Edit tour

Windows Analysis Report
https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jY

Overview

General Information

Sample URL:	https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZ
Analysis ID:	1431905

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1828,i,12377642797320586305,2005524206607121371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: Number of links: 0

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: Title: does not match URL

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: <input type="password" .../> found

Source: https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1	HTTP Parser: No favicon
Source: https://mailc.dps.texas.gov/user/	HTTP Parser: No favicon
Source: https://mailc.dps.texas.gov/user/login	HTTP Parser: No favicon

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: No <meta name="author".. found

Source: https://mailc.dps.texas.gov/user/login

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49731 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	DNS traffic detected: DNS query: mailc.dps.texas.gov
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49731 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@14/20@6/104

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1828,i,12377642797320586305,2005524206607121371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1828,i,12377642797320586305,2005524206607121371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mailc.dps.texas.gov	204.65.230.124	true	false		high
www.google.com	172.217.2.196	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mailc.dps.texas.gov/user/	false		high
https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1	false		high
https://mailc.dps.texas.gov/user/login	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
192.178.50.67	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
142.250.217.174	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
172.217.165.195	unknown	United States		15169	GOOGLEUS	false
204.65.230.124	mailc.dps.texas.gov	United States		1761	TDIR-CAPNETUS	false
172.217.2.196	www.google.com	United States		15169	GOOGLEUS	false
74.125.141.84	unknown	United States		15169	GOOGLEUS	false
142.250.64.202	unknown	United States		15169	GOOGLEUS	false
142.250.64.238	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431905
Start date and time:	2024-04-26 00:14:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@14/20@6/104

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.165.195, 142.250.217.174, 74.125.141.84, 34.104.35.123, 72.21.81.240
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:14:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9943861989573737
Encrypted:	false
SSDEEP:
MD5:	61C52E2424CE7E92D1B8F0FB1AFA6518
SHA1:	E3DF9A7CEE055D6F50318C83ED7C1C9CB5CAA314
SHA-256:	3E998F4C86C6DD2CB8E94D2F7E0D606680D878436B395CD98957112D7A0A96E4
SHA-512:	243A950A6FC66B11DB8F088CD517881B421C1D84DAE2BD6E8D81F59C6321DE29C97D70C6A49B958BF5B742A75AA5703A044DE249449C888F74B2FA1037B93D88
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....$..]...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:14:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0095417006608
Encrypted:	false
SSDEEP:
MD5:	A16CE26B3A37EA067BDA30C1A6E696D8
SHA1:	EE627C1F49A590D367E0F11B70C173E0C2EA2E26
SHA-256:	E38CF91C96C5E768AE79AEAFC5E528B3B64B56AF860E74DD8E69016F90445415
SHA-512:	99B2954D177D38A8E0E5EFAB0BC1A368B72D5191448BEB95D301ABD6BAAEFACE594A881566BA25CC7DEBD25507DBD9174E301A368B29863094F3522D9BAD86CA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....-...]...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.013770830428624
Encrypted:	false
SSDEEP:
MD5:	164496AC2A726D377D2DDABB140E5687
SHA1:	85FFABE3362BCDA479EB8206AEB4040347EDA454
SHA-256:	55E7DD039AB71BB6AE57040CBF9B519A7C2D9D4DC5BB1D6AA5F57638F12375A6
SHA-512:	D8CE7064D1AC0FCB8A994ABCEEEF5284864735E6D5CFE5BF3F9DEDEE6178F6AED71A1B2B7B54D61BE50BBBF9094FE6790013B79329A2F0F8D365C0CA5318AF37
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:14:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.00871874744795
Encrypted:	false
SSDEEP:
MD5:	5D1540EA5C9B97490F47D6EF55129DA6
SHA1:	0C5C67793840B13750103BC28A61BE5471EBAEC4
SHA-256:	B35DB1F2B4B1F0F61AE94B793676BF34AEF96AA56321AED4A0BBDA53B0217859
SHA-512:	44D5FDEE93622A5FAB0EC72CC78C7341F2281787A0A0A5F91136DBBFE03E35D1F6897CC7C38E59C4FF1BCB34CC07B1536F0E997605E12E46CFC910EA8E214CB6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........]...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:14:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.996626727715097
Encrypted:	false
SSDEEP:
MD5:	2A115A694271B2598922846C5C38C3B7
SHA1:	F7150E9D2D90AB3597AFEE3A03630DDA7769CF1D
SHA-256:	F7E0A2B0F5B7AFAACD8435126A5923BABE9E2D4EDF48E28A1EE7021042C44E6D
SHA-512:	4FA5AC7285CCBC7BA6E525DBADD6893EC38599BC01824ACEA6699BFEDFD26F384420D382E104F098F2E85A40EFD938CCFDF56D5EB4B1C74EBE63A059716F5694
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........]...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 21:14:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.003280972014995
Encrypted:	false
SSDEEP:
MD5:	B68D00D0D768513391D51E2B508E0434
SHA1:	ECB384ECCA03ED63EA43A05B9859C7A97CAB1EDD
SHA-256:	42F644ABBE79D424E1FEF36012553A6E941BB47E38927375E1A2B84FC83C3A17
SHA-512:	2945539CD261D7BEF0B412F92208371F5DD8F3924F72ED5CE6EB03F6AB2F2507D4AE9073997776DFA9F06CF00959C109A88138A6CBB487563D3A5B0FAA166A7E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....3..]...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............qy.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36862), with no line terminators
Category:	downloaded
Size (bytes):	36862
Entropy (8bit):	5.237389489072871
Encrypted:	false
SSDEEP:
MD5:	E0B49584D498DFA05DC2686516AF905D
SHA1:	B132CD4E6DC826CDA4BB684387AF77479747B659
SHA-256:	E9B45AD1B6388911CFFAD87036105521EFA976FD343870243859F65269A55CF5
SHA-512:	6A181E026547E8525AA2B08AD50D7F7A999A23A8915AE8E7FEF94E005B75C5791D62E47E3E3175C036349CE108CA2B24FC466D7EAD14C5594EB01B707BA60166
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/polyfills.941ce33d85cd2cad029d.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[3],{1:function(e,t,n){e.exports=n("cnRA")},a56H:function(e,t,n){var o,r;void 0===(r="function"==typeof(o=function(){"use strict";!function(e){const t=e.performance;function n(e){t&&t.mark&&t.mark(e)}function o(e,n){t&&t.measure&&t.measure(e,n)}n("Zone");const r=e.__Zone_symbol_prefix\|\|"__zone_symbol__";function s(e){return r+e}const a=!0===e[s("forceDuplicateZoneCheck")];if(e.Zone){if(a\|\|"function"!=typeof e.Zone.__symbol__)throw new Error("Zone already loaded.");return e.Zone}class i{constructor(e,t){this._parent=e,this._name=t?t.name\|\|"unnamed":"<root>",this._properties=t&&t.properties\|\|{},this._zoneDelegate=new l(this,this._parent&&this._parent._zoneDelegate,t)}static assertZonePatched(){if(e.Promise!==C.ZoneAwarePromise)throw new Error("Zone.js has detected that ZoneAwarePromise `(window\|global).Promise` has been overwritten.\nMost likely cause is that a Promise polyfill has been loaded after Zone.js (Polyfilling Promise api is n

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.307354922057605
Encrypted:	false
SSDEEP:
MD5:	A2432DC721D79CB02E73D270CE7E1EAA
SHA1:	5A3C7BE77E9108ACA1B39E6BCD336EAAE6A51080
SHA-256:	CE43C8C02C05A92B3E20FAB138AAD31B9FD54B92848913449D09924E839BB80E
SHA-512:	0091B8D2F943169BDF1DD01D07A31F683F3B353D4EAADF1F7973AA79A989E349F53D6518AC612A856D89AB1539923C9FFAABB13E7CF8BEDF450E128342FF3298
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmZdB9HU9d8-RIFDZFhlU4SBQ01hlQc?alt=proto
Preview:	ChIKBw2RYZVOGgAKBw01hlQcGgA=

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	126
Entropy (8bit):	4.524384341444315
Encrypted:	false
SSDEEP:
MD5:	ED60930759BCED79A926F5704973F1AA
SHA1:	C887CF80614EB82184BCC35E7A171C67F26DEB9F
SHA-256:	25A5E53B2485605E7E6C41EE32FDD921CF8EFD5DB6E4D5975FBE4028EDA3CD91
SHA-512:	971F8DD578CA966322AD664B13AE3B0677B70EB1C07080BB4E53202BECA8D3DC9C818F1D61088B3B344753381D051C1CC4F3745E0D5C4D16E4E868F93D2CC75A
Malicious:	false
Reputation:	unknown
URL:	"https://mailc.dps.texas.gov/module/semail.fe?fewReq=:B:JVw4MTIyOHBnc0NhdmttbD8wMiRwZ3NNYGhnYXY/Tm1hY25nJGd6cmtwZ112a29nPzM1MzYzNjQzMzIkYW1mZz81Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JHJjZWc/Y2F2a3RjdmttbCRrZj9xcC9hcHIsZ29hcUJsbWNjLGVtdCRuY2xlP2dsJHFnYXdwZ11hbWZnP3FwL2Fwcixnb2FxJzYybG1jYyxlbXQnMWM1Z2BkZmAzZDQwO2NgZjswMTU1ZGBkYzM3YWZjYTQ2YGYwOzZjYTs2JzFjMzUzNjM2NDMzMicxY3RncCcxYzAnMWMyMycxYzIzJzFjNTQzZDU1MzM7M2QzZmc6ZzdnMWM0YTU0MDA3Ojc6YGdhOmY6NjU6Mg==&c=E,1,rq5qGkAZhLyex9aXGJRXiwwAVCBBGb9rYT0lMs5k_20Sqz45p0qJgiUApbOJ8yAtxqJ1ztZoyOzLsVT27C4xAyI39WhYljd1P1E5Oi904DAR&typo=1"
Preview:	<html>..<title>.Error </title>..<h2> Invalid Http request or bad parameters, please contact your administrator. </h2>.</html>.

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1334029
Entropy (8bit):	5.511114686002343
Encrypted:	false
SSDEEP:
MD5:	3C9B243F0D9E2BF3BA23CD2B704A7356
SHA1:	B503835119641BAE6029EFB334F08DB4F242BA13
SHA-256:	35A67FC17EF97028D0BF19E7FBCD9529C636CF154B1692F061A29763C4B72493
SHA-512:	7C302A1C81A14E9F826B199A16F845A1847A03B85C0867EA23865DD374531390D1E8A5FE4E2E16F463030272243A212082CF82DC9BA0690900EA18F65DCE38FD
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/main.93e52430c32e85bcb4c9.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{"+h4q":function(e,t,n){"use strict";n.d(t,"a",function(){return a});var i=n("bScC"),s=n("Ruyy"),r=n("Grzu"),o=n("8V6s");function a(e,t,n,l){return Object(r.a)(n)&&(l=n,n=void 0),l?a(e,t,n).pipe(Object(o.a)(e=>Object(s.a)(e)?l(...e):l(e))):new i.a(i=>{c(e,t,function(e){i.next(arguments.length>1?Array.prototype.slice.call(arguments):e)},i,n)})}function c(e,t,n,i,s){let r;if(function(e){return e&&"function"==typeof e.addEventListener&&"function"==typeof e.removeEventListener}(e)){const i=e;e.addEventListener(t,n,s),r=()=>i.removeEventListener(t,n,s)}else if(function(e){return e&&"function"==typeof e.on&&"function"==typeof e.off}(e)){const i=e;e.on(t,n),r=()=>i.off(t,n)}else if(function(e){return e&&"function"==typeof e.addListener&&"function"==typeof e.removeListener}(e)){const i=e;e.addListener(t,n),r=()=>i.removeListener(t,n)}else{if(!e\|\|!e.length)throw new TypeError("Invalid event target");for(let r=0,o=e.length;r<o;r++)c(e[r],t,

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2353), with no line terminators
Category:	downloaded
Size (bytes):	2353
Entropy (8bit):	5.255316386536078
Encrypted:	false
SSDEEP:
MD5:	562D383AC12E13D967703FE1F45AADFC
SHA1:	3B440686D15B6A455F27C0EF37B405EC319EAEA8
SHA-256:	90704EF73ABAD7BA0DF66A8AFB07C5F5C59988F5DD3F04C5E6FF27A8D3552724
SHA-512:	FB2EA06250FDA7E2E459C63FD29C35E352D8C9B7284FD8D63565D9A2EA437A59A02740A24E028933D316BD5DBC149189C6CC0AA1DA23598E08515047E32C9113
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/runtime.40883f517be5f6b0794a.js
Preview:	!function(e){function r(r){for(var n,a,i=r[0],c=r[1],f=r[2],p=0,s=[];p<i.length;p++)a=i[p],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&s.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(l&&l(r);s.length;)s.shift()();return u.push.apply(u,f\|\|[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++)0!==o[t[i]]&&(n=!1);n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={0:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise(function(r,n){t=o[e]=[r,n]});r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+""+({}[e]\|\|e)+"."+{1:"8b0370e555497cffc8c4",5:"269dd6ec454953480649",6:"ffa5e347c2bb236a7d5b",7:"dd4d2e022d3938609a8e"}[e]+".js"}(e);var c=

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	148110
Entropy (8bit):	4.948238822077983
Encrypted:	false
SSDEEP:
MD5:	0852F4FC2CB510C8D56C9B9EC8C34C7F
SHA1:	E9C78096C1166421385E93787999F0149E75EB3B
SHA-256:	F3341A53A2B42BBAB6D4165BEB379A65C2B5F560A5F52E28E21FB8A2B702201C
SHA-512:	AE283CE43C644B6ACDFB46398AFDC40655171A5ABC193A77535CB094203BE81CB58C3B7FE2D1E37AC8E182E78C0482BC8122EE0D5FA593D8EBE51A1A9180927C
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/styles.ce29b658bf35a0a571c5.css
Preview:	@charset "UTF-8";.mat-badge-content{font-weight:600;font-size:12px;font-family:Roboto,Helvetica Neue,sans-serif}.mat-badge-small .mat-badge-content{font-size:9px}.mat-badge-large .mat-badge-content{font-size:24px}.mat-h1,.mat-headline,.mat-typography h1{font:400 24px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h2,.mat-title,.mat-typography h2{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h3,.mat-subheading-2,.mat-typography h3{font:400 16px/28px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h4,.mat-subheading-1,.mat-typography h4{font:400 15px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h5,.mat-typography h5{font:400 calc(14px * .83)/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-h6,.mat-typography h6{font:400 calc(14px * .67)/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-body-2,.mat-body-strong{font:500 14px/2

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 16 colors
Category:	downloaded
Size (bytes):	318
Entropy (8bit):	2.254486515828874
Encrypted:	false
SSDEEP:
MD5:	E462005902F81094AB3DE44E4381DE19
SHA1:	684D6A3783A92305592C4211412AD0E17D402195
SHA-256:	D18B3C9FEB76C3C1CFDCC51C732F113327E3C33FB3F63B479951F7DA6ED1216F
SHA-512:	10B11FD6FC112CDF891E8ED7DC8767D7C56384A7C6EED08D327739654349F21A27EC0F534E10208AADBAA5596D641A7EBB4A1FB834FEE7CEA7620758D035B066
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/favicon.ico
Preview:	..............(.......(....... ...............................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	26
Entropy (8bit):	4.132944044980959
Encrypted:	false
SSDEEP:
MD5:	E7E49A2E8C5A4CAFC9B677974AB0E7F9
SHA1:	ACA26F58D72EDD5FE14AD71E94E22C161060B47F
SHA-256:	486E5EB6C2E6EB19871E68826D364998B0C9D86ABBCF4C35C64A5578BC3A550D
SHA-512:	B891508A32F75556EF9F81D5DAD229F3B4CB927F508FC18E4613384A566D81FEFA5595C3C800031AD7C867A1778C42C7D6C1F602F36452BA3E60EBDB2E62D24A
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/index.js
Preview:	window.location="/user/";.

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 27892, version 1.6816
Category:	downloaded
Size (bytes):	27892
Entropy (8bit):	7.9599908501132015
Encrypted:	false
SSDEEP:
MD5:	F7FF2A6FF8699952646B5592DE084DFA
SHA1:	A63534A9FE94054BCFA4E96457871452AD9AB44D
SHA-256:	2EE055921E5460E768980DA0E441063D23F4320EA15E232A4F77FFCBE5B4F74F
SHA-512:	969FD6DA748F5B6BC7BE9A91CE37F1E457388ADC46153C01C249527E145D5EC08497C9EBAA451AF5D44C89BE35572B029F809134695DC4C3F607EE3CDBC95F67
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/lato-regular.1281c95f90b5d18680d3.woff2
Preview:	wOF2......l.......a ..l...........................`.p.`..d....e.....T....6.$..N......p.. ..x..e.K[.O.....;...6.5..An#.G.9#z"...]. .7.y....b....nU.K.................$'.0..j7S{...'.IY.K()U.......}..~30..Lu...a.8).P..<.1..1M@6[Y..(...d.2......-...t.~opdfzvNn.'..8.VX..0.(...cr.b..'..KHv.c..w..9..fl.r.."....ELy.n.@......ox.p%.nFZ..n.rr....lc.\|.SXm....{...L.]....D~.C....(.\|.$.2...~...7...m..sn.p.E...\..g..p.k...?.k....#"...............S.H......W...9.6N".X.xd.~..D].3...9.......?.?...../..C.. ...=....._.s.../l.(.....-..c..QM.Yr.......A#..<..~h"VM.-.C"...}L.`n.I%7.1b.6.......c.rD...*(.(. F..K..e.1.....U}...@B.I;..A......S4..`...d.{..s..Q..[....8.:.Q0..~.A..=...d.e.$e..Lc.N!.[.v7.......Zv.7...PmT9.P}.KS......Q....P!'Y..B>.0.T.4.C...sE2.I..=@...]{M:N.....$..+..W.../..'.$WP.D2...P. c......q.....)._...80..7.9..?!"c......>.....56i..!.....]Cu%...].(.....o9Rf...........9S:K.n_/.Z..2 J.e..R....M.&.LQ.6....Egg....W;..pB...8...:h..S.I6W.V?.....RVK...@.m

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	635
Entropy (8bit):	5.043844923342189
Encrypted:	false
SSDEEP:
MD5:	6FC75309B3276186B5BAD3E9B58E09E4
SHA1:	F9910498ADF752B6F6FE0BF21FB1BAAF221286F9
SHA-256:	DAEFCFA5B8FC9DB5CE8DEF0A26F07529DC39294735AFC5BC599D5DEE8AB38FDA
SHA-512:	DC20D9F6C710E2DA9AD40D9E28BBDD8B134DFE929BF0EBE11E74B1DE6EF4841CCAAA68B51D1C9D75C1D36BBA27290C236F45197F1A0C2FC3552C3BF8517CCDE5
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/
Preview:	<!doctype html>.<html lang="en">.<head>. <meta charset="utf-8">. <title>FortiMail</title>. <base href="/user/">. <meta http-equiv="pragma" content="no-cache">. <meta name="robots" content="noindex">. <meta name="viewport" content="width=device-width, initial-scale=1">.<link rel="stylesheet" href="styles.ce29b658bf35a0a571c5.css"></head>.<body>. <app-root></app-root>.<script src="runtime.40883f517be5f6b0794a.js" defer></script><script src="polyfills.941ce33d85cd2cad029d.js" defer></script><script src="scripts.c483142772ec0bf2dc93.js" defer></script><script src="main.93e52430c32e85bcb4c9.js" defer></script></body>.</html>.

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	2094
Entropy (8bit):	4.991678320143717
Encrypted:	false
SSDEEP:
MD5:	3557F3BFDFDC1874AEA4C054FC65BD96
SHA1:	2A75675DAEBED5D434D6848719293F52093E3332
SHA-256:	C4AF93D595A388EABA40099EC7B9A7F265F81945110793BA71C415A9C611FC10
SHA-512:	8099D37EF9246D55B12D815E8F57B3CE2034E51B4619C744DE57FBF5A55758C5186848B806D3BCBBCE8423657FA2AB4DFD04F57A412213779F9784EF680BD7A9
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE menu [..<!ELEMENT resource EMPTY>..<!ATTLIST resource key CDATA #REQUIRED value CDATA #REQUIRED>..<!ELEMENT menuitem (resource+)>..<!ATTLIST menuitem id ID #REQUIRED>..<!ELEMENT menu (menuitem+)>..<!ATTLIST menu id CDATA #REQUIRED>.]>..<menu id="wmlogin">..<menuitem id="Global">...<resource key="network_lost" value="Network connection is lost!"/>...<resource key="possible_network_issue" value="There is possible network issue. Please check your connection."/>...<resource key="close" value="Close"/>..</menuitem>..<menuitem id="WMLogin">...<resource key="title" value="Please Login"/>...<resource key="user_name" value="Name"/>...<resource key="user_pwd" value="Password"/>...<resource key="user_token" value="Secure token"/>...<resource key="login_warning" value="Please specify user name before proceeding."/>...<resource key="login_warning_nopass" value="Please specify password before proceeding."/>...<resource key="token_warning" value="Pleas

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	250360
Entropy (8bit):	5.259637360339031
Encrypted:	false
SSDEEP:
MD5:	49D37978044D00C9C3E6325FED7A82F9
SHA1:	69A8262B12D4339E9DB06677F5A976F344F495AC
SHA-256:	3209118E5404DF800ED7512DC55E65FC814278FDFE94FB73FCC2E74F21017840
SHA-512:	C4CA64C6A12A0E4BAB8E9C138779FEE3E0C48D5256D6BA8E20029843CDB497781B12FEEA0BCF09F6A637C7E435F18589189B786A8AA9B0C1CA02428DE48F9398
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/user/scripts.c483142772ec0bf2dc93.js
Preview:	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],o=Object.getPrototypeOf,i=n.slice,r=n.flat?function(e){return n.flat.call(e)}:function(e){return n.concat.apply([],e)},a=n.push,s=n.indexOf,l={},c=l.toString,u=l.hasOwnProperty,d=u.toString,f=d.call(Object),h={},p=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},m=function(e){return null!=e&&e===e.window},v=e.document,g={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var o,i,r=(n=n\|\|v).createElement("script");if(r.text=e,t)for(o in g)(i=t[o]\|\|t.getAttribute&&t.getAttribute(o))&&r.setAttribute(o,i);n.head.appendChild(r).parentNode.removeChild(r)}function y(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"obje

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	50
Entropy (8bit):	4.288367439558377
Encrypted:	false
SSDEEP:
MD5:	01E827C1354A76896F62450476D29900
SHA1:	1C5D9DF21D59754A6A756C0847EEEBF9EA0B561C
SHA-256:	7AD293D2A3998414908958B5DE29E8E6F096A3F4F541D862E6F6371BBDFDB867
SHA-512:	1CA6CCC86910946B67F14B0C21A040381DF937C0BBF11F506AB690E8101C3BDD6ABA45144CE2FCA609816EF2C0265BA078B5852D9A34852F4CE7EC7E8A1CF1DC
Malicious:	false
Reputation:	unknown
URL:	https://mailc.dps.texas.gov/
Preview:	<html>.<script src="./index.js"></script>.</html>.

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.488233325218645
Encrypted:	false
SSDEEP:
MD5:	6C328D5D90EC293B60AA0E31265840A2
SHA1:	F399C0AD53E7BF29BB17163F15F480812FD0F75C
SHA-256:	83AEB217E8E3FF429D35270307A15E79F1C29A8BA7A8EB12F89B071272C04DE4
SHA-512:	298CD854521DECECADF11953297E50292366F101B82CE7074E003917278C3FA2A5BC1BAC7819E336E976D0624D57CA9394B0F429DF230AE66F11CFD8E0BC5F39
Malicious:	false
Reputation:	unknown
Preview:	{"errorType": 7,"errorMsg": "Failed: Access denied","reqAction": 0,"totalRemoteCount": 0,"collection": "[]"}

Static File Info

⊘No static file info