Edit tour

Windows Analysis Report
securedoc_20241220T070409.html

Overview

General Information

Sample name:securedoc_20241220T070409.html
Analysis ID:1578964
MD5:dc426e077f0127a982e6d608e3dcfc71
SHA1:81191472d785c83f27737c5466281a13e047ac62
SHA256:155d536e2756f84a69cb04810797b10dec8e68eecfc0c94de09f12dc72bedf6a

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected suspicious Javascript
Suspicious Javascript code found in HTML file
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20241220T070409.html MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 3848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1984,i,15915704308689888465,1084030690816859947,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: file:///C:/Users/user/Desktop/securedoc_20241220T070409.htmlJoe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.0.pages.csv
Source: 0.10.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/securedoc_20241220... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated code and the presence of a payload being sent to an external server are also highly concerning. Overall, this script demonstrates a clear intent to perform malicious activities and should be considered a high-risk threat.
Source: securedoc_20241220T070409.htmlHTTP Parser: document.write
Source: securedoc_20241220T070409.htmlHTTP Parser: location.href
Source: securedoc_20241220T070409.htmlHTTP Parser: .location
Source: securedoc_20241220T070409.htmlHTTP Parser: .location
Source: securedoc_20241220T070409.htmlHTTP Parser: Mailbox Claims <claims@santanderconsumerusa.com>
Source: file:///C:/Users/user/Desktop/securedoc_20241220T070409.htmlHTTP Parser: {'name':null,'msgID':'|1__861aeea900000193e498f3200a0d26ebbcc6f688@esa19.hc5532-55.iphmx.com','keysize':24,'flags':3073,'rid':'ImFnYWxsYXJkb0BwZWFybGhvbGRpbmcuY29tIiA8YWdhbGxhcmRvQHBlYXJsaG9sZGluZy5jb20+','algnames':{'encryption':{'data':'AES'}},'algparams':{'encryption':{'data':{'IV':'ZqAaruTMVJkIwICEWkS9Ng=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1734707049252.txt',1,'','',13,[0,6753],'Body-1734707049252.txt','iso-8859-1'],['Outlook-np3rrraa.png',2,'','Outlook-np3rrraa.png',21,[6753,18133],'Outlook-np3rrraa.png','ISO-8859-1'],['Outlook-linea.png',2,'','Outlook-linea.png',21,[24886,274],'Outlook-linea.png','ISO-8859-1'],['Gohagen prince, Lavern.pdf',2,'','Gohagen prince, Lavern.pdf',5,[25160,22657],'Gohagen prince, Lavern.pdf','ISO-8859-1'],['MessageBar.html',4,'','',1,[47817,35235],'MessageBar.html','ISO-8859-1']],'salt':'JsbhDidyR6p3+rPL1WgYZP0DHRQ=','data':['','','']}
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: <input type="password" .../> found but no <form action="...
Source: securedoc_20241220T070409.htmlHTTP Parser: Base64 decoded: Zeppelin rules!
Source: securedoc_20241220T070409.htmlHTTP Parser: Title: Secure Registered Envelope:SecureThisMessage S3482489-01-1875 does not match URL
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: Title: New User Registration does not match URL
Source: securedoc_20241220T070409.htmlHTTP Parser: <input type="password" .../> found
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: <input type="password" .../> found
Source: securedoc_20241220T070409.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20241220T070409.htmlHTTP Parser: No favicon
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: No favicon
Source: securedoc_20241220T070409.htmlHTTP Parser: No <meta name="author".. found
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: No <meta name="author".. found
Source: https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.16.236:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.16.236:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.53.18:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__861aeea900000193e498f3200a0d26ebbcc6f688%40esa19%2Ehc5532-55%2Eiphmx%2Ecom%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27ImFnYWxsYXJkb0BwZWFybGhvbGRpbmcuY29tIiA8YWdhbGxhcmRvQHBlYXJsaG9sZGluZy5jb20%2B%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27ZqAaruTMVJkIwICEWkS9Ng%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1734707049252%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,6753%5D,%27Body-1734707049252%2Etxt%27,%0D%0A%27iso-8859-1%27%5D,%0D%0A%5B%27Outlook-np3rrraa%2Epng%27,2,%0D%0A%27%27,%0D%0A%27Outlook-np3rrraa%2Epng%27,%0D%0A21,%5B6753,18133%5D,%27Outlook-np3rrraa%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27Outlook-linea%2Epng%27,2,%0D%0A%27%27,%0D%0A%27Outlook-linea%2Epng%27,%0D%0A21,%5B24886,274%5D,%27Outlook-linea%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27Gohagen+prince,+Lavern%2Epdf%27,2,%0D%0A%27%27,%0D%0A%27Gohagen+prince,+Lavern%2Epdf%27,%0D%0A5,%5B25160,22657%5D,%27Gohagen+prince,+Lavern%2Epdf%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B47817,35235%5D,%27MessageBar%2Ehtml%27,%0D%0A%27ISO-8859-1%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27JsbhDidyR6p3%2BrPL1WgYZP0DHRQ%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27DzLkq80jLhmG26DjLQoOwJQM2qiylocyvzI%2FMZtpFqpco5NtjRDd2C9Y2YOH4PMRAezK137Jl5zR7pCvzsNCk4ElgS7sl%2FseNQLAIWmfHnaHWDROubWwCOVbFAJ3T8ePUpTvTn2%2BdqeaOsWMdg9aO05GB5Eco59%2B%2BcJGZ5NMjnYPtfqmO8qufJFI3%2Bp3zBIxUWoA8lFJsT8IAafDdJ4tDV0SZR%2FCPJYdIFcnWtlsxFjCJly68Fai2FKP3Xhcd2OBO5YKLKFJh7yJ6W4PNsCLiWvR%2FaLcNSdwAvz2i0R7oz6F3fYyaMG7tWpASXtFJqMUXgV5O1L9efGoHKtTpYm1VA7V44DSKEul8UogIysyuiiLCDHyPRGD7NhPofdxGWSFaJ8YrgQ4BpDqzHcUJjl3XjuidkqCzmQEautWxDLT9JxlTV%2F0wckGIxBGsTVAv6rDSDgqHY3TxIsg2oIaMsFbYOO1Oi35SOf%2BM0wJadPnTudSkAoyLaFJkufesKuoQSWV2QOyTMjhdVF9Yd8XGvcblwcLxJt64rgFB0nfO3iXQH1MxU9Jz7fQ5gXvq0C3O3pKlz9Cvs92qmv2HIIVjdT0CZLsQjA2Mm6fpQvyIPcFI9eSo8m1yGmiUWLN5zegsE3wJA6MKNDAPmAs9hlSAMGzBZuFV3G%2BE4B92H4xoTEaFeYu%2FKkHoDJ%2FOtiHgr2J7T33W5WtFeYWaOHpAJaEMGIVg4nwugbFsqtD3o%2BV0KNChimVAU4Bfsm2Bmm43oXNAdyfJMN%2FU%2BBGiRVJsot3wB4FOuWaRHEwK9cTbe3pdj3HvJnS5JQc1zOE2iaMVuz4HdrUeKRFuRKGD4R51OPQ%2ByDM%2Bp4dc2zGlndNnI2Ausk7uaQ4FCRswGzJVG9%2FaKSOmFIKGAxrZwN8B44KwABt2fDB%2FEFLGgJFp45uh9eo2hwRM9fGLvDgZFtaYkWx5P2k9JsGtlJEuQDs%2F3q6H%2Bb72OAgjnm9mqXHWpu9MXLtFSFPVrrgnUSgO9h1mTQo3s1nywpfnxIqDYdCA7xiaFSnBpOGv7Qd1ZzHBNfaQml9rxiX0PIWkNQohNCP2zt4rRLMzkvozeLdUZTIsCT5R9MMqS7MUtRt5Knu0r6Q6sqL%2BGvXRD6W140%2BBHHnBRFlMBHeEHxnnXnH18OfJLKRSPnpiJ4GLzlvCpZP7KBShCYKVpRC98Jf1z9jsVS%2FSxk%2FlRksuoFp
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.16.236
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficHTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?p=0&d=%7B%27name%27%3Anull,%0D%0A%27msgID%27%3A%27%7C1__861aeea900000193e498f3200a0d26ebbcc6f688%40esa19%2Ehc5532-55%2Eiphmx%2Ecom%27,%0D%0A%27keysize%27%3A24,%0D%0A%27flags%27%3A3073,%0D%0A%27rid%27%3A%27ImFnYWxsYXJkb0BwZWFybGhvbGRpbmcuY29tIiA8YWdhbGxhcmRvQHBlYXJsaG9sZGluZy5jb20%2B%27,%0D%0A%27algnames%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%27AES%27%7D%7D,%0D%0A%27algparams%27%3A%7B%27encryption%27%3A%7B%27data%27%3A%7B%27IV%27%3A%27ZqAaruTMVJkIwICEWkS9Ng%3D%3D%27%7D%7D%7D,%0D%0A%27keyserverhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27securereplyhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27openerhost%27%3A%27res%2Ecisco%2Ecom%3A443%27,%0D%0A%27toc%27%3A%5B%0D%0A%5B%27Body-1734707049252%2Etxt%27,1,%0D%0A%27%27,%0D%0A%27%27,%0D%0A13,%5B0,6753%5D,%27Body-1734707049252%2Etxt%27,%0D%0A%27iso-8859-1%27%5D,%0D%0A%5B%27Outlook-np3rrraa%2Epng%27,2,%0D%0A%27%27,%0D%0A%27Outlook-np3rrraa%2Epng%27,%0D%0A21,%5B6753,18133%5D,%27Outlook-np3rrraa%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27Outlook-linea%2Epng%27,2,%0D%0A%27%27,%0D%0A%27Outlook-linea%2Epng%27,%0D%0A21,%5B24886,274%5D,%27Outlook-linea%2Epng%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27Gohagen+prince,+Lavern%2Epdf%27,2,%0D%0A%27%27,%0D%0A%27Gohagen+prince,+Lavern%2Epdf%27,%0D%0A5,%5B25160,22657%5D,%27Gohagen+prince,+Lavern%2Epdf%27,%0D%0A%27ISO-8859-1%27%5D,%0D%0A%5B%27MessageBar%2Ehtml%27,4,%0D%0A%27%27,%0D%0A%27%27,%0D%0A1,%5B47817,35235%5D,%27MessageBar%2Ehtml%27,%0D%0A%27ISO-8859-1%27%5D%0D%0A%5D,%0D%0A%27salt%27%3A%27JsbhDidyR6p3%2BrPL1WgYZP0DHRQ%3D%27,%0D%0A%27data%27%3A%5B%0D%0A%27%27,%27DzLkq80jLhmG26DjLQoOwJQM2qiylocyvzI%2FMZtpFqpco5NtjRDd2C9Y2YOH4PMRAezK137Jl5zR7pCvzsNCk4ElgS7sl%2FseNQLAIWmfHnaHWDROubWwCOVbFAJ3T8ePUpTvTn2%2BdqeaOsWMdg9aO05GB5Eco59%2B%2BcJGZ5NMjnYPtfqmO8qufJFI3%2Bp3zBIxUWoA8lFJsT8IAafDdJ4tDV0SZR%2FCPJYdIFcnWtlsxFjCJly68Fai2FKP3Xhcd2OBO5YKLKFJh7yJ6W4PNsCLiWvR%2FaLcNSdwAvz2i0R7oz6F3fYyaMG7tWpASXtFJqMUXgV5O1L9efGoHKtTpYm1VA7V44DSKEul8UogIysyuiiLCDHyPRGD7NhPofdxGWSFaJ8YrgQ4BpDqzHcUJjl3XjuidkqCzmQEautWxDLT9JxlTV%2F0wckGIxBGsTVAv6rDSDgqHY3TxIsg2oIaMsFbYOO1Oi35SOf%2BM0wJadPnTudSkAoyLaFJkufesKuoQSWV2QOyTMjhdVF9Yd8XGvcblwcLxJt64rgFB0nfO3iXQH1MxU9Jz7fQ5gXvq0C3O3pKlz9Cvs92qmv2HIIVjdT0CZLsQjA2Mm6fpQvyIPcFI9eSo8m1yGmiUWLN5zegsE3wJA6MKNDAPmAs9hlSAMGzBZuFV3G%2BE4B92H4xoTEaFeYu%2FKkHoDJ%2FOtiHgr2J7T33W5WtFeYWaOHpAJaEMGIVg4nwugbFsqtD3o%2BV0KNChimVAU4Bfsm2Bmm43oXNAdyfJMN%2FU%2BBGiRVJsot3wB4FOuWaRHEwK9cTbe3pdj3HvJnS5JQc1zOE2iaMVuz4HdrUeKRFuRKGD4R51OPQ%2ByDM%2Bp4dc2zGlndNnI2Ausk7uaQ4FCRswGzJVG9%2FaKSOmFIKGAxrZwN8B44KwABt2fDB%2FEFLGgJFp45uh9eo2hwRM9fGLvDgZFtaYkWx5P2k9JsGtlJEuQDs%2F3q6H%2Bb72OAgjnm9mqXHWpu9MXLtFSFPVrrgnUSgO9h1mTQo3s1nywpfnxIqDYdCA7xiaFSnBpOGv7Qd1ZzHBNfaQml9rxiX0PIWkNQohNCP2zt4rRLMzkvozeLdUZTIsCT5R9MMqS7MUtRt5Knu0r6Q6sqL%2BGvXRD6W140%2BBHHnBRFlMBHeEHxnnXnH18OfJLKRSPnpiJ4GLzlvCpZP7KBShCYKVpRC98Jf1z9jsVS%2FSxk%2FlRksuoFp
Source: global trafficHTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: static.cres-aws.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: res.cisco.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.16.236:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 92.122.16.236:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.53.18:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.88:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.winHTML@15/33@22/185
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20241220T070409.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1984,i,15915704308689888465,1084030690816859947,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1984,i,15915704308689888465,1084030690816859947,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
res.cisco.com
52.86.107.71
truefalse
    high
    cdnjs.cloudflare.com
    104.17.25.14
    truefalse
      high
      maxcdn.bootstrapcdn.com
      104.18.10.207
      truefalse
        high
        www.google.com
        142.251.37.196
        truefalse
          high
          d2qj7djftjbj85.cloudfront.net
          18.66.161.47
          truefalse
            unknown
            static.cres-aws.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://res.cisco.com/websafe/register?uuid=8b9ddd3600000193e4ae9746ac2b6409548953dc&localeUI=enfalse
                unknown
                http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?button=ok&lp=enfalse
                  unknown
                  http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?button=google&lp=enfalse
                    unknown
                    file:///C:/Users/user/Desktop/securedoc_20241220T070409.htmltrue
                      unknown
                      http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMDQy/EDHDiKI8CM7DuDfvvGX.LBPA8zK2GF0syIUdcufnIJge4SR5BzcO9NiXyiFnSJC7dYKcSTV7NaqnEXIvoB7QUMa5GrE9cr7oqA!!/?lp=enfalse
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        172.217.19.206
                        unknownUnited States
                        15169GOOGLEUSfalse
                        1.1.1.1
                        unknownAustralia
                        13335CLOUDFLARENETUSfalse
                        108.177.15.84
                        unknownUnited States
                        15169GOOGLEUSfalse
                        104.18.10.207
                        maxcdn.bootstrapcdn.comUnited States
                        13335CLOUDFLARENETUSfalse
                        142.251.37.170
                        unknownUnited States
                        15169GOOGLEUSfalse
                        172.217.17.35
                        unknownUnited States
                        15169GOOGLEUSfalse
                        142.250.200.238
                        unknownUnited States
                        15169GOOGLEUSfalse
                        18.213.181.245
                        unknownUnited States
                        14618AMAZON-AESUSfalse
                        239.255.255.250
                        unknownReserved
                        unknownunknownfalse
                        23.21.244.17
                        unknownUnited States
                        14618AMAZON-AESUSfalse
                        18.66.161.59
                        unknownUnited States
                        3MIT-GATEWAYSUSfalse
                        172.217.17.74
                        unknownUnited States
                        15169GOOGLEUSfalse
                        52.86.107.71
                        res.cisco.comUnited States
                        14618AMAZON-AESUSfalse
                        18.66.161.47
                        d2qj7djftjbj85.cloudfront.netUnited States
                        3MIT-GATEWAYSUSfalse
                        142.251.37.196
                        www.google.comUnited States
                        15169GOOGLEUSfalse
                        172.217.21.35
                        unknownUnited States
                        15169GOOGLEUSfalse
                        104.17.25.14
                        cdnjs.cloudflare.comUnited States
                        13335CLOUDFLARENETUSfalse
                        142.250.181.74
                        unknownUnited States
                        15169GOOGLEUSfalse
                        IP
                        192.168.2.17
                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1578964
                        Start date and time:2024-12-20 16:27:04 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:20
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • EGA enabled
                        Analysis Mode:stream
                        Analysis stop reason:Timeout
                        Sample name:securedoc_20241220T070409.html
                        Detection:MAL
                        Classification:mal56.phis.winHTML@15/33@22/185
                        Cookbook Comments:
                        • Found application associated with file extension: .html
                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 172.217.21.35, 142.251.37.170, 108.177.15.84, 142.250.200.238, 172.217.17.46, 172.217.17.74, 199.232.214.172
                        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: d2qj7djftjbj85.cloudfront.net
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 14:27:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2677
                        Entropy (8bit):3.9879586384061274
                        Encrypted:false
                        SSDEEP:
                        MD5:64AD42A41912C2DF2B60E2F9B9FED862
                        SHA1:A80FE283072C89305E4E354BF1AE4DCC1BC64343
                        SHA-256:6EC37DF48C8F626DF74CA65C56C9D656FA781022A2063A3D966C3D1831373EE8
                        SHA-512:D1C701837FCA540922F12D624B0F43ED854ACC10C1AE1601D0457C5DBEB7A4A538FA1B80FB0939198CD4F9451E0FCA6F64CBBA260DBFD3582A36580C1DAEA619
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....I2`..R......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Yt{...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 14:27:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2679
                        Entropy (8bit):4.005967029660025
                        Encrypted:false
                        SSDEEP:
                        MD5:E8A5CCD525DE1BE42FDE57CDE2202FF4
                        SHA1:F01ED6611FD384F49E6235C5286E029433511507
                        SHA-256:74BA388A094FDA28C6DB99C3F23ABC2786307BD8223115B1C338F5EFEAD1340E
                        SHA-512:C21F969968C11B6A1BF29ABEB625F35C29F4301E3C1CB383DCDFA71FCC660CB6F822F06851A9BE7C16C475AEC87EBE94DC73C047C75B5A5BB34264D9AB0543C6
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,......U..R......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Yt{...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2693
                        Entropy (8bit):4.015375748618391
                        Encrypted:false
                        SSDEEP:
                        MD5:F743B02AA12682E9C02B57DBC1940D6E
                        SHA1:5E5A57C16179913266EF15A11E215ED676C09D34
                        SHA-256:892C99122490B562A826EFEF81DB75CDA7114F7AE223B49677EAC0E279166C08
                        SHA-512:3AA81BE75566127D20EF488B91EE045C36A0B49080AF67819D16913B9966CA236F96E9B15CE081B5E1488BE4DD1521841A6C2B21A39126D660818021A267A33C
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 14:27:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2681
                        Entropy (8bit):4.002170574971792
                        Encrypted:false
                        SSDEEP:
                        MD5:EA61BE2F144FFC4465899C4F6689F413
                        SHA1:7E2BE4D99122825E8FA9B92058BE981616C69F82
                        SHA-256:34D338109698129F76C0470B9A695C9357793EA143C7478E295B2DB26ACFC618
                        SHA-512:8874B06F5B0C3960FD5A5F17DAC41FA0F7E24F3820DCCEB2EFD7C57154C8321FFA4D07C782511990023E379B02C20FC9B97F0F5B18837CA312C1E54B53698E17
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,......P..R......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Yt{...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 14:27:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2681
                        Entropy (8bit):3.9926171516905393
                        Encrypted:false
                        SSDEEP:
                        MD5:BB580861BF40E9B3EA847BA960CBC051
                        SHA1:B6A1134113DB9BDA5CB3BED6E71D1FAECCD954C5
                        SHA-256:AA7DEF84C9FC81D85F5524081D4BDD77ACE0F76628746D522A941F00716757CB
                        SHA-512:467EDBEC05C709FC7356F7ECCDE78643C3EAE06F03CBB6CFA3FA392CA318CC00F00DF16B4EA8AAA5CE33658025677CB73A7EF41074E9E40F39BB60BE1EF3BFCD
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....x)[..R......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Yt{...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 20 14:27:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                        Category:dropped
                        Size (bytes):2683
                        Entropy (8bit):4.002031463860381
                        Encrypted:false
                        SSDEEP:
                        MD5:9E29DD7E0DC16004038FA441CBD75C57
                        SHA1:BF3C65F0900AD0C7522A576CF64FF50232038F18
                        SHA-256:2BA93E802D47B70929357279DF27D5889F2C8585CC0C2DB23E89FB0CC489B4DA
                        SHA-512:254B4F4DA51969FFA151C81B3406E939F1A77E51E046DEA52F02C91BFBE4FEC679B9C17106982CCB4B78FE6819081C4666DB6B3A57B9C0482C95BF3551AA9761
                        Malicious:false
                        Reputation:unknown
                        Preview:L..................F.@.. ...$+.,....I.G..R......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Yj{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ys{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Ys{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Ys{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Yt{...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........x..l.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:downloaded
                        Size (bytes):2111
                        Entropy (8bit):5.156495456552832
                        Encrypted:false
                        SSDEEP:
                        MD5:0EF5306CD54F1799C9FA23548762EC4A
                        SHA1:6E56D085A9136CBE8EBEC45DA4F18BA0299C5F0C
                        SHA-256:CD4EB96D517491FCBA4D0748AD53B58DA9A3644DB226BE8B55FD93473AD8ADDD
                        SHA-512:9FAE934C7A32993AF7B88AB294EFC4CA8CAB8552A112697AFFD0F27E916A728F98983D241CAFC0CB25563317120D70B73A0B42BA61FCFECFF8492E654CDBE6A3
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/websafe/templates/screen-reader.js
                        Preview:..var screenReaderCalled = false;....function insertForScreenReader(text){...var warning = document.getElementById('timeoutMessage');...warning.innerHTML = text;...warning.style.display = "none";...warning.setAttribute("aria-live","assertive");...warning.setAttribute("role","alert");...warning.setAttribute("aria-invalid","true");...warning.style.display = "block";...warning.focus();..}....function notifyTimeout(){...var t = document.getElementById('sessionTimeout');...var m = document.getElementById('timeoutMessage');...if(t != null && m != null){....var timeout = t.value;....var message = m.innerHTML;....document.getElementById('timeoutMessage').innerHTML = "";....if(timeout != null && message != null && timeout > 60){.....setTimeout(function(){......insertForScreenReader(message.replace('[timeout]',(timeout-60)/60));.....},60*1000);..........setTimeout(function(){......insertForScreenReader(message.replace('[timeout]',1));.....},(timeout-60)*1000);....}...}..}....function updateScree
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter LightRegular3.019;
                        Category:downloaded
                        Size (bytes):304092
                        Entropy (8bit):6.319721866705066
                        Encrypted:false
                        SSDEEP:
                        MD5:60C8F64064078554B6469EEDA25944EB
                        SHA1:732E278A85762A0EDFB4E077E44E3EB39D8AF92E
                        SHA-256:7FB161BBEB1C03F21D9A80601400D803E7EA7DD6FC8EA164F2B2A073E7722953
                        SHA-512:57F3E7EC496FCA463848AC63E5BD6EC0967A1CC461D0580868B0625DCA78ECEC14FC13391E4B8F1BA08A598DFAF3DD08D721AD2B5AD31C35B9CC9BFAB3CFA03F
                        Malicious:false
                        Reputation:unknown
                        URL:https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf
                        Preview:............GDEF1.1...;l....GPOSDT{6..?...!dGSUB..fx..`...B.OS/2"3nb..n....`STAT.M.?.......Dcmap/....n...e.gasp......;d....glyf...........qhead-.aF..Fp...6hhea......nt...$hmtx......F...'.loca.]........'.maxp........... name5.\.......8post..5r......d.preph..................................!...!...!...!...!...........................@.........................O............!#.3.#.#.!.!..........~...................O.............#..!#.3.#.#.!.!."&54632....!"&54632..............~........3MM37II..3MM37II...........M37II73MM37II73M...O...../.&.......l.4.....O.......&.......f.O.....O.......&.......d.......O.....P.&.......j.,.....O.............&..!#.3.#.#.!.!."&546632......'2654&#"..............~.........p.H{JKzHHzK@WW@@WW............pKzHHzKJ{HuY?@XY?@X...O.......&...............O...'...&.......v.......O.......&.......m.m.....O.......&.......n.4.....O...'...&.......v.......O.....a.&.......s.,.....O.......&...............O.......&...............O.......&.......{.L.....O.....g.&...............O
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte
                        Category:downloaded
                        Size (bytes):309772
                        Entropy (8bit):6.315392152109917
                        Encrypted:false
                        SSDEEP:
                        MD5:D17C0274915408CEE0308D5476DF9F45
                        SHA1:444CDCA680F8CE64C16FE5A606DCFBE4B33E7925
                        SHA-256:F9342F2D916AA89C924BC2ADCC1D3BFBB6EB54675E48953BACC49024FC768F76
                        SHA-512:2C38DE878D1F6D254090555B9FDF517CCCC641457020A577DADB73056F04E25488328C27129E146C10456EAA97AE5E9077DFE5B88C1A1DF5015FD1DA5A289CEC
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/admin/fonts/Inter/Inter-Bold.ttf
                        Preview:............GDEF1.1...F.....GPOS..2/..J...,.GSUB..fx..w...B.OS/2#.nB..yP...`STAT...G.......Dcmap/....y...e.gasp......E.....glyf..5.......(+head-.aF..Q(...6hhea......y,...$hmtx7."...Q`..'.loca......)X..'.maxp......)8... name00T....D....post..5r...\..d.preph......<.......#...i................!...!...!...!...!..#.F...F...F...F...F.......@.........................C............!!.!.!.#.!.!...0.......0......H.......,.......C.....i.......#..!!.!.!.#.!.!."&54632....!"&54632.......0.......0......H...V||VWyy..V||VWyy.....,......ySUvvUSyySUvvUSy...C.....^.&.......l.v.....C.......&.......f.......C.......&.......d.n.....C.....~.&.......j.......C.............&..!!.!.!.#.!.!."&546632......'2654&#........0.......0......H...'..S.UU.SS.U8NN88ON.....,.......|S.QQ.SS.Q.L76L.L66M...C.....?.&.........V.p...C.......&.......v.^.....C.......&.......m.......C.......&.......n.v.....C.......&.......v.^.....C.....~.&.......s.......C.......&...............C.......&...............C.......&.......{.......C.......&..
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:downloaded
                        Size (bytes):7929
                        Entropy (8bit):5.26287000902218
                        Encrypted:false
                        SSDEEP:
                        MD5:33324DCFDD062F0A8DE8EED8FF502D3D
                        SHA1:045DE377840FD9483F96BEDA8E31CE21A1AFB891
                        SHA-256:BB7DC3ACAC065441D1AF2D501E6491FA30A72119BA6C5F844C89290D04A0EF7E
                        SHA-512:A4DBED13C3414332DC841F41440175411979835C186C8BED6E1B84E3D623C010508C3B979B8C2552E2819E447B359F3133C19DA84D2462386FF2999E007DCB1F
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/websafe/templates/css/postx-registration.css
                        Preview:body {...margin: 0;...padding: 0;...min-width: 100%;..}....img {...height: auto;...}....#wideCenteredContainer {...width: 100%;...margin: 0;..}.....inlineSetLocaleRowId,div:empty {...display: none..}.....formInputRow {...margin-top: 1px;...margin-bottom: 1px;..}.....formInputLabelCell, .formRequiredInputLabelCell {...min-width: 100px;...vertical-align: middle;...color: #626469;.. font-family: CiscoSans;.. font-size: 14px;.. line-height: 21px;.. padding-left: 0px;.. padding-bottom: 0px;..}.....emailCell {...border: 1px solid #C6C7CA;...border-radius: 3px;...background-color: #E9E9E9;...color: #39393B;...font-family: CiscoSans;...font-size: 14px;...line-height: 19px;...padding: 5px;...word-break: break-word;...float: left;..}..../* .emailWidth{...min-width: 104%;..} */.....formInputCell input {.. box-sizing: border-box;.. height: 28px;.. width: 250px;.. border: 1px solid #9E9EA2;.. border-radius: 3px;.. background-color: #FFFFFF;.. font-family: CiscoSa
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):18445
                        Entropy (8bit):4.897847983137727
                        Encrypted:false
                        SSDEEP:
                        MD5:096CE0B8694339B10AA989E61521A9CA
                        SHA1:4834282EA07AFF4A2D83684E9538F51475077297
                        SHA-256:252FC0DEE0B0A65A653A09D20E388C3A9B2D201ACCEAE55FDB19B5ACDD5A75FE
                        SHA-512:48E6B0F57746E131C077EE247BA0F481E88D97128DA229EFB0B521CE8AE9E60A3795D93625C3E6D7E9749A464353900F3EE19860C22A47C7FF9716A026C9D9D5
                        Malicious:false
                        Reputation:unknown
                        Preview:function onLoadPage().{. // Hide and unhide some things. For now we assume everything that might. // need to be toggled is a div or a... toggleVisibility('div');. toggleVisibility('a');.. // Set the focus on the field identified in our XML. If no field. // was identified then look for the one named focusItem (which. // might not exist). If a field name was provided but is equal. // to 'nofocus' then don't try to focus on anything... var focusID = (typeof focusItemID == 'undefined') ? '' : focusItemID;. var focusElement = '';.. if (focusID). {..if (focusID != 'nofocus')..{. var focusIds = focusID.split(" ").. //break at firstMatch. for (let i = 0; i < focusIds.length; i++) {. focusElement = document.getElementById(focusIds[i]);. if (focusElement){. break;. }. }. if (!focusElement)... focusElement = document.getElementById('focusItem');. if (!focusElement).
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (322), with CRLF, LF line terminators
                        Category:downloaded
                        Size (bytes):1393
                        Entropy (8bit):5.448129047191084
                        Encrypted:false
                        SSDEEP:
                        MD5:32414D6B168E80B110742EDBFF770F30
                        SHA1:2C7BDD9A52C4E90A63BE021710C042EE98972170
                        SHA-256:93A7E8FE6863E874A361E8A1972602A65041FCE2DD75F5D4E1D617139602C859
                        SHA-512:0523E5EE4C5422B00A81EC786268C0BCD0B04AD5221A2977130D447ED281E72ABB949619E1C6886C020B3BF56F5C7C5AD6736523444586DC4B437948047B51E7
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/keyserver/keyserver?su=AGALLARDO%40PEARLHOLDING.COM&df=&tf=&lp=en&v=2&m=%7c1__861aeea900000193e498f3200a0d26ebbcc6f688%40esa19.hc5532-55.iphmx.com&s=1&f=0&d=1734708461450&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36
                        Preview:if(l_)..l_({.."RPCRef":payload.rpc,."callback":qr..,'action':'open'..,'status':11..,'message':'Please enroll before opening this Registered Envelope.'..,'state':1..,'reqTime':1734708461450..,'reqNumber':1..,'recipientIdentified':false..,'success':true..,'cookiesEnabled':true..,'hadRememberMe':false..,'hadEnablePSP':false..,'openOnline':false..,'recipient':'agallardo@pearlholding.com'..,'sessionId':'167B0CB526364B0D220C29A6850ECC5A'..,'lp':'en'..,'credentialsExpiredWarning':false..,'credentialsExpiredDays':-1..,'pswdExpLink':'https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=agallardo@pearlholding.com'..,'waitTime':50000..,'minPoll':1000..,'maxPoll':5000..,'totalPoll':1200000..,'supportedLocales':[['en','English (US)'],['nl_NL','Dutch'],['de','Deutsch'],['es','Espa\xf1ol'],['fr','Fran\xe7ais'],['it','Italiano'],['pl','Polski'],['pt','Portugu\xeas'],['ru','\u0420\u0443\u0441\u0441\u043a\u0438\u0439'],['zh_CN','\u4e2d\u6587(\u7b80\u4f53)'],['ja','\u65e5\u672c\u8a9e'
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:PNG image data, 2326 x 832, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):28174
                        Entropy (8bit):7.055565877507378
                        Encrypted:false
                        SSDEEP:
                        MD5:7F77AEF78868ADB8CD49426C79FAC8A6
                        SHA1:A6DCF84EA9173B72260E46CB52D35E65F17A9DC6
                        SHA-256:F705BD8D39DB37084F0A7F074DA84FF91F3083BFB0BA04512D0AF2AE5D60F854
                        SHA-512:E5C2429B7C734FD893E2F3F652FB2255E9027D6DF8C23DA71C9B904F53ACBCBD42FD95E1D71A6F6A5FF301C608CCABDF6D6173560007DFB650DB5B7F1BF815A5
                        Malicious:false
                        Reputation:unknown
                        Preview:.PNG........IHDR.......@.....T......pHYs..........&.?.. .IDATx....q[G....S.?....G@N..#0'.q#.6...,............T.......\X...@..s..bQ.>..6.........................................`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X.........4............`...........,...........E........@C..........h.............".........!X......
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I
                        Category:downloaded
                        Size (bytes):303504
                        Entropy (8bit):6.240980841374878
                        Encrypted:false
                        SSDEEP:
                        MD5:A4A7379505CD554EA9523594B7C28B2A
                        SHA1:C2767D146C3C10FE6C9B8AC0F181EF907C111F19
                        SHA-256:EEAB48280AACD4FC83C1C7E735681DF9EDD1B59588DDE23D0339BCF6552FB788
                        SHA-512:469B0C4390DAEAC176EB9D5EF5B709E00D6957137A8EB61E1A82F70B8920CED5CCE7AD33FF94410E74F27D36CD33A7D73A97F7EEFF8CAA390195CEEEBFAB60AF
                        Malicious:false
                        Reputation:unknown
                        URL:https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf
                        Preview:............GDEF1.1...;.....GPOS...X..?.....GSUB..fx..^...B.OS/2".nb..nL...`STAT.q.E...H...Hcmap/....n...e.gasp......:.....glyf..O4.......&head-.aF..F$...6hhea......n(...$hmtx..L...F\..'.loca.].4...T..'.maxp.......4... name0$Q@...@....post..5r...X..d.preph......8............................!...!...!...!...!...........................@.........................H...(........!!.!.!.#.!.!.L..........................d....H...(.@.......#..!!.!.!.#.!.!."&54632....!"&54632.....L....................?aa?E[[..?aa?E[[.......d...a?E[[E?aa?E[[E?a...H...(.H.&.......l.@.....H...(...&.......f.d.....H...(...&.......d.......H...(.h.&.......j.8.....H...(.........&..!!.!.!.#.!.!."&546632......'2654&#".....L.....................x.N.PP.NN.P>RR>>RR.......d..H.xP.NN.PP.N.U==UU==U...H...(...&...............H...@...&.......v.......H...(...&.......m.@.....H...(...&.......n.@.....H...@...&.......v.......H...(.h.&.......s.8.....H...(...&...............H...(...&...............H...(...&.......{.@.....H...(.t.&.......
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:assembler source, ASCII text, with very long lines (532)
                        Category:downloaded
                        Size (bytes):122633
                        Entropy (8bit):5.0561485054636455
                        Encrypted:false
                        SSDEEP:
                        MD5:327455C921FD609119557C0E6C125F1A
                        SHA1:313B51FF43F674A6D3C912B5F7BE6D161382CA05
                        SHA-256:ED17CD34424CD1231D8AEAF80F0DC27F604BE4AE9A8C61D82581B2984FD1E1AF
                        SHA-512:069D3E086845BE2671E791A429D9E111058D1D0396F0770F426F6759FA200170CB33FC4A0DC17CDA7BFC67DF3FC88329A237140E7BBC2A267D47ADD057DB935F
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/websafe/templates/css/postx.css
                        Preview:/* General styles */./* $Id: postx.css,v 1.104 2016-03-10 11:36:12 igitskai Exp $ */.@media (forced-colors: active) and (prefers-color-scheme: light) {. .headericons {. filter: brightness(0) saturate(100%);. }. #localeUI {. filter: invert(1);. }. svg{. filter: brightness(0) saturate(100%);. }.}.html {. background-color: #f7f7f7;.}.body{. background-color: #f7f7f7;. background: #f7f7f7 !important;.}.input:not([disabled]):not(.mds-button):hover {. border-color:#7aa7f5!important;.}.input:not(.mds-button):focus {. border-color:#598ede !important;. box-shadow:0 0 0 2px #326cd133;. outline: none;.}.input:not(.mds-button):focus:hover {. border-color:#598ede !important;. }./*to remove browser specific background color when inputs are auto filled */.input:-webkit-autofill . {. -webkit-box-shadow: inset 0 0 0px 9999px white;. }. input:-webkit-autofill:focus. {. -webkit-box-shadow: inset 0 0 0px 9999px white,0 0 0 2px #326cd133 !important;. }.textarea:hover {. border-
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1920x1280, components 3
                        Category:dropped
                        Size (bytes):155249
                        Entropy (8bit):7.9359220373800605
                        Encrypted:false
                        SSDEEP:
                        MD5:C3598F2D3BF6694DF3378AAFC792BFEE
                        SHA1:BBCA95477B9B15A41E4EDC59784D76F621A27263
                        SHA-256:A7842139A79734699FB6BD749733DA53E30B3634FB8C2695B57FD1A017DD1FE2
                        SHA-512:5623BDBCD1FC446518E1DCE0817813E55938136D09375F35CFF3F828085C5B9A383DB43904565B7B5399B12919C72D56E0D4E00CB5582FE158E793CF41795425
                        Malicious:false
                        Reputation:unknown
                        Preview:.....JExif..II*...........&...........sandra cifo. www.cifography.com. 2016.......Ducky..............http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="336EC317CA114058096C1124050B0AA8" xmpMM:DocumentID="xmp.did:DAB4B4FE077711EAA675C9DC7313E7A3" xmpMM:InstanceID="xmp.iid:DAB4B4FD077711EAA675C9DC7313E7A3" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E712D444FE6211E994A3CEA94946B049" stRef:documentID="xmp.did:E712D445FE6211E994A3CEA94946B049"/> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:Unicode text, UTF-8 text, with very long lines (64131)
                        Category:downloaded
                        Size (bytes):70357
                        Entropy (8bit):5.316512415217151
                        Encrypted:false
                        SSDEEP:
                        MD5:7C909F6DD07BED69C9CDABC9DEE2C131
                        SHA1:7EF0ABFDB5935CDC2D50953FC0CEE43ABB501C28
                        SHA-256:C1F5534ED276A1EAA57B106C7DADCC994A01EFBC033513EA4F5435580D8C327E
                        SHA-512:E7E16B1264A28E3C5102B25678B7022048284180205348126BD32034C37EB55492F8C3D9B0493D6BB3A43D9AFB0338CD2678352A5FAD5CE415B4972C53E031D3
                        Malicious:false
                        Reputation:unknown
                        URL:https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
                        Preview:/*! Select2 4.0.12 | https://github.com/select2/select2/blob/master/LICENSE.md */.!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=function(e,t){return void 0===t&&(t="undefined"!=typeof window?require("jquery"):require("jquery")(e)),n(t),t}:n(jQuery)}(function(u){var e=function(){if(u&&u.fn&&u.fn.select2&&u.fn.select2.amd)var e=u.fn.select2.amd;var t,n,r,h,o,s,f,g,m,v,y,_,i,a,w;function b(e,t){return i.call(e,t)}function l(e,t){var n,r,i,o,s,a,l,c,u,d,p,h=t&&t.split("/"),f=y.map,g=f&&f["*"]||{};if(e){for(s=(e=e.split("/")).length-1,y.nodeIdCompat&&w.test(e[s])&&(e[s]=e[s].replace(w,"")),"."===e[0].charAt(0)&&h&&(e=h.slice(0,h.length-1).concat(e)),u=0;u<e.length;u++)if("."===(p=e[u]))e.splice(u,1),u-=1;else if(".."===p){if(0===u||1===u&&".."===e[2]||".."===e[u-1])continue;0<u&&(e.splice(u-1,2),u-=2)}e=e.join("/")}if((h||g)&&f){for(u=(n=e.split("/")).length;0<u;u-=1){if(r=n.slice(0,u).join("/"),h)for(d=h.lengt
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (65447)
                        Category:downloaded
                        Size (bytes):87533
                        Entropy (8bit):5.262536918435756
                        Encrypted:false
                        SSDEEP:
                        MD5:2C872DBE60F4BA70FB85356113D8B35E
                        SHA1:EE48592D1FFF952FCF06CE0B666ED4785493AFDC
                        SHA-256:FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
                        SHA-512:BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
                        Malicious:false
                        Reputation:unknown
                        URL:https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
                        Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 15 tables, 1st "FFTM", 30 names, Macintosh
                        Category:downloaded
                        Size (bytes):10948
                        Entropy (8bit):5.681032264103322
                        Encrypted:false
                        SSDEEP:
                        MD5:FD6EC063F4FDB8130A0BB83B8BFEEF1B
                        SHA1:1C58C28756170ED365D535C2A4667FA34BDAF2F6
                        SHA-256:6D821BFA1C0E286427E0B31DA501B39333E2A3D791CEBF213B2E605393656D8A
                        SHA-512:D6973E941027232BABFCD9CE40985C36D1DD246E83B48D36AB6A588E70CC08C6B163D9E6156788F55B294AB467008E29991107D79AB6F9303D4AF95C38E5415E
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/admin/fonts/SharpSans/SharpSans-Bold.ttf
                        Preview:...........pFFTM..~U..*.....GDEF.%.....t....GPOS3.$[........GSUB...........fOS/2g.....x...`cmapV..(.......bgasp.......l....glyf.".\........head.o'w.......6hhea...-...4...$hmtx...4........loca...L...L....maxp...4...X... name..".........postC..................~7&^_.<..........~................................................................D.....D.1.................@.........h.......................2..............................SHRP... .z.....;...2 ...M.......... .....@.....M.........)...3...&.S.$.M.....'.Q.#.{.3.6.*.k.*.n.+.......@.......@.c.@.L.@.>.....@...E.......@.J.@.F.@...@.G.....@.I.....@.}...y.-...>...................4.^.#...6.e.%...%.|.%.......%.b.6...$.....Y.6...6...6.c.6...%...6...%...6.........c.5.E.......\...Q...-.)...$...................\...........@........... ...9.Z.z..... ...0.A.a.................................................................................................................. !"#$%&'(......)*+,-./0123456789:;<=>?@AB...................................
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:SVG Scalable Vector Graphics image
                        Category:dropped
                        Size (bytes):387
                        Entropy (8bit):5.179130709592589
                        Encrypted:false
                        SSDEEP:
                        MD5:1F6AF349658BA40D72AA4C87AECC722A
                        SHA1:E3ABD390D66D37C5C245C6AD172E5433584E2B39
                        SHA-256:042CD20A95524AAAE53879E8D0210E9D79F0EB9E42E7C6E25EE4A8BDE703FAC0
                        SHA-512:4A508F8F4AF98DAEC5218A4B38103898661D1B430783DE4DB314F1EA9D1D891B85987DF734D9697A49A03F23E54B8B137E16B64E519658351EBADD7330E4C79D
                        Malicious:false
                        Reputation:unknown
                        Preview:<?xml version="1.0" encoding="UTF-8"?><svg id="a" xmlns="http://www.w3.org/2000/svg" .viewBox="0 0 16 16">.<defs><style>.b{fill:#ffffff;fill-rule:evenodd;}</style>.</defs>.<path class="b" d="M3.881,6.131c.342-.342,.896-.342,1.237,0l2.881,2.881,2.881-2.881c.342-.342,.896-.342,1.237,0s.342,.896,0,1.237l-3.5,3.5c-.342,.342-.896,.342-1.237,0l-3.5-3.5c-.342-.342-.342-.896,0-1.237Z"/></svg>
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1440x960, components 3
                        Category:dropped
                        Size (bytes):51646
                        Entropy (8bit):7.866024072803453
                        Encrypted:false
                        SSDEEP:
                        MD5:E38D601F1F6EF6663954EC55183C5FDE
                        SHA1:63D466158889D3043056ACDFBF330F16E55DA498
                        SHA-256:9B8699D04D29EC9D28E06E4953C40AADE72619EF9813F25632E25DD5FFDBC89C
                        SHA-512:18A6DC392E478161B8EED8C45D69E46E6CA12D0FF7D07FF2C310F31CD7818A34646FB4AB4A7E4EE95BED95AC69E685E799DBFCCCD42179B7C2907A0387C72E31
                        Malicious:false
                        Reputation:unknown
                        Preview:.....JExif..II*...........&...........sandra cifo. www.cifography.com. 2016.......Ducky..............http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="336EC317CA114058096C1124050B0AA8" xmpMM:DocumentID="xmp.did:36715E7A1D7511EABBCCF15DA342EC86" xmpMM:InstanceID="xmp.iid:36715E791D7511EABBCCF15DA342EC86" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DAB4B4FD077711EAA675C9DC7313E7A3" stRef:documentID="xmp.did:DAB4B4FE077711EAA675C9DC7313E7A3"/> <dc:rights> <rdf:Alt> <rdf:li xml:lang="x-
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (48316), with no line terminators
                        Category:downloaded
                        Size (bytes):48316
                        Entropy (8bit):5.6346993394709
                        Encrypted:false
                        SSDEEP:
                        MD5:2CA03AD87885AB983541092B87ADB299
                        SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                        SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                        SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                        Malicious:false
                        Reputation:unknown
                        URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                        Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter SemiBoldRegular3.0
                        Category:downloaded
                        Size (bytes):309432
                        Entropy (8bit):6.313238065412327
                        Encrypted:false
                        SSDEEP:
                        MD5:1753A05196ABEEF95C32F10246BD6473
                        SHA1:ACDA92ADC6CF8C67C89395C65F371A4D2B05A783
                        SHA-256:F5595839DEBDB0D028116ED8A7579F31D1C2F712677A2E794459A5DCE6ECA929
                        SHA-512:68AA83B7521EFDD53D810E5BC8A6AC0F211CBB989CBA9C317D5AD196FFA08D439CC096C823305D5316D5B0D17FB9D6ED6E39CD0A28E0B2478A2DCCE01D78B760
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/admin/fonts/Inter/Inter-SemiBold.ttf
                        Preview:............GDEF1.1...D.....GPOS...t..H...-.GSUB..fx..u...B.OS/2#_nb..w....`STAT.y.E...t...Dcmap/....x...e.gasp......D.....glyfj.........&.head-.aF..O....6hhea......w....$hmtx$5.9..O...'.loca..)...'...'.maxp......'.... name7\`.......Ppost..5r......d.preph.................C................!...!...!...!...!............................@.........................E............!!.!.!.#.!.!...t.......t......8.......\.......E.....[.......#..!!.!.!.#.!.!."&54632....!"&54632.......t.......t......8...OssOQoo..OssOQoo.....\......pLPmmPLppLPmmPLp...E.....V.&.......l.d.....E.......&.......f.......E.......&.......d.R.....E.....v.&.......j.......E.............&..!!.!.!.#.!.!."&546632......'6654&.".......t.......t......8....}.Q.ST.QQ.T:PO;:OO.....\.......{R.PP.RR.P..O88P.O88P...E.....).&.........B.....E.......&.......v.......E.......&.......m.......E.......&.......n.d.....E.......&.......v.......E.....v.&.......s.......E.......&.........N.....E.......&.........b.....E.......&.......{.......E.......&.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (65324)
                        Category:downloaded
                        Size (bytes):155758
                        Entropy (8bit):5.06621719317054
                        Encrypted:false
                        SSDEEP:
                        MD5:A15C2AC3234AA8F6064EF9C1F7383C37
                        SHA1:6E10354828454898FDA80F55F3DECB347FD9ED21
                        SHA-256:60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
                        SHA-512:B435CF71A9AE66C59677A3AC285C87EA702A87F32367FE5893CF13E68F9A31FCA0A8D14F6A7D692F23C5027751CE63961CA4FE8D20F35A926FF24AE3EB1D4B30
                        Malicious:false
                        Reputation:unknown
                        URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
                        Preview:/*!. * Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                        Category:downloaded
                        Size (bytes):1150
                        Entropy (8bit):1.7491585968207541
                        Encrypted:false
                        SSDEEP:
                        MD5:E19FDB47503248CA528DCCE82458B722
                        SHA1:51CBCBF58B3A7DFF677E3551BC4A3EDBC5DFFC93
                        SHA-256:62A8461E328D5BACE3780FF738D0B58F6502592C04AFA564E0A8A792583A7BFB
                        SHA-512:543BA079358D7C66FC08F3F929E45AF64300CA6842D6BB283CE77B10151F081CD7FE057E94C38CEBD545BE185488725A1B6EC1D95656F7EB5E6A30BF94190EE7
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/favicon.ico
                        Preview:............ .h.......(....... ..... .............................................................................................................................................................................................................................................TT......................................................................................................................................................................................................TT...................................................................................................................f/......................f/......................f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/......f/..............f/......f/......f/......f/......f/......f/..............................f/......................f/......................................f/......................f/...............................................................
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (14965)
                        Category:downloaded
                        Size (bytes):14966
                        Entropy (8bit):4.771466859662571
                        Encrypted:false
                        SSDEEP:
                        MD5:9F54E6414F87E0D14B9E966F19A174F9
                        SHA1:AE5735562FAABD1A2D9803BBD7BF4C502B5E4F51
                        SHA-256:15D6AD4DFDB43D0AFFAD683E70029F97A8F8FC8637A28845009EE0542DCCDF81
                        SHA-512:9CC365A6E6833EBAA5125B37217FD0E7A1F7EAABC1012C1BDE2A6EA373317966EC401D7CF35A31D1C46FED43D380196B8AAA329EDDF92A313080651E51720F9F
                        Malicious:false
                        Reputation:unknown
                        URL:https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
                        Preview:.select2-container{box-sizing:border-box;display:inline-block;margin:0;position:relative;vertical-align:middle}.select2-container .select2-selection--single{box-sizing:border-box;cursor:pointer;display:block;height:28px;user-select:none;-webkit-user-select:none}.select2-container .select2-selection--single .select2-selection__rendered{display:block;padding-left:8px;padding-right:20px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.select2-container .select2-selection--single .select2-selection__clear{position:relative}.select2-container[dir="rtl"] .select2-selection--single .select2-selection__rendered{padding-right:8px;padding-left:20px}.select2-container .select2-selection--multiple{box-sizing:border-box;cursor:pointer;display:block;min-height:32px;user-select:none;-webkit-user-select:none}.select2-container .select2-selection--multiple .select2-selection__rendered{display:inline-block;overflow:hidden;padding-left:8px;text-overflow:ellipsis;white-space:nowrap}.select2-cont
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (30837)
                        Category:downloaded
                        Size (bytes):31000
                        Entropy (8bit):4.746143404849733
                        Encrypted:false
                        SSDEEP:
                        MD5:269550530CC127B6AA5A35925A7DE6CE
                        SHA1:512C7D79033E3028A9BE61B540CF1A6870C896F8
                        SHA-256:799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
                        SHA-512:49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
                        Malicious:false
                        Reputation:unknown
                        URL:https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
                        Preview:/*!. * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:downloaded
                        Size (bytes):68
                        Entropy (8bit):4.182712201946342
                        Encrypted:false
                        SSDEEP:
                        MD5:758990A46950375DAF73A6BD55A5865C
                        SHA1:5E0AA4F26ECC3BF45FC788F61ACD13AF694DDE1C
                        SHA-256:6912EA8572AF5297B6C27533F1A2C02672C0F81A37421FA07D7322288EC9D407
                        SHA-512:8D3FD64350E9591D3DFF42E4AE69AA546D5F5D29938398A0CE1E35AD74DBD2C09F7DCE8844702982A5248D2F15E3CA93E937D50B4F2A5B3F276F09563C69B712
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/websafe/templates/css/overrides.css
                        Preview:/* Any custom or overridden styles can be included in this file */..
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text
                        Category:downloaded
                        Size (bytes):2143
                        Entropy (8bit):4.907198882670554
                        Encrypted:false
                        SSDEEP:
                        MD5:FB2ECA121A12D98402B53355D9EACF7E
                        SHA1:4BD42A075D32E7631D6D378FDCB4135DB20BA191
                        SHA-256:2E1C61EEC11CFDBC16A55D6433341F9CE2A5253BA94F01FADC2D4BA31A8719EB
                        SHA-512:46262D3463C1EF5B93DCB5EEA848643D23A89E94BFE02C8481BB35683852A653C24B697A62153BAF92EF0C5A79D5DC33EE5F09445E7789C8223DF58CEFAB5A75
                        Malicious:false
                        Reputation:unknown
                        URL:https://res.cisco.com/admin/cisco-fonts.min.css
                        Preview:./* Inter Font Library */..@font-face {. font-family: "Inter";. font-weight: 100;. src: url("./fonts/Inter/Inter-Thin.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 200;. src: url("./fonts/Inter/Inter-ExtraLight.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 300;. src: url("./fonts/Inter/Inter-Light.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 400;. src: url("./fonts/Inter/Inter-Regular.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 500;. src: url("./fonts/Inter/Inter-Medium.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 600;. src: url("./fonts/Inter/Inter-SemiBold.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 700;. src: url("./fonts/Inter/Inter-Bold.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 800;. src: url("./fonts/Inter/Inter-ExtraBo
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with no line terminators
                        Category:downloaded
                        Size (bytes):128
                        Entropy (8bit):5.3347758095460005
                        Encrypted:false
                        SSDEEP:
                        MD5:DFE7716B746BE523F8BCBB235D984932
                        SHA1:8239B40F84F4A6E9BF9402FA4C045EA840FFEEB4
                        SHA-256:09FE9438D976E54D9574A63B631631C9525816E21CBB61350ECBF8B80B166FEF
                        SHA-512:96D735CC339AAB15EC9326603F1D219DD79FDE02E51F747AF38BD4C4E809092E1B90248D34C875FA5EA861BE946A4E6042DA95224A2C6FD0CC10A5F0F2C48956
                        Malicious:false
                        Reputation:unknown
                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSLAnHz3PN6ym9uRIFDWtomm4SBQ1Pnif4EgUNITV2YRIFDc5BTHoSBQ04NomH?alt=proto
                        Preview:ClwKCw1raJpuGgQIAxgBCgsNT54n+BoECAUYAQoHDSE1dmEaAAoqDc5BTHoaBAhMGAIqHQgKUhkKDyFAJCMqLl8tPyYlKy9eOhABGP////8PCgsNODaJhxoECF8YAg==
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (322), with CRLF, LF line terminators
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.4366959562378865
                        Encrypted:false
                        SSDEEP:
                        MD5:0A55EB68A40A988F0BE0CB79819EC9ED
                        SHA1:93ECD24250C8DD84D3581D661D293B73C3722104
                        SHA-256:314F9200D7C136266A6A0ABB50F660D8F0A7A3AD42E311BC9CCCB6FBDA80FBFA
                        SHA-512:36E6FFC327F10A0B359DD4678294A10FF5E2CE36B482F50576F4E646FD29990009FB28D3252938AB81A2F8B087F2833B540A99E316824059EC9FEE3B4771D193
                        Malicious:false
                        Reputation:unknown
                        Preview:if(l_)..l_({.."RPCRef":payload.rpc,."callback":qr..,'action':'open'..,'status':11..,'message':'Please enroll before opening this Registered Envelope.'..,'state':1..,'reqTime':1734708461450..,'reqNumber':1..,'recipientIdentified':false..,'success':true..,'cookiesEnabled':true..,'hadRememberMe':false..,'hadEnablePSP':false..,'openOnline':false..,'recipient':'agallardo@pearlholding.com'..,'sessionId':'952BC5B496139AF87F49B537158159CD'..,'lp':'en'..,'credentialsExpiredWarning':false..,'credentialsExpiredDays':-1..,'pswdExpLink':'https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=agallardo@pearlholding.com'..,'waitTime':50000..,'minPoll':1000..,'maxPoll':5000..,'totalPoll':1200000..,'supportedLocales':[['en','English (US)'],['nl_NL','Dutch'],['de','Deutsch'],['es','Espa\xf1ol'],['fr','Fran\xe7ais'],['it','Italiano'],['pl','Polski'],['pt','Portugu\xeas'],['ru','\u0420\u0443\u0441\u0441\u043a\u0438\u0439'],['zh_CN','\u4e2d\u6587(\u7b80\u4f53)'],['ja','\u65e5\u672c\u8a9e'
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:assembler source, ASCII text, with very long lines (554)
                        Category:downloaded
                        Size (bytes):125394
                        Entropy (8bit):5.069062799454485
                        Encrypted:false
                        SSDEEP:
                        MD5:A0B4FF216E038470B000B63F5AA39816
                        SHA1:319D6BB77F2115DA9F977569477AC010F87E6386
                        SHA-256:7A61694ACF36F22050B90F751DBAFC330D5025471F83F5C08F663CD2633448F7
                        SHA-512:A3B38E3CC9B204D809DBAEEB1417E878EFA9A2D8AAF9E311051FF6FEDD1C1F92F89901274EBD43A163F03D42567D6586063333A3ECDDC128A64773315BB1B094
                        Malicious:false
                        Reputation:unknown
                        URL:https://static.cres-aws.com/postx.css
                        Preview:/* Inter Font Library */..@font-face {. font-family: "Inter";. font-weight: 100;. src: url("./fonts/Inter/Inter-Thin.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 200;. src: url("./fonts/Inter/Inter-ExtraLight.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 300;. src: url("./fonts/Inter/Inter-Light.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 400;. src: url("./fonts/Inter/Inter-Regular.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 500;. src: url("./fonts/Inter/Inter-Medium.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 600;. src: url("./fonts/Inter/Inter-SemiBold.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 700;. src: url("./fonts/Inter/Inter-Bold.ttf") format("truetype");.}..@font-face {. font-family: "Inter";. font-weight: 800;. src: url("./fonts/Inter/Inter-ExtraBol
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:SVG Scalable Vector Graphics image
                        Category:dropped
                        Size (bytes):1265
                        Entropy (8bit):4.587969597231761
                        Encrypted:false
                        SSDEEP:
                        MD5:2DBAB2D7C143EF0DACCB55D142FCD61C
                        SHA1:AF132D5F5DBF080F3420FD6378738B03E0F9B669
                        SHA-256:57928799C9F52AD009BD3D4DF0C7CCB781659EF99C649744EB6812676C0E8936
                        SHA-512:953473500B3B403AA7ED0528EA3C150F73BCBF7F2775F93DCCEE43CA06F9609799E6C547A035257E44400F98901AEADE12921A345580A9E96876C0C2C50E81D2
                        Malicious:false
                        Reputation:unknown
                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="20px" width="20px" id="a". xmlns="http://www.w3.org/2000/svg" viewBox="7.875 7.875 20.25 20.25">. <defs>. <style>.b,.c{fill:#f7f7f7;}.c{fill-rule:evenodd;}</style>. </defs>. <path class="b" d="M18,24c.828,0,1.5-.672,1.5-1.5s-.672-1.5-1.5-1.5-1.5,.672-1.5,1.5,.672,1.5,1.5,1.5Z"/>. <path class="b" d="M18.732,12.447c-.727-.145-1.481-.07-2.167,.213-.685,.284-1.271,.764-1.683,1.381-.412,.617-.632,1.342-.632,2.083,0,.621,.504,1.125,1.125,1.125s1.125-.504,1.125-1.125c0-.297,.088-.587,.253-.833,.165-.247,.399-.439,.673-.552,.274-.113,.576-.143,.867-.085,.291,.058,.558,.201,.768,.41,.21,.21,.353,.477,.411,.768,.058,.291,.028,.592-.085,.867-.113,.274-.306,.508-.552,.673-.247,.165-.537,.253-.833,.253-.621,0-1.125,.504-1.125,1.125s.504,1.125,1.125,1.125c.742,0,1.467-.22,2.083-.632,.617-.412,1.097-.998,1.381-1.683,.284-.685,.358-1.439,.213-2.167-.145-.727-.502-1.396-1.026-1.92-.524-.524-1.193-.882-1.92-1.026Z"/>. <path cla
                        File type:HTML document, Unicode text, UTF-8 text, with very long lines (491), with CRLF, LF line terminators
                        Entropy (8bit):6.123584363039708
                        TrID:
                        • Scalable Vector Graphics (18501/1) 24.18%
                        • HyperText Markup Language (12001/1) 15.69%
                        • HyperText Markup Language (12001/1) 15.69%
                        • HyperText Markup Language (11501/1) 15.03%
                        • HyperText Markup Language (11501/1) 15.03%
                        File name:securedoc_20241220T070409.html
                        File size:190'243 bytes
                        MD5:dc426e077f0127a982e6d608e3dcfc71
                        SHA1:81191472d785c83f27737c5466281a13e047ac62
                        SHA256:155d536e2756f84a69cb04810797b10dec8e68eecfc0c94de09f12dc72bedf6a
                        SHA512:ac7c7109847a9bb26c8fbfec9deb51873ac16c0cb28fbbd58dd3af0a12d6ae65cd5f94e03c2a19cfb5f26b63b8ff12bee5fd9369105af7dafcfe0c57ed1c0fda
                        SSDEEP:3072:QTl/LQISQGjA4RPeZZ+IHYONivQ2hyXRV+5bI7BWY5ok2MGRyn8L:a/LQIGOZ+IHYONivQ2j5wP5b2MiynA
                        TLSH:67049E897212603202E719F3B47B154A3A319807050D69B1FBACC5ACBFB9D96417FF9D
                        File Content Preview: saved from url=(0025)https://res.cisco.com:443 -->..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN". "http://www.w3.org/TR/html4/loose.dtd"><html.lang="en"><head><base href="http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW43NjIxOjIxMD
                        Icon Hash:173149cccc490307