MD5:	3B6A687C84D232A8E31F5C897B3A650D
SHA1:	C09555569E1C43398AD3F8B844D0539C135C2FCC
SHA-256:	287400729EE508F17477BF0B1C0AE6F01615A0D33DD406D957EE380D8F8E9808
SHA-512:	879139E651DA75ABE817C0A85A0BBD6815222D58FF19D9AC8EAB8A9AFBB884439CE5DE742BB8EA00C6C3F11B9E0126DE3EA487FF230367C52F888D9618D456BB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Z....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjW.I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 10 08:14:48 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9979925896602335
Encrypted:	false
SSDEEP:
MD5:	61DB9CFFFBF62DD140D803DD20787E28
SHA1:	427101EDEBCD6838E734F253A200DA4B1E30E87C
SHA-256:	1639C7F6561CC7FA71BCD14761A7765D3FE6CAE3B2460C7935F75BCC7475F7CC
SHA-512:	D22A250FBDF9E03FB3776D8CB47AB9A9E501BDE3B93619B07A8DA7C5A9E793111494882B8AF13AABD9E9E1B2BCBF5E500DB6294FA1FB8B8E979A7DD18EFEA810
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....W.{Z....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjW.I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.0077039382071336
Encrypted:	false
SSDEEP:
MD5:	18ABCBD796A8F624522B195F69287CAE
SHA1:	9CBB4597442CC8ACBF5C6BB34E39EE5606ECB5F7
SHA-256:	0B049B7950982836ABDB189708ABB273D193F6FA423F4C7EA346D6F6A6F72353
SHA-512:	6DE7A0F11EE4E337C46320F47BC85E2EBF72225D9B8BCD6DA3D97D169FD3A68B014A5715379FAA671054E5A50C8639E47FD5A9899C8D80490A97316B346D6B7B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 10 08:14:48 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9952418399141294
Encrypted:	false
SSDEEP:
MD5:	F05F1E103F6BA2C5ECF1ED8C2565F0AC
SHA1:	D459C893F943591DCBFA11553AD1F00B3B09BA6C
SHA-256:	DDEDBE9225354DAEF06AE5D4FCC80019684FA49FA817F10EB978886AC1A6CE19
SHA-512:	AAE538DC637CFC3C2A49AEA894DDA582B481EABF93987702E4184EBC0545B88EDF119C3896A23D9A072F62A19DA04BD30B2F6E10C20F3F25A221683DBADBF2A7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......rZ....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjW.I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 10 08:14:48 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9871460792701496
Encrypted:	false
SSDEEP:
MD5:	A0995A7890A578A21A77BAA0FEF67D7B
SHA1:	AFF63116363502BB02A0258EEF85C960981C62C1
SHA-256:	14E1D8E04EFAF1A7AA596699E41FC766C545620596185A9A82FA1F47F077D289
SHA-512:	90BA7CA08C0E21003F0179EC59345720F896399252606EEA19DE8FB3783AB6C629CBCC9961ECD85BF193956BC31B26FD78B8AEA0B359BAB8798E9B9C38A66236
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Z....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjW.I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 10 08:14:48 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.994758298046982
Encrypted:	false
SSDEEP:
MD5:	65693CFCD02B4839C429B71785103A8E
SHA1:	3C97B3A3F63ADA317F61485BF4EFE290F01FED71
SHA-256:	BF8A4087B0481209855F43F374F3E4387BFE8F472AD66AD0A74F07799B4E93F2
SHA-512:	84D85E6C4C23A17DEB1A05934095A8F090B4FE0A82B020DDE9A601183C6061F12C0B60F03A8849B282A9BC66B166F538E65F2E5862D3C9A0B63B54639D722219
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`.cZ....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IjW.I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VjW.I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VjW.I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VjW.I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VjW.I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............%&......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (520)
Category:	downloaded
Size (bytes):	3969
Entropy (8bit):	5.090425882093803
Encrypted:	false
SSDEEP:
MD5:	B207ACA63F1C41BEDE11D60C0C070501
SHA1:	1186815F2C3D7B14190747E0459B8E647D3FACF8
SHA-256:	ACBA2A24D0A700BAFC4921A8C0873280EDFC2C619A829B82B87249B54BDF627A
SHA-512:	64ABD006B7310DA5BAE6798EE36EAC81040DC2AFE1B1569060373A70A99024C660B9500EF0E66239C792097F7D2D50454D7AF97316D0AF40B6D80F915192C9C6
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/detail-114qf9.js
Preview:	AdfUIComponents.createComponentClass("AdfRichShowDetail", {"componentType":"oracle.adf.RichShowDetail", "propertyKeys":[{"name":"inlineStyle", "type":"String"}, {"name":"styleClass", "type":"String"}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, {"name":"persist", "type":"Array"}, {"name":"dontPersist", "type":"Array"}, {"name":"contentDelivery", "type":"String", "default":"lazyUncached"}, {"name":"disclosedText", ."type":"String"}, {"name":"undisclosedText", "type":"String"}], "superclass":AdfUIShowDetail});..AdfRichUIPeer.createPeerClass(AdfDhtmlShowDisclosurePeer, "AdfDhtmlShowDetailPeer");.AdfDhtmlShowDetailPeer.InitSubclass = function() {. AdfDhtmlShowDetailPeer._SHOW_DETAIL_CHILD_CONTAINER_STYLE_CLASS = "af\|showDetail::child-container";. AdfDhtmlTogglePeer.Config(this, {"ltrToggledIconName":"af\|showDetail::disclosed-icon", "ltrUntoggledIconName":"af\|showDetail::undisclosed-icon

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (320)
Category:	downloaded
Size (bytes):	45669
Entropy (8bit):	5.439861287871258
Encrypted:	false
SSDEEP:
MD5:	B6CFC7DF9DDC97D037D99132E451794A
SHA1:	AE4771AB58DD1830061859A82E4553469F4A977E
SHA-256:	54ACC43B1D6BD326EA67D4E40BBA1206B86FC8630E10747F0436B4480C2E080F
SHA-512:	873D7A7F8BD44997AA82EC71CF20F6AE694B93950C5B72D3D03AD1BD388AADC077430D263597C21B5E789E8F32F0C7456E7232A8DC7AF07B8748A16E23D1ECFB
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/AdfTranslations-94l3hyen.js?loc=en&skinId=HAL_HOME_PAGE_BRANDING_2102002alta_v1
Preview:	AdfDhtmlLookAndFeel.__TRANSLATIONS={.'af_chooseColor.COLORNAME_CD853F':'Peru',.'af_panelCollection.LABEL_MENUITEM_EXPAND':'Expand',.'af_query.LABEL_REORDER':'Reorder',.'af_chooseColor.COLORNAME_9DD9A8':'Medium Moss',.'af_inputComboboxListOfValues.TIP_CREATE':'Create',.'AFKeyF4':'F4',.'af_codeEditor.TIP_SEARCH_PREVIOUS_BUTTON':'Find Previous',.'AFKeyF5':'F5',.'AFKeyF6':'F6',.'AFKeyF7':'F7',.'AFKeyF8':'F8',.'AFKeyF9':'F9',.'af_chooseColor.COLORNAME_8B008B':'Dark Magenta',.'af_query.MSG_SAVED_SEARCH_DELETE_CONSTRAINT_DETAIL':'Please select a valid saved search to delete.',.'af_commandToolbarButton.TIP_LIST_ORDERED':'Numbered List',.'AFKeyF1':'F1',.'AFKeyF2':'F2',.'AFKeyF3':'F3',.'af_chooseColor.COLORNAME_AFEEEE':'Pale Turquoise',.'af_messages.LABEL_COMBINED_MESSAGES_INTRO':'Messages for this page are listed below.',.'af_chooseColor.COLORNAME_66CDAA':'Medium Aquamarine',.'af_chooseColor.COLORNAME_FFFAF0':'Floral White',.'af_chooseColor.COLORNAME_5F9EA0':'Cadet Blue',.'af_commandMenuItem.ST

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	909
Entropy (8bit):	4.814779144602549
Encrypted:	false
SSDEEP:
MD5:	130A4465247FC46C599F96306F1E4F05
SHA1:	4F283BAFFCAE1877A2F927FC4C55E05E7D9136C6
SHA-256:	C1CC54D0B21A685008F6643FB3A4BA93090A5EFB65A4B1906C3EBBEE6FEB7271
SHA-512:	7DF1898E789D2CCBD31605A61A7A114279591E7D282F550DB79703715C7E5724E385192E172F90C1FB96DAE96F02BC2F6B5AD6CBC8BBF3B2B9FFBB19C5DD75F8
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/images/Oracle_rgb_black.svg
Preview:	<svg id="logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 140.15 38.3"><defs><style>.cls-1{fill:none;}</style></defs><title>Oracle_rgb_black</title><path d="M62.28,21.44h7.93L66,14.68,58.33,26.89H54.82l9.36-14.65a2.23,2.23,0,0,1,3.64,0l9.39,14.68h-3.5l-1.65-2.73H64l-1.75-2.72m36.37,2.72V11.43h-3v14a1.47,1.47,0,0,0,.44,1,1.5,1.5,0,0,0,1.09.46h13.54l1.76-2.73H98.65M49.49,21.88a5.23,5.23,0,0,0,0-10.45h-13V26.89h3V14.16h9.83a2.51,2.51,0,0,1,0,5H40.91l8.88,7.73H54.1l-6-5h1.35m-31.29,5h9a7.73,7.73,0,0,0,0-15.46h-9a7.73,7.73,0,1,0,0,15.46M27,24.17H18.4a5,5,0,0,1,0-10H27a5,5,0,1,1,0,10m56.43,2.72h9.18l1.73-2.72H83.62a5,5,0,1,1,0-10h8.71l1.76-2.73H83.41a7.73,7.73,0,1,0,0,15.46m36.35-2.72a5,5,0,0,1-4.82-3.64h12.7l1.75-2.73H114.94a5,5,0,0,1,4.82-3.64h8.72l1.74-2.73H119.56a7.73,7.73,0,1,0,0,15.46h9.17l1.74-2.72H119.76" transform="translate(0.07)"/><rect class="cls-1" width="140.15" height="38.3"/></svg>

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14449
Entropy (8bit):	5.101434579034773
Encrypted:	false
SSDEEP:
MD5:	68726431774B72D846B599784EAA9599
SHA1:	3A14C821CF6B9DEB1BC23172BF6A873CA46A50AA
SHA-256:	254C727404FAB69B5CE828EB8F16D94646A148D75DF63F98B4C418169EAA3093
SHA-512:	069C96428754EB640FABDF3DACE418E9430292CCA50B727A57E2B5A3C8348C04D7783F6284FCF165FD6165C1BBA02710155E70D738815DDFFAF40F5E3D62DF17
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/adf/jsLibs/resources/LocaleElements_en2lzbpv.js?loc=en
Preview:	var LocaleSymbols_en = new LocaleSymbols({.MonthNames:["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December", ""], .MonthAbbreviations:["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", ""], .DayNames:["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"], .DayAbbreviations:["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"], .DayNarrows:["S", "M", "T", "W", "T", "F", "S"], .AmPmMarkers:["AM", "PM"], .Eras:["BC", "AD"], .DateTimePatterns:["h:mm:ss a z", "h:mm:ss a z", "h:mm:ss a", "h:mm a", "EEEE, MMMM d, yyyy", "MMMM d, yyyy", "MMM d, yyyy", "M/d/yy", "{1} {0}"], .DateTimeElements:["1", "1"], .NumberElements:[".", ",", ";", "%", "0", "#", "-", "E", "\u2030", "\u221e", "\ufffd"], .CurrencyElements:["\xa4", "XXX", "\xa4", "", "-\xa4", ""], .PercentElements:["%", "%"].});..TrMessageFactory._TRANSLATIONS={.'org.apache.myfaces.trinidad.validator.LengthValidator.EXACT_d

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
Category:	downloaded
Size (bytes):	10134
Entropy (8bit):	3.5489486152113794
Encrypted:	false
SSDEEP:
MD5:	C9856F0A4DD7AD0C215A68052A04D9E8
SHA1:	F26103FB231EE3D431C6EA2CAEE670CD89D5A3D3
SHA-256:	0E3CFACF6A7A4CAEED25BB1C51F48DF499F53EABCF68CA00D631DB7F2614FE2B
SHA-512:	0082CDA89C1F384D12B8A8E1E138A53EF4D945A067031157DEAFC8F46075DDB2829714A0C95E09B1BB811A9C5CD22E6F12B4B3975A79A68A9BA1E3CB0989CD1C
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/favicon.ico
Preview:	...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................(....... ............................................................................................................................................

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (56725)
Category:	downloaded
Size (bytes):	156896
Entropy (8bit):	5.279322756810791
Encrypted:	false
SSDEEP:
MD5:	6AE4D906C27F3125BADFD6814321C0E8
SHA1:	0CE34F7923F03A8D2B197BCB287BFC7B61271E5F
SHA-256:	7800B81AF455EA27630D9E4E0BD530426E446E912D478A2653C58F1AB7E62052
SHA-512:	E7BC6A4D9CFA4EEC318CD5FF377BDB4FA5DE30CDEE2B2A536F2995EC45B77EBC189A5DB4D013669DFAED60274F22BF6B31639D8A8BA677C75A083E814A8BCB7D
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_44b450e8d543eb53930d.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[8],{505:function(e,t,r)

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	7483
Entropy (8bit):	5.411155203912624
Encrypted:	false
SSDEEP:
MD5:	3B8C9F355B061E414FC7E9A7C723B920
SHA1:	1B70164BD6DCDD8F6101E67AE719544123AEB0C8
SHA-256:	400E4771DAFF04E0A0798EC06FBE3BF41C1C94AAE3E5574667276AFD1FC52A7A
SHA-512:	2B9DAA2FFD8E6B8A7C4E52877CD8CBC753B966FF25F156058CC3640C6F9A0E587B39F1C6A152ACB972136CD25CABECE675B9CDAE01653AAFF6CAB257CEA59341
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/ver25/config.js
Preview:	.// IMPORTANT: If any change is made in this file, make sure to change value of CSS_JS_VERSION in .// $SRCHOME/ngam/src/common/utilities/src/main/java/oracle/security/am/common/utilities/constant/GenericConstants.java.// This is needed to burst browser cache. Refer bug# 28190763 for details. ....// SECTION A: THE PARAMETERS IN THIS SECTION CAN BE CHANGED TO SUIT THE DEPLOYMENT.//.// THE VARIABLES ARE INTENDED TO BE CONFIGURABLE PARAMETERS......//..// Parameter to specify OIM (OHS) Web Server Root used in URL for forgot password, registration etc..// WebServer Root URL can start with either http:// or secure, https://.// For example, OimOHSHostPort = 'http://OIM-OHS-Host:Port'.var OimOHSHostPort = '';..// Parameter to specify estimated wait time in milliseconds for logout .// processing to complete.var maxLogoutWaitTime = 1625;...// Parameter to specify comma separated list of WebServers. Only required .// in multi-domain scenario. By default array is empty.// For example,.//

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 352 x 3
Category:	dropped
Size (bytes):	3620
Entropy (8bit):	6.867828878374734
Encrypted:	false
SSDEEP:
MD5:	B540A8E518037192E32C4FE58BF2DBAB
SHA1:	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
SHA-256:	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
SHA-512:	E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
Malicious:	false
Reputation:	low
Preview:	GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.).....!.......,....`.....9.....i..l.go.....H..".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H...-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	438
Entropy (8bit):	7.102086955863026
Encrypted:	false
SSDEEP:
MD5:	54D6998D7562C966A31C44B9B689827E
SHA1:	5E707ACE9AEF59727FFDAE076C1C3F83BB70A45A
SHA-256:	AD79FB38FAC7F402F72B367977B84337BADCC52CF00E89A99F78B0738B4E7773
SHA-512:	290A8ECF41C1A2A8BDA5B9D18F9F0CFD6BF8AB10FF90E962919917A99F66936896595A39CEEEA187C60C8F3A9820BF69B214F26A97F3DC6F6F22C0C1F488BAA4
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/alta-v1/warning_status.png
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...XIDATx.b...?.%.....om.K..y3.T.2..~p....nN0~p..?.uX].....{[y..U%......g.N._..Y.0\..Uw.41...2p..2p..0... 1...........^)...@l..H.]=......&!......Ab 9.^xva....V0H..`(..}....4...x..IA.1......j.0...l..b.i.H.....%!}.....I..6.R..,.xS..?....\|.`.{..KH...''3(..cj.y..H......P.........p\..@j_...N.g.x...u.A....L...w..l....nn.....@.H2....dM3..Fb.@......g.]......IEND.B`.

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (521)
Category:	downloaded
Size (bytes):	14614
Entropy (8bit):	5.075652236745999
Encrypted:	false
SSDEEP:
MD5:	92E0B8545B241D4EFD940A4EBF11985C
SHA1:	6366971C2BA74B71F8018931872F29C66C40C0DA
SHA-256:	43143A47A7024D5F00EB8D35FAFBD2F920581473AC970F5AAA9C43251F88E983
SHA-512:	709011E95F9C74A3FD701F133620E0497ACA2DA4AB5A3CFE4CD241649D0123A8C605BB79C51F47E436D136039E39DFC774A0337627F0E6653EA393255F9B600B
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/box-ycryl6.js
Preview:	AdfUIComponents.createComponentClass("AdfRichPanelBox", {"componentType":"oracle.adf.RichPanelBox", "propertyKeys":[{"name":"inlineStyle", "type":"String"}, {"name":"styleClass", "type":"String"}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, "disclosureListener", {"name":"disclosed", "type":"Boolean", "default":true}, {"name":"immediate", "type":"Boolean", "default":false}, {"name":"persist", "type":"Array"}, .{"name":"dontPersist", "type":"Array"}, {"name":"showDisclosure", "type":"Boolean", "default":true}, {"name":"showMaximize", "type":"String", "default":"auto"}, "maximizeListener", {"name":"maximized", "type":"Boolean", "default":false}, {"name":"contentDelivery", "type":"String", "default":"lazyUncached"}, {"name":"helpTopicId", "type":"String"}, {"name":"iconDelivery", "type":"String", "default":"auto"}, {"name":"text", "type":"String"}, {"name":"type", "type":"String", "defaul

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 720 x 12, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6472
Entropy (8bit):	7.958794490660534
Encrypted:	false
SSDEEP:
MD5:	608801F864AB2B3DD6F6F664A25537D4
SHA1:	2CEB98C0E5163E780306561D810D8C20A85DC638
SHA-256:	7DC932988A3F433B10457C5D403FF75067C78A19A9F78AB509878B8D0C3B7F2C
SHA-512:	600B00DC9182E76606B689D6ADDEE41822F9B34836CD7452118D54DAD79E0078008473FEEA12E0D0713B7D1C09D025A42D9181ECAA4F78DA5026D59A998A9D67
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/images/applcore/fuseplus/patterns/colorstrip_redwood_desktop_23B.png
Preview:	.PNG........IHDR.............K4......IDATx..c.#.....k..f.....m.m.m........I:.3=.MN....;U]....t~.d....<.....qc...i.........[..;.!...yGD,...5!.\Y....W.b..=..c{\Xx.(.......k....>........+]3x.%2..B.........h<~l..W.2....r:.f.p4.;..J.5..H..)}..<n....z.]Xv.t.4.8.D.....[m..^....u..........w..L...y!.^7.l^.-.PfeBm.;.Yy..~..K....V.=...N.ss.......%L>/....P61.....9.2M.O..(....WhT(...d...l.e.`.{C.X.Rz.d........W...\V.f.....E.....+.cg....fU.<..=n.......\|..L.K...q.u.B.%.o..ZS.~..........z....v..O....;...1l..D..o....Wc..8v.2...Sy.l?~..#.>.#..As..t.X..3../....x.....H.....rv...;..}......'.qV...>#..Fu).ey....a.g...k..rP.S....5....@.9..s'.O..(.......n~$...$X....h.~wo]..<.S...7.x.=o.......F.B.1C.bH_...1...B..RG.....k......Z.d>%.N.$....I.c......bHc..o..&.}."....t...].......ohw...1@'.........-.K.}..x.....{..V,Z?.3...E.p..N....o~u/f...z.L^..L:3lVd....+K./Q.r%.._.D............r.w:..H.L..B^/.wdH..:..F.4L....$.L.....D1H.^.........l.?0..\4.%.D..

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14735)
Category:	downloaded
Size (bytes):	15708
Entropy (8bit):	5.365602731223514
Encrypted:	false
SSDEEP:
MD5:	F725EBA916B45C3C16851008B9E8605F
SHA1:	F9F910A0EA808AA3B14C3BA30AA0B385C46B361D
SHA-256:	4027579F15834B1C1D57235D08FD2EFA25C2E11095881E9E66DF2549E5AA3438
SHA-512:	7DE375BFE775126F7E656539DDD5C6B07F832EC4C27B41B9C09A005FB9979C8B375E4C4AAB4FF63ECEDBCB87E9696D3A70261A492781DA88C41C1225561C14E7
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_7eee75fddc0da0f12778.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[17],{491:function(e,n,s

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (43363)
Category:	downloaded
Size (bytes):	138913
Entropy (8bit):	5.4277106790437575
Encrypted:	false
SSDEEP:
MD5:	4AE6707C71FC830944EE04366BBD7966
SHA1:	88CAD853C7AEE2AD76A516346D8580CAE946E10D
SHA-256:	954CA1CC229DAA74BDA398B3A9BF1F240387DBF0489F94FC699B1FB3D33FF36B
SHA-512:	9457AAD3420FA980B0E1F2E3C1FDA94C853D7C50709808E55B2BCB000C5D3BFB1A1703AC16A47EE063E6305F9E245E4270051B0E39F61F2E85863739268C9C01
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_SuZwfHH8gwlE7gQ2a715Zg2.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,o=n[0],a=n[1],s=0,u=[];s<o.length;s++)

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	14834
Entropy (8bit):	4.760390807533447
Encrypted:	false
SSDEEP:
MD5:	28CA74A2496E3514A9B6DEC0CA7DF206
SHA1:	A055508B5EA588E74E32FE3F88C571C2675BAAF0
SHA-256:	03D358CDC1862D74157479F52C00913964A982BFE3B0D24C0D282A016D0D9B66
SHA-512:	8C3D9E41AF54004020E4597E96B6E93B872B079656AC7DE9111CE165FC19E7CCCFEA783983762159E06D63CCA4794CD5F42EDBEEF75BE995B72D5EB72B5BBD93
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/faces/ForgotPassword?backUrl=https%3A%2F%2Fencd.fa.em3.oraclecloud.com%2FfscmUI%2FadfAuthentication%3Flevel%3DFORM%26success_url%3D%252FfscmUI%252Ffaces%252FFuseWelcome%253F_afrLoop%253D41389725830507692%2526_afrWindowMode%253D0%2526_afrWindowId%253Dnull%2526_adf.ctrl-state%253Dmfqhtbico_1%2526_afrFS%253D16%2526_afrMT%253Dscreen%2526_afrMFW%253D1280%2526_afrMFH%253D905%2526_afrMFDW%253D1280%2526_afrMFDH%253D1024%2526_afrMFC%253D8%2526_afrMFCI%253D0%2526_afrMFM%253D0%2526_afrMFR%253D96%2526_afrMFG%253D0%2526_afrMFS%253D0%2526_afrMFO%253D0%2526_adf.no-new-window-redirect%253Dtrue
Preview:	<html lang="en-US"><head><script>./.* Copyright (c) 2008, 2020, Oracle and/or its affiliates. ./../. This is the loopback script to process the url before the real page loads. It introduces. * a separate round trip. During this first roundtrip, we currently do two things: . * - check the url hash portion, this is for the PPR Navigation. . * - do the new window detection. * the above two are both controled by parameters in web.xml. * . * Since it's very lightweight, so the network latency is the only impact. . * . * here are the list of will-pass-in parameters (these will replace the param in this whole. * pattern: . * viewIdLength view Id length (characters),. * loopbackIdParam loopback Id param name,. * loopbackId loopback Id,. * windowModeIdParam window mode param name,. * clientWindowIdParam client window Id param name,. *

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	415
Entropy (8bit):	7.071173622377618
Encrypted:	false
SSDEEP:
MD5:	2874844162AD836A6B9B4D94A6EC10F0
SHA1:	57460E2BE02B1281F395E3FF8ABDBB7C23DEB5E6
SHA-256:	EEE463BDB33F1D6667C182EAA62B2E66FA5CC1CE0C9AE8F32C05B10BD010440B
SHA-512:	86902E144F68DB0C994E1E57847DA9AF52ACDF971C5701189F69516C063BB4EFACCDA935F6544FE60B096131FA8F7B777E44304DAA9DB0DAAAFFA43F97390F9A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...AIDATx.bT.].@.`."&..m@\|...@.. n...F4....\n..~vn^.fV6.....~~.....O@n..............".,l.....`.b..r\| 5P.(....<..F6Nn....M...@r 5 .@,.l@...\|.q....Z ..9...I+.J....'.../..z0.h.....{...j.qE#a..?...l..PT........!...........L.%._....R.MP...x.Ja.^<....7..Aj........J$.x..%e.`h..BHR......D..%7.2L...B......~...o.e&..@.....p.fi\&....IEND.B`.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 280 x 60, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5489
Entropy (8bit):	7.765137074753318
Encrypted:	false
SSDEEP:
MD5:	19CB7FF1A7FE67D156B488AD461F46A4
SHA1:	C69B9BAD640226BD73A2F43384E2C9A794F84B8C
SHA-256:	59C48C65B59334E308947EE2B7B2F43EB7083E064416C6A4F04F1361BB5DC174
SHA-512:	37E98EAEA4ADA8FF1D12C26C146517131D976AA844A879414A7BE631CC2E71389F6378930305D06497FEDEB2F87663C9B05DF80FBA3426053D836E3130D4C1CD
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......<.......U*....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Macintosh)" xmpMM:InstanceID="xmp.iid:9DEAD407788B11E8BC1FBEC7B0D5AF9C" xmpMM:DocumentID="xmp.did:9DEAD408788B11E8BC1FBEC7B0D5AF9C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9DEAD405788B11E8BC1FBEC7B0D5AF9C" stRef:documentID="xmp.did:9DEAD406788B11E8BC1FBEC7B0D5AF9C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..h....PLTEb@.......2"^...jT..q....Q/..l..u....F0.]A.I0.A1......YQ6{...\B....3#b...M0.<,d...;,t.x.lR.}h.WIy..._>.

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	14809
Entropy (8bit):	4.758300469316496
Encrypted:	false
SSDEEP:
MD5:	0FDB3B8607108E0D151E16E6ECE9367D
SHA1:	A41CFBF4539DFA810B7B50A487DF75DA5EC83015
SHA-256:	F9EB4668DD5736F260386785739F799FAA6166CA50048DD76DA83A2AF9F0EA23
SHA-512:	3B2C3BB525E92D586C7A6594C0E1382AA3CFCD8C9B2B9FDA804749D78D12E80F94C7261F00AE9B4FF60E0CAA8D5D2D2BE5C6EBBB351102456FDAA3F1DB1849E3
Malicious:	false
Reputation:	low
Preview:	<html lang="en-US"><head><script>./.* Copyright (c) 2008, 2020, Oracle and/or its affiliates. ./../. This is the loopback script to process the url before the real page loads. It introduces. * a separate round trip. During this first roundtrip, we currently do two things: . * - check the url hash portion, this is for the PPR Navigation. . * - do the new window detection. * the above two are both controled by parameters in web.xml. * . * Since it's very lightweight, so the network latency is the only impact. . * . * here are the list of will-pass-in parameters (these will replace the param in this whole. * pattern: . * viewIdLength view Id length (characters),. * loopbackIdParam loopback Id param name,. * loopbackId loopback Id,. * windowModeIdParam window mode param name,. * clientWindowIdParam client window Id param name,. *

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	164
Entropy (8bit):	5.1399482474576885
Encrypted:	false
SSDEEP:
MD5:	759293272EE39CD4C5922791B7F91DB3
SHA1:	F259B0244DA089F8DFF46528A2A19687CC038D33
SHA-256:	D26F7E3A3A1BB2759864C7B31C63EF4FCF95F91BA61A581A9DF29DEEF1EDFE9D
SHA-512:	A99203AD94CB4A4133486465D4881D1144BFE564FC742BB453133ED80A7DEC49706B25F49B087E485759C675B41BF2BCA9662F61E82CE0EA4155F13794E48B16
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/blank.html
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html>..<head><title></title></head>..<body></body>..</html>

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (511)
Category:	downloaded
Size (bytes):	21077
Entropy (8bit):	5.110155081065504
Encrypted:	false
SSDEEP:
MD5:	226C3AF0C999F8CB2B837B940F1108C3
SHA1:	EF76C248DA0C4EC5B0EEC93BA1CF01D9E88F9515
SHA-256:	C6CD9473870C62AA4318C213B6838A9AD257A865BA8D99E68163E433625AD734
SHA-512:	9CB4A236617AA396846C2C5B6812A103E9A8F5A382F4ED3A7227DC49E66076B0A7DF21D6BB1432F4A887F51C7931518D2161AEB146E6FE2FE205B840B43627C6
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/select-r7yquw.js
Preview:	AdfUIComponents.createComponentClass("AdfRichSelectOneRadio", {"componentType":"oracle.adf.RichSelectOneRadio", "propertyKeys":[{"name":"changed", "type":"Boolean", "default":false}, {"name":"changedDesc", "type":"String"}, {"name":"autoSubmit", "type":"Boolean", "default":false}, {"name":"accessKey", "type":"String"}, {"name":"contentStyle", "type":"String"}, {"name":"helpTopicId", "type":"String"}, {"name":"disabled", "type":"Boolean", "default":false, "secured":true}, {"name":"label", "type":"String"}, .{"name":"readOnly", "type":"Boolean", "default":false, "secured":true}, {"name":"showRequired", "type":"Boolean", "default":false}, {"name":"simple", "type":"Boolean", "default":false}, {"name":"inlineStyle", "type":"String"}, {"name":"styleClass", "type":"String"}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, {"name":"valuePassThru", "type":"Boolean", "default":false, "secured":true

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19586
Entropy (8bit):	5.173444696087749
Encrypted:	false
SSDEEP:
MD5:	B5159325DE8CDD98F6320C248C74D730
SHA1:	7D2AB78C0186FFE2BDC4538C2995AB0931D38329
SHA-256:	5C252F7A46E180E0B03557E77E90CEC0524D79DC58DEF8141E8FF276C48AE9ED
SHA-512:	2B637C018CA465598DA37DBE5C4170C91527317F5FC243BF5CF4F77F9FF7CC5D3531A03D126A83B3C9AAE62BF25807791E0192F680866ECDE429DF8D7EAC67A3
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/_AdfRichTextEditorBase-gsq7tq.js
Preview:	AdfRichUIPeer.createPeerClass(AdfDhtmlEditableValuePeer, "AdfDhtmlRichTextEditorBasePeer", false);.AdfDhtmlRichTextEditorBasePeer.InitSubclass = function() {. AdfRichUIPeer.addComponentEventHandlers(this, AdfUIInputEvent.FOCUS_EVENT_TYPE, AdfActionEvent.ACTION_EVENT_TYPE, AdfUIInputEvent.KEY_UP_EVENT_TYPE);. AdfRichUIPeer.addSuppressedPPRAttributes(this, "editMode");. AdfRichUIPeer.addComponentPropertyGetters(this, "label");. AdfRichUIPeer.addComponentPropertyChanges(this, "label");. AdfObject.ensureClassInitialization(AdfDhtmlInputBasePeer);. AdfDhtmlRichTextEditorBasePeer.InitConstants();.};.AdfDhtmlRichTextEditorBasePeer.InitConstants = function() {. if (this._CONTENT_FIELD_SUB_ID != null) {. return;. }. this._CONTENT_INPUT_CONTAINER_SUBID = "_cic";. this._CONTENT_FIELD_SUB_ID = "cont";. this._SOURCE_FIELD_SUB_ID = "src";. this._FIELD_ID_ATTR_NAME = "__afrRichTextEditorFieldId";. this._SOURCE_FIELD_ID_ATTR_NAME = "__afrRichTextEditorSourceFieldId";. this.STYLE_BOLD

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64616)
Category:	downloaded
Size (bytes):	430202
Entropy (8bit):	5.452491928721635
Encrypted:	false
SSDEEP:
MD5:	A3E65945E00145AD14B21C16A3604407
SHA1:	09A7D4E4221DD21C82B3F77916B0C31674D7E37C
SHA-256:	FCB536B5C96681E6F2A531EDD7591B6F42F1712D4C7D1D9962362C4AA534E6A5
SHA-512:	36084502E668DA5C8F518B45F9AC1180598E9773B6A4B28335087A7BE30D9968F3C1FD59FD0CA827F236823B2E9B2F970178DCAB7FE38954EFEF3DF79A10F4B4
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_o-ZZReABRa0UshwWo2BEBw2.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	11313
Entropy (8bit):	4.945563066894504
Encrypted:	false
SSDEEP:
MD5:	AB8A3370523009D226F0C96438EE70CC
SHA1:	B6B64C9053DB4B6CA3949C18A02AB60D721A4FE5
SHA-256:	9E57E70F81B814596B022CB5DFB4A628EDCEA0049C3F1F470E76CF9D7A0AA1BF
SHA-512:	6D5105769923E15C53EDD43419F9661ED59A6FF96A5FA9924278E6ADB34CC27714C9379A886762FBC32946F3A8EAC7AA9D6BE2465C06E2D25055A32C6F26BB86
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/eum-7yq84z.js
Preview:	AdfUserActivityInfo.PREVIOUS = "pr0";.AdfUserActivityInfo.PRIMARY = "prm";.AdfUserActivityInfo.SECONDARY = "sec";.AdfUserActivityInfo._PREVIOUS_PREFIX = "pr";.function AdfUserActivityInfo() {. this.Init();.}.AdfObject.createSubclass(AdfUserActivityInfo);.AdfUserActivityInfo.getInstance = function(type) {. AdfAssert.assertString(type);. var userActivities = AdfUserActivityInfo._instanceMap;. if (!userActivities) {. userActivities = {};. AdfUserActivityInfo._instanceMap = userActivities;. }. var userActivity = null;. if (type) {. userActivity = userActivities[type];. if (!userActivity) {. userActivity = new AdfUserActivityInfo;. userActivities[type] = userActivity;. }. }. return userActivity;.};.AdfUserActivityInfo.removeFromSessionStorageByType = function(type) {. AdfAssert.assertNonEmptyString(type);. AdfUserActivityInfo._removeSessionStorageProperty(type);.};.AdfUserActivityInfo.restoreFromSessionStorage = function() {. var primaryKey = AdfUserActi

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 352 x 3
Category:	downloaded
Size (bytes):	2672
Entropy (8bit):	6.640973516071413
Encrypted:	false
SSDEEP:
MD5:	166DE53471265253AB3A456DEFE6DA23
SHA1:	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
SHA-256:	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
SHA-512:	80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
Preview:	GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;...\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	14834
Entropy (8bit):	4.759179397720026
Encrypted:	false
SSDEEP:
MD5:	70501DF539E95A96B336DF52F1BE77CC
SHA1:	BF0F7339AD99E6D052DD7C970B7D31C2054A2385
SHA-256:	B0F90EBD7A18808F968DB48A3C334763019084516D5991FD50816BF6A6F65567
SHA-512:	80DD9CB7C31C41769778C5890DE19FF9E81874BE088BC7310BEF0A013E81FCBF1433D23437CB31CBA5D2C0C31F0278B81E21FBDA28F28BCBFE1EEFAC39BEBB8E
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/fscmUI/faces/FuseWelcome
Preview:	<html lang="en-US"><head><script>./.* Copyright (c) 2008, 2020, Oracle and/or its affiliates. ./../. This is the loopback script to process the url before the real page loads. It introduces. * a separate round trip. During this first roundtrip, we currently do two things: . * - check the url hash portion, this is for the PPR Navigation. . * - do the new window detection. * the above two are both controled by parameters in web.xml. * . * Since it's very lightweight, so the network latency is the only impact. . * . * here are the list of will-pass-in parameters (these will replace the param in this whole. * pattern: . * viewIdLength view Id length (characters),. * loopbackIdParam loopback Id param name,. * loopbackId loopback Id,. * windowModeIdParam window mode param name,. * clientWindowIdParam client window Id param name,. *

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.368405125227286
Encrypted:	false
SSDEEP:
MD5:	F296B0D4AC859F0E87C97A1E50E62231
SHA1:	367C5FC42587EBB624522788E6694A6734511824
SHA-256:	7130133DB32FF1EBBBECAC3A1CA4D97DA78E417C624C86EFFB2CC3B5AB4B383B
SHA-512:	9C07B5687F26FC5AED64785F9F52C47DD04459A09C6D620A6A51E3872E8A9CA891F541569B3CB85546944D0EF5D3BE22A1C120FB67FB8752E3DB4BC3CC8EE3CE
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/alta-v1/error_status.png
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...fIDATx.S.J.A..$.\ ..-be!......h-DK...V}.<.."..b....).....gr......p&H.>nfvf.YyU^.....'...h....,%r.....D.\_.b.b.#.{^.v........0......0.%$K..p....ctl..<...@....#.e.7.vA;I..WQn.$I..0..P...:f}.?.....N...:}Fx?.X.z`....a..V.h...E_n..1N.%.Oh.p.Q5\.=....".q....5..pC...M......{....4c..a8P.....6......B@.m.......>...WYf.F>.}`M.....{>.:....W...N..5.......IEND.B`.

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	9176565F6F190073972E4C80EEDC06DE
SHA1:	C1803212D17C292F71AD92A778EB4F120833E30D
SHA-256:	A359EEFEC9FCF16A19D1CE00C9C3A4D2C0AD2EE233E9B85BA9904205B3635AE5
SHA-512:	65A68BA021617071A2B81739A66003BC6068CB5681EF36822A23E91735E1A14677BD186584F1B3DE97E2691E0C512A6997F4692016D7F01808E9439DA7ED94DB
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkFOzuVguLwixIFDWLxn2s=?alt=proto
Preview:	CgkKBw1i8Z9rGgA=

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4484)
Category:	downloaded
Size (bytes):	534265
Entropy (8bit):	5.104206126276177
Encrypted:	false
SSDEEP:
MD5:	5A5ED2574587A16426649B47F591C616
SHA1:	B993E62BB7AB0C111CADEC75F73CCC4C8BC19427
SHA-256:	EAB8533F7934DE253AB0357D4FD5B0439F1CB61087D65343B56B1BFB90F60066
SHA-512:	2955BF61145B50A980BB5900B5D21E2B015CC597751525B40DA139AF8D8205932D580013C003CC384F2CDC9B0A3C22B4C28F00AD7306FA525DEA228551C40EFE
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/webkit/n/default/opt/d/boot-5o06jc.js
Preview:	var AdfCopyright = "Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved.";.var AdfBootstrap = new Object;.Date.prototype.equals = function(otherDate) {. var rtn = false;. if (otherDate["getUTCDate"]) {. rtn = this.valueOf() == otherDate.valueOf();. }. return rtn;.};.AdfBootstrap._startTime = (new Date).getTime();..AdfStrings = new Object;.AdfStrings.COMMA = ",";.AdfStrings.START_CURLY_BRACKET = "{";.AdfStrings.CLOSE_CURLY_BRACKET = "}";.AdfStrings.EQUALS = "\x3d";.AdfStrings.count = function(searchString, matchString) {. AdfAssert.assertString(searchString);. AdfAssert.assertNonEmptyString(matchString);. var matchCount = 0;. var currSearchIndex = 0;. var searchSize = searchString.length;. var matchSize = matchString.length;. while (currSearchIndex < searchSize) {. currSearchIndex = searchString.indexOf(matchString, currSearchIndex);. if (currSearchIndex == -1) {. break;. } else {. matchCount++;. currSearchIndex += matchSize;

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	543
Entropy (8bit):	7.220146409234397
Encrypted:	false
SSDEEP:
MD5:	A589F777DBC0648EAD70E1A9FFA2329E
SHA1:	B9681542814DCD0078A08FE08048F20F820EFE6F
SHA-256:	1740F4046EB5A032FA4A2A4771CF15843CE9A1E449B399FB735B9AF9EEFA7489
SHA-512:	AB1FB7B0D4DCE010C77FCB013A62FC7C7BF117C10C0B0E4A2C43EC797496E59F8AD209CA49F28AC03D47EDECB8ED18CEBDFFA6120F1DC382C603FF3B10DFE8E9
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/alta-v1/confirmation_status.png
Preview:	.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.m.*...c.L...m.....y.....4.......>.)y ~...@C.b3..D....`.....f .R.7n....\|...`...T.!...,X...R...t.G.f....LLL.bb.\@.w....u%h..(((0.... ..q.!~....i.0..J.a..._.5.K...<.......~..I...@......X1..k....f..x.X...'...42p.3)..2.bf......./c..j#......._.!.o-f..'....-...#...#..7#..'....-.~}cb...?.+;#..._..W...q=.k..o..1........a..r(C.E'.7.`C.Y.......h.....k .+............./...`..7..Y...Y3,3.............-.k..T".@...;.......q......@.........a....IEND.B`.

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.384183719779188
Encrypted:	false
SSDEEP:
MD5:	FB5091BD594CF7D209A7FAC6528A0344
SHA1:	8C4F8863DA36CA8E3F0467D6C4E167987741E812
SHA-256:	0AD7D750945C04134391827A3777A2DC6B0CAEAF906D3B46FFD3E85C54F24ED0
SHA-512:	C5A5FCD38E68B1DD7C68070BAAA07EB9FEA896D404CF05C26EF5FEE769584F45908354BAFE0E779E57C8298BE858B1018BEF618B16A6C6355F9585A7921A4055
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
Preview:	ChwKDQ3RW1FSGgQIVhgCIAEKCw1Xevf9GgQISxgC

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (501)
Category:	downloaded
Size (bytes):	8531
Entropy (8bit):	4.950032059253288
Encrypted:	false
SSDEEP:
MD5:	6B8A2BD904E808DB76AE25A543FBA176
SHA1:	255F2675FDF3F6301841B08429AB36365140A697
SHA-256:	073276B694730CD0AFA0F564B0CDE3C45E99D8097040E53A9257AE8D72AB5ECF
SHA-512:	4518F72F2D9A70985ABA2AE3C846ED61BD0C3860A37C543DF1446812F4224FC7B19909DF978142624A87AC39EC1445853D40B937500754274EF306CAF012575A
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/region-b9je0l.js
Preview:	AdfUIComponents.createComponentClass("AdfUIRegion", {"componentType":"oracle.adf.Region", "propertyKeys":["disclosureListener", {"name":"disclosed", "type":"Boolean", "default":true}, {"name":"immediate", "type":"Boolean", "default":false}, "value", "regionNavigationListener"], "eventNames":["regionRemoteRefresh", "disclosure"], "namingContainer":true});..AdfUIComponents.createComponentClass("AdfRichRegion", {"componentType":"oracle.adf.RichRegion", "propertyKeys":[{"name":"inlineStyle", "type":"String"}, {"name":"styleClass", "type":"String"}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, {"name":"persist", "type":"Array"}, {"name":"dontPersist", "type":"Array"}, {"name":"showDisclosure", "type":"Boolean", "default":true}, {"name":"showMaximize", ."type":"String", "default":"auto"}, "maximizeListener", {"name":"maximized", "type":"Boolean", "default":false}, {"name":"contentDelivery",

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64612)
Category:	downloaded
Size (bytes):	113964
Entropy (8bit):	5.492284670320351
Encrypted:	false
SSDEEP:
MD5:	BD3F0E0E2EE519AAC470ED59BF2B94D3
SHA1:	98676E44BCC338992ADB7158CC7A0F7B0A5D65C6
SHA-256:	5AB5ED6F9345A602DFD5E66BB50843BB2C2599415FDB4439A100B17EE0C59BF4
SHA-512:	10044889B4DC670A15B64E779ED56DF9319755F443DC6796064867685EB59FC0C94F76AD416B875EB6D6D1622EE825A12C0DF3DB14E5DA8DE12DD28C39787D88
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_b76d35ed531a6647c36c.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[35],{466:function(e,t,r

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	11915
Entropy (8bit):	5.284981987443566
Encrypted:	false
SSDEEP:
MD5:	A731D01ED5E28E0EF94F72A8A4B5AF7D
SHA1:	1CE2634F5C1F9BEF9E18AE4FBF9B886D2F32A8F6
SHA-256:	B152D40D26B20518638782BB10B6C3971D7855848FCA50E92D64D1009629112C
SHA-512:	4775530D0B9E4236DEE88832388AE6E3F36262EA01455D89059F0BC49BD79D7D842D2D2FAE8A09DF2DEC864E2D5BB69BD9B48E9A3F39F309C242288C42499711
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/adf/jsLibs/Locale2lzbpv.js
Preview:	function _createFacesMessage(.a0,.a1,.a2,.a3,.a4.).{.var a5=TrMessageFactory.getSummaryString(a0);.var a6=TrMessageFactory.getDetailString(a0);.if(a6!=null).{.a6=TrFastMessageFormatUtils.format(a6,a1,a2,a3,a4);.}.return new TrFacesMessage(a5,.a6,.TrFacesMessage.SEVERITY_ERROR);.}.function _createCustomFacesMessage(.a0,.a1,.a2,.a3,.a4,.a5.).{.if(a1!=null).{.a1=TrFastMessageFormatUtils.format(a1,a2,a3,a4,a5);.}.return new TrFacesMessage(a0,.a1,.TrFacesMessage.SEVERITY_ERROR);.}.var TrFormatUtils=new Object();.TrFormatUtils.trim=function(.a6).{.if(a6!=null&&(typeof a6)=='string').return a6.replace(TrFormatUtils._TRIM_ALL_RE,'');.return a6;.}.TrFormatUtils._TRIM_ALL_RE=/^\s\|\s$/g;.var _digits;.var _decimalSep;.var _groupingSep;.function isDigit(.a0.).{.return(_getDigits()[a0]!=null);.}.function _getDigits().{.if(_digits==null).{.var a0=[.0x0030,.0x0660,.0x06F0,.0x0966,.0x09E6,.0x0A66,.0x0AE6,.0x0B66,.0x0BE7,.0x0C66,.0x0CE6,.0x0D66,.0x0E50,.0x0ED0,.0x0F20,.0xFF10.];._digits=new Object();.

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	9783
Entropy (8bit):	4.9621979378583125
Encrypted:	false
SSDEEP:
MD5:	DA4797E21EA79CBCC68CD1CD5AEB3E6C
SHA1:	4DADB59FF1228F10416ADA640E3310508B706341
SHA-256:	D3661C08F3DF0E9CB6EFCBEFDB19EC43D39359D44710131B1CBC00592CE7F03C
SHA-512:	02C8DC3C388428F9407F47DFAAAFFB2AEE2EB787BF5D1F26946F095675B52C9990874855461AC4DA3CA3E2EF6DF14F5506D054E5723CF96FDC2DD1F5C91A71DA
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/iedit-o8exyg.js
Preview:	function AdfRichPlainTextEditor(propertyName) {. this.Init(propertyName);.}.AdfObject.createSubclass(AdfRichPlainTextEditor, AdfRichInlineEditor);.AdfRichPlainTextEditor._extraWidth = 0;.AdfRichPlainTextEditor.prototype.Init = function(propertyName) {. AdfAssert.assertString(propertyName);. AdfRichPlainTextEditor.superclass.Init.call(this);. this._propertyName = propertyName;.};.AdfRichPlainTextEditor.prototype.PreEdit = function() {. return this.GetEditedDomElement() != null;.};.AdfRichPlainTextEditor.prototype.getEditedProperty = function() {. return this._propertyName;.};.AdfRichPlainTextEditor.prototype.startEdit = function(component, event) {. AdfRichPlainTextEditor.superclass.startEdit.call(this, component, event);. var peer = this.GetEditedPeer();. var theDocument = peer.getDomDocument();. var textArea = theDocument.createElement("input");. textArea.type = "text";. var agent = AdfAgent.AGENT;. var propValue = component.getProperty(this._propertyName);. textArea.val

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	822110
Entropy (8bit):	5.1429214275580835
Encrypted:	false
SSDEEP:
MD5:	83B335A478E7C0B096898E1A423E2739
SHA1:	4A9666F95BA70F3D3632FE812A5215AADCD8AF20
SHA-256:	B3A6F912E35492F6CD48C2D2A28D8CEDB24D6A06989BDB35C503886ED0403888
SHA-512:	1E8CC0493B82B8952FF90BEC890C6C2DEDA9664A36D59E3F2006F9430EC2734BD99EA6C89B4A87B22CE4841783BD8101B26BB9EB4027AA0EBFA131493D789A19
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/webkit/n/default/opt/d/core-pnrq5z.js
Preview:	function AdfDataFlavor(stringForm) {. this.Init(stringForm);.}.AdfObject.createSubclass(AdfDataFlavor);.AdfDataFlavor.getRowKeyDataFlavor = function(discriminant) {. AdfAssert.assertStringOrNull(discriminant);. if (!discriminant \|\| discriminant.length == 0) {. return AdfDataFlavor._GENERIC_ROWDATA_FLAVOR;. }. var rowDataFlavor = AdfDataFlavor._ROWDATA_FLAVOR_MAP[discriminant];. if (!rowDataFlavor) {. rowDataFlavor = new AdfDataFlavor("rowKey/" + discriminant);. rowDataFlavor._isRowKey = true;. AdfDataFlavor._ROWDATA_FLAVOR_MAP[discriminant] = rowDataFlavor;. }. return rowDataFlavor;.};.AdfDataFlavor.isRowKeyDataFlavor = function(flavor) {. return flavor._isRowKey;.};.AdfDataFlavor.getObjectFlavor = function(dataObject, discriminant) {. AdfAssert.assert(dataObject != null, "Can't create AdfDataFlavor without dataObject");. AdfAssert.assertStringOrNull(discriminant);. var className = AdfDataFlavor._TYPE_MAP[typeof dataObject];. if (className === "Object") {. c

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	9572
Entropy (8bit):	5.036084893882034
Encrypted:	false
SSDEEP:
MD5:	2649CB6D0336C175D75FBB2E57CC576A
SHA1:	C736C968ECA387B0BC163853E50CCFE91FCCACD7
SHA-256:	E8082EB6F34F2578570B662FA5825B22D896E97E5097F678F3739AC0CD9E113B
SHA-512:	F8299F86160149D53C255D00CE3A250A1CC3D7D59CD7B1C87DA42D82923BDDF2DBCFBDBBE55A73EE818255C3AC03C5EFE26626FD66140AF8FC87687B8EEA8619
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/ver25/loginTemplate_rtl.css
Preview:	/* IMPORTANT: If any change is made in this file, make sure to change value of CSS_JS_VERSION in . * $SRCHOME/ngam/src/common/utilities/src/main/java/oracle/security/am/common/utilities/constant/GenericConstants.java. * This is needed to burst browser cache. Refer bug# 28190763 for details. .*/..html,.body {..font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;..background-color: #FCFBFA;..margin: 0;..padding: 0;..color: #000;..height:100%;.}..head1 {..font-family: "Georgia;. font-size:30px;..font-weight:400;..color:#FFF;..text-align:right;..letter-spacing:0.01em;..display:block;..margin-bottom:4px;.}..head2 {. font-family: Georgia;..font-size:36px;..color:#FFF;..text-align:left;..letter-spacing:0.01em;..max-width: 100vw;. padding-bottom: 24px;.}..a img { ..border: none;.}..a:link {..color: #145c9e;..text-decoration: none; .}.a:visited {..color: #72007C;..text-decoration: none;.}.a:hover, a:active, a:focus { ..text-decoration: underline;.}...container {..background-colo

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (32011)
Category:	downloaded
Size (bytes):	52792
Entropy (8bit):	5.385250025014777
Encrypted:	false
SSDEEP:
MD5:	3AB3D3FB9F59030B4F69376FE4B80D68
SHA1:	7F24D89D09074597A286CD3BAE9B6C77A554372E
SHA-256:	52EF7362A35AF9B69E3C372B203BE15D3ED9CFF22112C2209A82EF9D34CC0C7F
SHA-512:	3F0301D1205C690B7595823050025C33E8ABCBCEDA56B0EC349F821AA0E82359A31A85F06604450D6586E4EDE588FC329E77FECC395C7AF1FCBF13566239E835
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_orpt-59zawtpatdv5lgnaa2.js
Preview:	!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (516)
Category:	downloaded
Size (bytes):	14881
Entropy (8bit):	5.131845224352369
Encrypted:	false
SSDEEP:
MD5:	C56F7BD5353CCFBE29823256008676C9
SHA1:	3A40B0CCB303153C85EC4C0540782EDFE84E9E68
SHA-256:	F7704E892ED7B4A8687D0135748C45EF22D35831F82106A584EC16BF7759A8C1
SHA-512:	3A1F0597DBE5A75B8DA74661DBA74013F9EB75419B8DE8B9061F467ADACDFC8E55064957E07D50A57B811BF12A0FF8616BAA301ED5BF4B5D260CD6C8DAC53A3F
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/uncommon-b65uxz.js
Preview:	AdfUIComponents.createComponentClass("AdfRichSpacer", {"componentType":"oracle.adf.RichSpacer", "propertyKeys":[{"name":"inlineStyle", "type":"String"}, {"name":"styleClass", "type":"String"}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, {"name":"height", "type":"String"}, {"name":"width", "type":"String"}], "superclass":AdfUIObject});..AdfRichUIPeer.createPeerClass(AdfRichUIPeer, "AdfDhtmlSpacerPeer");.AdfDhtmlSpacerPeer.InitSubclass = function() {. AdfRichUIPeer.addComponentPropertyChanges(this, AdfRichSpacer.WIDTH, AdfRichSpacer.HEIGHT);.};.AdfDhtmlSpacerPeer.prototype.ComponentWidthChanged = function(component, domElement, newValue, oldValue) {. if (newValue) {. var width = AdfDhtmlSpacerPeer._getLengthInt(newValue);. if (AdfAgent.AGENT.getPlatform() == AdfAgent.IE_PLATFORM) {. domElement.width = width;. } else {. if (domElement.nodeName == "IMG") {. dom

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1400x1200, components 3
Category:	downloaded
Size (bytes):	190803
Entropy (8bit):	7.978043932661662
Encrypted:	false
SSDEEP:
MD5:	B8D2245135CB0EBE392A80CF4046609F
SHA1:	3BE84794EC9A4DA15D5A76FEA166B40862BB0B3D
SHA-256:	AC4ECCBD976A6E76A6E3084A0FD68D44018CAFBACF590C49A41834CAEC0D934C
SHA-512:	7AF99876D54EC383201704893AE96AEF65AE1F9869BF69BCF76BB5F36C507CA1FE2F1BEBEBC6177611F7AA017ECBDE81FECACA236786AC0D7D0B3FBBBF1F9D6C
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauthimages.net/c1c6b6c8-n1emyu59wvp-rjdubmnkftskzvjpyj4l-xrfd9xhgsu/logintenantbranding/0/illustration?ts=636301124598424302
Preview:	......Exif..II*.................Ducky.......U......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:9d39a15f-46de-4b8c-94cc-3493f4eb7199" xmpMM:DocumentID="xmp.did:0F9A3008276611E78988FAC7970AF0D6" xmpMM:InstanceID="xmp.iid:0F9A3007276611E78988FAC7970AF0D6" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:c633ff9e-a408-4a76-8ff2-1472aa324cbb" stRef:documentID="adobe:docid:photoshop:08455545-6fd0-117a-a19c-fcfab0a6962d"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65474)
Category:	downloaded
Size (bytes):	996585
Entropy (8bit):	5.3720741049913645
Encrypted:	false
SSDEEP:
MD5:	9AF1C0B61B7B49602A2F491D01519688
SHA1:	B18259204DC199D29BCB363DD4F2715DCD329F92
SHA-256:	093379A6BD9A7EACABACF67B27B6759C4AE07C03E48B97FD6A58D634357456A5
SHA-512:	929ABAD737CD7A59C9CEEFA188662F861AB9E3B4453983CC4B99F23327565749883171B77A166CFBB6FB3EDF7A1B56B3C59E74B6F81BC86D1DA314A02E3F2B79
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/adf/styles/cache/HAL_HOME_PAGE_BRANDING_2102002alta_v1-q3avvi-en-ltr-webkit-537.36-windows-cmp-s.css
Preview:	/* This CSS file generated on Fri Oct 06 21:42:39 UTC 2023 */..AFInstructionText,.x0,.AFFieldText,.x6,.x23,.x24,.x1u.x2n .x25,.x1u.p_AFDisabled.x2n .x25,.x1u.x2p .x25,.x1u.x2q .x25,.x1u.x2r .x25,.x1u.x2s .x25,.x22.x2n .x24,.x22.p_AFDisabled.x2n .x24,.x22.x2p .x24,.x22.x2q .x24,.x22.x2r .x24,.x22.x2s .x24,.x1t.x2n .x26,.x1t.p_AFDisabled.x2n .x26,.x1t.x2p .x26,.AFFieldTextLTR,.x9k,.AFPhoneFieldText,.x9m,.AFPostalCodeFieldText,.x9o,.AFAddressFieldText,.x9q,.OraNavBarViewOnly,.xat,.PortletSubHeaderText,.xcf,.PortletText1,.xcg,.PortletText2,.xch,.PortletText3,.xci,.PortletText4,.xcj,.portlet-font,.xck,.portlet-msg-info,.xcm,.portlet-form-input-field,.xd3,.portlet-form-field,.xd8,.AFHVNodeTextStyle50,.x24d,.AFHVSearchResultsMatchTextStyle,.x24o,.AFHVDefaultFont,.x24p,.x26n {font-weight:normal;font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;font-size:12px;color:#333333}.AFInstructionTextDisabled,.x1,.AFFieldTextDisabled,.x7,.x1u.p_AFDisabled.x2p .x25,.x1u.p_AFDisabled.x2q .x25,.x1u

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	26149
Entropy (8bit):	5.17528436850588
Encrypted:	false
SSDEEP:
MD5:	051AE596D917574E6895586831BE71B9
SHA1:	546511A0E0C45827DCEE6C38801C1E29113D3ECD
SHA-256:	7EF0D0094CB69A93511142704D0188DC6D376704DF5495665FA52DD6FFA8C1EE
SHA-512:	A414AA59265644576968D2E5E8A67BE2F5EA1493472377CA51E22C752B28AA32144C9FC83A3B95C0492A86A66676DAACF8C087D2D1F59E102FAD2E5C1A0B3F3E
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/ver25/loginJS.js
Preview:	// IMPORTANT: If any change is made in this file, make sure to change value of CSS_JS_VERSION in .// $SRCHOME/ngam/src/common/utilities/src/main/java/oracle/security/am/common/utilities/constant/GenericConstants.java.// This is needed to burst browser cache. Refer bug# 28190763 for details. ../// Functions:..var isNav4 = false;.var isIE4 = false;.var isNS6 = false;.var showLang = true;.var endURL;.var backUrlParam = "";.var undef;.var sfaInterval;...function detectBrowser() {. if (navigator.appVersion.charAt(0) == "4") {. if (navigator.appName == "Netscape") {. isNav4 = true;. } else {. isIE4 = true;. }. } else if (navigator.appVersion.charAt(0) >= 5) {. if (navigator.appName == "Netscape") {. isNS6 = true;. }. }.}..function checkForEnterKey(event) {. var keyChooser;. if (isNav4 \|\| isNS6) {. keyChooser = event.which ;. } else if (isIE4) {. keyChooser = window.event.keyCode;. }.. if (keyChooser == 13) { // 13 is code for enter-key. if ( isN

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (61177)
Category:	downloaded
Size (bytes):	111786
Entropy (8bit):	5.288117578218973
Encrypted:	false
SSDEEP:
MD5:	2ED8D5B2F2B901E92D03F9068812341A
SHA1:	8470214FC8E246C3910BCB0EAE9070D4ABE3A389
SHA-256:	1A0EA89AE667420CAEAE29D594D53258E6ED157DAB7E8DFE6F154F0054B0CF99
SHA-512:	F0BC6711EF2A43E5F4B254D1C49F69A082AE459D5872F718DD4F88153C74101487D81B472BD3557205DD7A3E51EC7657F8359B0964A0A346BD9DBC9D423273F4
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ltjvsvk5aekta_kgibi0gg2.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21000)
Category:	downloaded
Size (bytes):	1231993
Entropy (8bit):	5.402704954651747
Encrypted:	false
SSDEEP:
MD5:	148893DD5CCB7513133779F21E4B5C07
SHA1:	AB2E4685F8F4556AAD1D1A31C1CA892E6E48BC8F
SHA-256:	A3C7F3B636EEBAA9F77DDE0356FC88279065E920528389D1DFAC8BF626299710
SHA-512:	A2596FC204B6889E8E8125571B5C148ADD7C2E20515E517A01D80451ACE8DF4E246DEA49E75671C8057B70C580EA265F0F43E3CAE302E746AECD9FAECB8B46AB
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/unknown/n/default/opt/d/_AdfRichTextCKEditor5-trmv8g.js
Preview:	AdfUIComponents.createComponentClass("AdfRichTextCKEditor", {componentType:"oracle.adf.RichTextEditor", propertyKeys:[{name:"changed", type:"Boolean", "default":false}, {name:"changedDesc", type:"String"}, {name:"autoSubmit", type:"Boolean", "default":false}, {name:"accessKey", type:"String"}, {name:"contentStyle", type:"String"}, {name:"helpTopicId", type:"String"}, {name:"disabled", type:"Boolean", "default":false, secured:true}, {name:"label", type:"String"}, {name:"readOnly", type:"Boolean", ."default":false, secured:true}, {name:"showRequired", type:"Boolean", "default":false}, {name:"simple", type:"Boolean", "default":false}, {name:"inlineStyle", type:"String"}, {name:"styleClass", type:"String"}, {name:"shortDesc", type:"String"}, {name:"unsecure", type:"Object", secured:true}, {name:"visible", type:"Boolean", "default":true}, {name:"persist", type:"Array"}, {name:"dontPersist", type:"Array"}, {name:"columns", type:"Number"}, {name:"dimensionsFrom", type:"String", "default":"con

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.755835574318712
Encrypted:	false
SSDEEP:
MD5:	8552CBC861F3C85D3304D803AF85A964
SHA1:	A665A4BDEA03BCFD9854F5135FA30CA832C04566
SHA-256:	B94BB79CAA07512E13AF1BB3FDACA1C429EEDCB898558E4C2C283D6099552AEE
SHA-512:	DAF434AF7C2F2F49518E5E644F5CB2F1AE371FAA3473AAF31D79674BDD7F1BC31E237FD1244D193CA77944ADBD24B19A502151701B77DB892C37034545966117
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgk9zpGqqhx0axIFDaPCFUMSBQ3OQUx6EgUNjM9evg==?alt=proto
Preview:	CiMKCw2jwhVDGgQIVhgCCgsNzkFMehoECEsYAgoHDYzPXr4aAA==

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	8790
Entropy (8bit):	5.865922375772553
Encrypted:	false
SSDEEP:
MD5:	5D0A90541D3AB22E50E180D121582EB8
SHA1:	232B8553C8E0BDE7248644C55690395FD90644CB
SHA-256:	0BB3F2E40EF354476782D86BB17063E381C1B275001DCA4AA70A5E567E42E896
SHA-512:	5FBF7478211BC8FFCA424CFA3D593548105C8C1B67F6876407AAB2A8259F263841F81B6FB4385DC63A73A11FA58D93223DFF9E58EBD70402F24D0021B7A9BBD5
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/ver25/messages.js
Preview:	.// IMPORTANT: If any change is made in this file, make sure to change value of CSS_JS_VERSION in ..// $SRCHOME/ngam/src/common/utilities/src/main/java/oracle/security/am/common/utilities/constant/GenericConstants.java..// This is needed to burst browser cache. Refer bug# 28190763 for details. ....// Login Page WARNING messages....var emptyUserName = new Array();..emptyUserName[ 'ar-ae' ] = '...... ..... ... ...... .... ';..emptyUserName[ 'cs-cz' ] = ' Zadejte platn. u.ivatelsk. jm.no ';..emptyUserName[ 'da-dk' ] = 'Indtast et gyldigt brugernavn';..emptyUserName[ 'de-de' ] = ' Geben Sie einen g.ltigen Benutzernamen ein ';..emptyUserName[ 'el-gr' ] = ' ........... ... ...... ..... ...... ';..emptyUserName[ 'en-us' ] = ' Please enter valid username ';..emptyUserName[ 'es-es' ] = ' Introduzca un nombre de usuario v.lido ';..emptyUserName[ 'fi-fi' ] = ' Sy.t. hyv.ksytt.v. k.ytt.j.tunnus ';..emptyUserName[ 'fr-fr

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (513)
Category:	downloaded
Size (bytes):	28924
Entropy (8bit):	4.997396655665228
Encrypted:	false
SSDEEP:
MD5:	6FB8F8B4EBC5B523D1E1F801417F7F15
SHA1:	B8AC64E80FC5C3E540BCB47F615F136F1AA518D6
SHA-256:	2A92527993D6292D89343B9CD82C416FE41F0B7FC35299CCE5204C9E2C2F2D46
SHA-512:	B87B6C41F2858762D940BE36C73365B4BF21DB8AF0A83AC3A41F7C1BCCB10DF089DCF9016B7B7D67C9F7FA2445553DEA7E32660D2265EE54A65DE7E6E4E86D33
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/afr/partition/webkit/n/default/opt/d/input-pvuik4.js
Preview:	AdfUIComponents.createComponentClass("AdfRichInputText", {"componentType":"oracle.adf.RichInputText", "propertyKeys":[{"name":"changed", "type":"Boolean", "default":false}, {"name":"changedDesc", "type":"String"}, {"name":"autoSubmit", "type":"Boolean", "default":false}, {"name":"accessKey", "type":"String"}, {"name":"contentStyle", "type":"String"}, {"name":"helpTopicId", "type":"String"}, {"name":"disabled", "type":"Boolean", "default":false, "secured":true}, {"name":"label", "type":"String"}, .{"name":"readOnly", "type":"Boolean", "default":false, "secured":true}, {"name":"showRequired", "type":"Boolean", "default":false}, {"name":"simple", "type":"Boolean", "default":false}, {"name":"shortDesc", "type":"String"}, {"name":"unsecure", "type":"Object", "secured":true}, {"name":"visible", "type":"Boolean", "default":true}, {"name":"editable", "type":"String", "default":"inherit"}, {"name":"placeholder", "type":"String"}, {"name":"autoTab", "type":"Boolean", "default":false}, {"name":"c

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	10379
Entropy (8bit):	5.03577233400414
Encrypted:	false
SSDEEP:
MD5:	8B825860B5E7F49428CEC5B63B871913
SHA1:	2D345C49FD9BC1CBB9CB57FF1680DF18DDE3AEA6
SHA-256:	8CED03515228ADCBCECF7A5447EE647F11490FCE859B4519EC419ECC2588F1B6
SHA-512:	15C54DDE91A2605640C5FD1A352DD704F64F832F0B33E375B5625C6B8ADBD7DD4540A5899963CF564F9AEA440B23EC9BFEA650E0287FCCFD6F6A6F4E7D9DE5AD
Malicious:	false
Reputation:	low
URL:	https://encd.login.em3.oraclecloud.com/fusion_apps/global/ver25/loginTemplate.css
Preview:	/* IMPORTANT: If any change is made in this file, make sure to change value of CSS_JS_VERSION in . * $SRCHOME/ngam/src/common/utilities/src/main/java/oracle/security/am/common/utilities/constant/GenericConstants.java. * This is needed to burst browser cache. Refer bug# 28190763 for details. ./.html,.body {..font-family:"Helvetica Neue", Helvetica, Arial, sans-serif;..background-color: #FCFBFA;..margin: 0;..padding: 0;..color: #000;..height:100%;.}..head1 {..font-family: Georgia;..font-size:30px;..font-weight:400;..color:#FFF;..text-align:left;..letter-spacing:0.01em;..display:block;..margin-bottom:4px;.}./ Bug# 29376955. Do not capitalize string using text-transform CSS property .. in this CSS class/..head2 {..font-family: Georgia;..font-size:36px;..color:#FFF;..text-align:left;..letter-spacing:0.01em;..max-width: 100vw;. padding-bottom: 24px;.}./Bug# 35072515. Font specific to Vietanemese */..headForViet {. font-family: Noto-sans;. font-size:30px;. fon

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Category:	downloaded
Size (bytes):	2347
Entropy (8bit):	5.290031538794594
Encrypted:	false
SSDEEP:
MD5:	E86EF8B6111E5FB1D1665BCDC90888C9
SHA1:	994BF7651CB967CD9053056AF2D69ACB74DB7F29
SHA-256:	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
SHA-512:	2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
Malicious:	false
Reputation:	low
URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f\|\|e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("\|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	86
Entropy (8bit):	2.1236708452724713
Encrypted:	false
SSDEEP:
MD5:	5A563B0BE47C59AAE95D23DCE91A7309
SHA1:	D2BEA40AC95CBF72926582607275600AC0A4D5EE
SHA-256:	4AE0140CD946DB80306FAF260F25BB9E70C849CF3D047E3FCFF27AC05C28B3CE
SHA-512:	784D7ABC58FAC572CD893BA125779F254BE4C6A1689F7A997E8E286769C6B940FF5A1BB9B54AF43A588F0FB6EBF099541901F0BFDA3E02BA400599266F4C9D56
Malicious:	false
Reputation:	low
URL:	https://encd.fa.em3.oraclecloud.com/hcmUI/adf/images/t.gif
Preview:	GIF89a.......................................................!.......,........@...D.;.

Static File Info

⊘No static file info

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 124

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Windows Analysis Report
https://encd.fa.em3.oraclecloud.com:443/fscmUI/faces/FuseWelcome