Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188

Overview

General Information

Sample URL:	https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188
Analysis ID:	1541454

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,4553909310822987176,18366868431396125236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 4204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: Number of links: 0

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: Title: Log In does not match URL

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: <input type="password" .../> found

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: No <meta name="author".. found

Source: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.149:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49736 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 19MB later: 27MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: cernercentral.com
Source: global traffic	DNS traffic detected: DNS query: vailhealth.cernercentral.com
Source: global traffic	DNS traffic detected: DNS query: millennia.cerner.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.149:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49736 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/11@14/135

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,4553909310822987176,18366868431396125236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1952,i,4553909310822987176,18366868431396125236,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cernercentral.com	99.83.188.148	true	false		unknown
vailhealth.cernercentral.com	75.2.83.33	true	false		unknown
www.google.com	142.250.185.228	true	false		unknown
millennia.cerner.com	99.83.212.128	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
172.217.18.14	unknown	United States		15169	GOOGLEUS	false
216.58.206.67	unknown	United States		15169	GOOGLEUS	false
74.125.71.84	unknown	United States		15169	GOOGLEUS	false
75.2.83.33	vailhealth.cernercentral.com	United States		16509	AMAZON-02US	false
99.83.212.128	millennia.cerner.com	United States		16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.174	unknown	United States		15169	GOOGLEUS	false
99.83.188.148	cernercentral.com	United States		16509	AMAZON-02US	false
172.217.18.99	unknown	United States		15169	GOOGLEUS	false
172.217.18.10	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541454
Start date and time:	2024-10-24 21:04:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/11@14/135

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.99, 142.250.185.174, 74.125.71.84, 34.104.35.123, 172.217.18.10, 142.250.186.170, 142.250.186.106, 172.217.16.202, 142.250.185.74, 172.217.18.106, 142.250.184.234, 142.250.186.138, 142.250.186.74, 142.250.185.170, 216.58.212.138, 142.250.185.106, 142.250.74.202, 216.58.206.74, 142.250.184.202, 142.250.185.138, 192.229.221.95
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://cernercentral.com/device-access/tenants/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/user/access-codes/c79d33bf-b84f-4417-a3c5-26de96bde6a6?realmId=2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188

LLM Input / Output

Input	Output
URL: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "P3386", "prominent_button_name": "Log In", "text_input_field_labels": [ "Username", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login Model: claude-3-haiku-20240307	```json { "brands": [ "Cerner" ] }
	```json { "brands": [ "Cerner" ] }
URL: https://millennia.cerner.com/accounts/p3386.vail_co.cernerasp.com/2b53e1a6-a4f0-4eb4-9db6-d7bb72f1c188/login/5f5bef93-20e6-45b1-8957-b09845b8b1c2/login Model: gpt-4o	```json{ "legit_domain": "cerner.com", "classification": "known", "reasons": [ "The brand 'Cerner' is a known healthcare technology company.", "The URL 'millennia.cerner.com' is a subdomain of 'cerner.com', which is the legitimate domain for Cerner.", "The use of a subdomain 'millennia' does not inherently indicate phishing, as it could be a legitimate part of Cerner's web infrastructure.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 2}
URL: millennia.cerner.com Brands: Cerner Input Fields: Username, Password

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:05:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9980812527294907
Encrypted:	false
SSDEEP:
MD5:	3C4EFA88AFA91A86D9C3CB8783A2528A
SHA1:	F10AC1F0C16338180915D69B73A79AB38D3EC720
SHA-256:	7F1D5AAF797DEDA9496B530F1E851495ABFB46174F51AB39AD9600D4D6B97713
SHA-512:	309AE021E2CE69D82CBECDF5907DCD7E7F547BD1A51A3C6E4B68B712B874CCF891902D729503DE7570B0BE3AB13DBFC0CC4776CD6902DB035D61F24945EC32D1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....B..G&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:05:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.014972330663103
Encrypted:	false
SSDEEP:
MD5:	B0278B5D14F05C63279C9C6821E5E77C
SHA1:	F715A980A3F6DD1E88A9B198AD254CF914D86443
SHA-256:	F088FE31E78112A14DABF8DC26E063740FE971156EA5952440B382A9BE1040BD
SHA-512:	DE0884CB4C36B4F39741D49FC06AD97253752E9045239419558F223DE6B73174CEC24ED2E5524862B5493F61C27132EAA3C5288A6A9EAE0EB80A633176D1B90C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........G&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.020612310002914
Encrypted:	false
SSDEEP:
MD5:	50BA34BDC91997347DFD7B6EF71CF5F5
SHA1:	6E96D41025604D84618B789CB6441A820EFB87CE
SHA-256:	FB71AB2D296F99C06F8049E58ED15436789C716017323B315642B29947FB8BAB
SHA-512:	65792A11EF5BD1AFAEE1FB1457C71E3144987C5AB3AE7513F9D9BD192FCF8729A923750BC3765D2BBEF7A3AB766D17567841A5CBBC998F593C3277F5667349E4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:05:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.013272108645281
Encrypted:	false
SSDEEP:
MD5:	53EBCB9EEA9F048C9C2585987B271ED9
SHA1:	7EEA0A033BA72C4EE34E154B2EFFE08C86337519
SHA-256:	BE1727AE3CD29F579E0DF912BD25882B4392560826D364C721C7D2F68AEDE83B
SHA-512:	6CF1722926AB465A41C413F2EEA9FA952C81CE39053E5BF34A2005AC1AF7BE3CFBD79BE8546EB2ADA28E0A65E3624DE5712A19A088D9B6B5F16DA3E9660ABFCE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......G&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:05:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.001825317357403
Encrypted:	false
SSDEEP:
MD5:	64D43306422FE225830473FE8BEB8343
SHA1:	7AC0C7F816BE48C7C91A913E2B197035A5D8393E
SHA-256:	CF9F4204EC43C4C693A6C7CE1C501C7E07502D77A2D0447195379C6029821E02
SHA-512:	4BBA16FFCD4D0A7C17B8BD8EE0721C7A90684A9FDA1ED266B836555C0B12C68386FF92287CD052E9742E6454DE1DDC57B2CE5E1F8FD90FB134AC1A86C7D55CD7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....F..G&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 18:05:21 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.00963598258352
Encrypted:	false
SSDEEP:
MD5:	A95F103996DC468577F069B447381C01
SHA1:	4ED540A9FB17D444EC5EE9382124D25F4003FA70
SHA-256:	9D384B12535437AA78851DDC86ED4EC1E156703FF8082BB35C17554FE97E8449
SHA-512:	348DA52DC2FC279DF64ABAF991462A50D2F8C0D519645FD37FB1845131845CD0A197E2C9CB2FFE393356CB8E8D088355F54351A60EB84C6923B9202F9262F4C8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....l@..G&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........{.v......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 227 x 56, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2479
Entropy (8bit):	7.898786381588054
Encrypted:	false
SSDEEP:
MD5:	3CF1EC38373F58B67CB3F9F6799B59C9
SHA1:	C307582F8A108CAE48D788A1C8C19C3A5B8AFD54
SHA-256:	9D0EFD228BCADD7F810D4F6BCFE60C82C5C59632213B403973D5894DBB0ABED7
SHA-512:	22C5BD15EA3FC2A927A3525E2BB16F29E17FC14BB546E98787BEFB0590C8987FDA0BF7972B4206CA9B22882FE056D4C3201B90093BFC695A93CAC5C91126DD77
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......8......wO.....pHYs...........~....aIDATx...q.6......;8^.f8....\A.."W.....TA.."U.....gt..f.C,.I..3..$......../...".....g)...\..8.8.hS.T&3fb..M....e.....Y03......>$j...b%.8'?...!.XCs.jA[....)3..W.J.B........3...kf2...k..l.G..!.YKf...f\@..-....#.F..$.....c..m}..1s..h.....>d....&.x3M....9....U.....0..u.e...{8a.1Gt..m..X....>....S's.p.x.X.9V..B..%.yr<o..;&J...eN.J8`.L>(].X.E...Ms.I..L.C.xp_p...w..=..7p.2=.%......'udL..a...FCi...z.....z.t_...zS...'t..WM5..>e.oa.,.?.F..9h\|.....9..u.........&....%......K......T.}.uf..0.:....JF...S9P.(1`P.s..l..OgH.=..1.....M....vL....,.ZgA.+m..]../cpJe..._0.........$>BXw\|....j... ^....h2#.)g.(...$..V.._Jbm..c......Y.^.9..'.........Rc.J.DkJ...}.x.t....<S....j3W\..VkL....m..sM.bP7.7.._,....Yj..P..}.$.(......8\.^%...<.G...............$...yL#..9(...T.8....!.ug...j^..x...i.9~k.4.........bUt..0r.....k.....p([.(..T...J.H.AE....M....l.=tGi.J+......{.\|..xJGC.+....=2..8.L9.._.....9j...&.o

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3816)
Category:	downloaded
Size (bytes):	31364
Entropy (8bit):	5.854573421420528
Encrypted:	false
SSDEEP:
MD5:	02E6E6B67D909687FE73E1003242A398
SHA1:	D44E70EA6C902B290280892740A721020DBEAFB1
SHA-256:	A2BA3B0663C12CD26D4C245FC6E8F835F0A6D226D39439A461925A06725508B9
SHA-512:	132AE0875120B057C070424D9ABD384BBB73F4CC107EC50DCB169AC815D2CA74E371B7DBDACC67A5F775F381456AAED9B82EC43D04DDBC133DC6C49655E337AF
Malicious:	false
Reputation:	unknown
URL:	https://cernercentral.com/resources/millennium-idp/v5.10.2/css/main.css
Preview:	/*-----------------------------------------------.Millennium IDP CSS.Author: Matt Randall.Contributor: Hank DeDona.Contributor: Andre Burrell..CSS Strategy:..#1 Element-only selectors (such as those reserved in default-styles) are reserved for resetting default styles.. If another page requires CSS styles radically different from the "standard", we don't want to have to refactor..#2 Styles should primarily be assigned to elements with classes (for example: form.login). Exceptions are when. a style may be shared by multiple element types. Classes should be kept to a minimum - preference should be made. to assign styles based on the structure of existing semantic class objects rather than creating new, arbitrary classes.. Classes should only be created when a style must be assigned that cannot be uniquely defined by its hierarchy within. the html..#3 CSS based on IDs should be avoided, as it may be difficult in a large application to guarantee non-collision of such. IDs.

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (972)
Category:	dropped
Size (bytes):	6101
Entropy (8bit):	5.264901219959317
Encrypted:	false
SSDEEP:
MD5:	DBC0415177E4C627C725D760528F1971
SHA1:	38398B8AFE08FB4061721DA52C50DC44777C990B
SHA-256:	9845ED6E1EDD23AF7132FCB6EF5016BF32EF6742CDC23970DFA584AC938174CB
SHA-512:	E012614B848CB43CFBB0A209E3A27E58AD10265B093762D5DD0C69E39BDF9DBDA33FD74123B79E06CF3644EB0608F27B90F61214676B54F88B162DDE25AB6A3E
Malicious:	false
Reputation:	unknown
Preview:	'use strict';function e(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent&&a.attachEvent("on"+b,c)}function g(){var a=h().getAttribute("data-workflow-root");if(a){var b=document.createElement("a");b.href=a;return b.pathname}return null}function k(a){if(a&&a.getAttribute&&a.getAttribute("class")){a=a.getAttribute("class").split(" ");a:{var b;for(b=0;b<a.length;b+=1)if("standard"===a[b]){a=b;break a}a=-1}return 0<=a}return!1}.function l(a){function b(){window.setTimeout(function(){var b;b=function(b){var c;if(b=a.getElementsByTagName(b))for(c=0;c<b.length;c+=1)b[c].disabled=!0};b("input");b("select");b("textarea");b("button");(function(){var b=document.createElement("div");b.id="_blocker";b.className="blocker";a.appendChild(b)})()},0)}k(a)&&a&&"disabled"!==a.getAttribute("data-safe-submit")&&e(a,"submit",b)}function m(a){"undefined"!==typeof console&&null!==console&&console.log(a)}.function h(){return document.getElementsByTagName("head")[0]}function n(a,b){2147483647<b&

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	339214
Entropy (8bit):	2.7430964018424717
Encrypted:	false
SSDEEP:
MD5:	55FB328988B79EA5B3A931F6ADEA666F
SHA1:	6EB3EE562B715F085C61480CAD80312C54A02CDA
SHA-256:	AA18BECFE95A3C03AF7343949FC4D7F7785F320BCB97CB68F263B63ACA65E31F
SHA-512:	CEE99CC35A372E0F1585922246FBC1B2099A2CF6CD1CAE031AB86792C93B494247BE2A04DB2E727969AAEE97F86FCFF28799F1744F54E1EEAC69C0AF5DA5A376
Malicious:	false
Reputation:	unknown
URL:	https://cernercentral.com/resources/millennium-idp/v5.10.2/img/favicon.ico
Preview:	............ .(............. .h....... .... .(...&...00.... .(-..N%..@@.... .(P..vR..``.... .(............. .(@...V........ ..x.............(.......(....... ..... ..........................'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..'..5..x........x..5..'..'..'..'..'..'..'..'..'..]..........................x..'..'..'..'..'..'..'..B...................................'..'..'..'..'..'.............k....................'..'..'..'..'..'..............................................5..'..'..'..'.............................................'..'..'..'..B.............................................]..'..'..'......................................................5..'..'.............'..'..'..'..k........]..]..k..B..'..'..5...................................'..'..'..'..'..'..'..k...........................

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	92
Entropy (8bit):	5.025588722055655
Encrypted:	false
SSDEEP:
MD5:	00643AF632AC753B271137503A69625A
SHA1:	A7624189D897D790D292B1A2D89B1868D5EA5D27
SHA-256:	8803D5A4C8E11369BD8875A79EC59B2461DA5B01250F4D423155EADBC356956F
SHA-512:	1A3F63A8BE693D399363D9015DFE288BA42BE15793394EAF422178B2EAD55107E65A061491FE5B04736F34D696D39B9B6C12FBD2ABF6239E06A85E330E675895
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgmmVbCHcfwhlBIFDX8fnQUSBQ09mRRrEgUNLn8HxA==?alt=proto
Preview:	CkIKDQ1/H50FGgQIVhgCIAEKKA09mRRrGgQISxgCKhsIClIXCg0hQCMkKi4lLSZeXz8vEAEY/////w8KBw0ufwfEGgA=

Static File Info

⊘No static file info