Edit tour

Windows Analysis Report
https://rtc.prometil.com

Overview

General Information

Sample URL:https://rtc.prometil.com
Analysis ID:1652925
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML title does not match URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,17576245282996650848,9608357377680091627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 4956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rtc.prometil.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://rtc.prometil.com/jts/auth/authrequiredJoe Sandbox AI: Score: 8 Reasons: The brand 'IBM' is a well-known technology company with a strong online presence., The legitimate domain for IBM is 'ibm.com'., The provided URL 'rtc.prometil.com' does not match the legitimate domain for IBM., The domain 'prometil.com' does not appear to be directly associated with IBM., The presence of input fields for 'User ID' and 'Password' on a non-IBM domain raises suspicion of phishing., The URL structure suggests a potential third-party service or a phishing attempt, as it does not align with IBM's known domain. DOM: 1.0.pages.csv
Source: https://rtc.prometil.com/jts/auth/authrequiredJoe Sandbox AI: Score: 8 Reasons: The brand 'IBM' is a well-known technology company with a strong online presence., The legitimate domain for IBM is 'ibm.com'., The provided URL 'rtc.prometil.com' does not match the legitimate domain for IBM., The domain 'prometil.com' does not appear to be directly associated with IBM., The presence of input fields for 'User ID' and 'Password' on a non-IBM domain raises suspicion of phishing., The URL structure suggests a potential third-party service or a phishing attempt, as it does not align with IBM's known domain. DOM: 1.1.pages.csv
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: Number of links: 0
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: Title: Login - Jazz Team Server does not match URL
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: <input type="password" .../> found
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: No <meta name="author".. found
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: No <meta name="author".. found
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: No <meta name="copyright".. found
Source: https://rtc.prometil.com/jts/auth/authrequiredHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.67
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.151.67
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jts/web/_style/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rtc.prometil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jts/web/_js/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rtc.prometil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jts/dashboards HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rtc.prometil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jts/secure/authenticated/identity?redirectPath=%2Fjts%2Fdashboards HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://rtc.prometil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce
Source: global trafficHTTP traffic detected: GET /jts/auth/authrequired HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://rtc.prometil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/_js/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Regular-Latin1.woff2?etag=dxKiPyY HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveOrigin: https://rtc.prometil.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rtc.prometil.com/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbcAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/_style/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/_js/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/dojo/resources/blank.gif?etag=dxKiCx6 HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/_theming/allThemeCSS HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Bold-Latin1.woff2?etag=dxKiPyY HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveOrigin: https://rtc.prometil.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://rtc.prometil.com/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbcAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/_theming/resource/html/loginFooter.html HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/dojo/resources/blank.gif?etag=dxKiCx6 HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/_theming/resource/img/LGM_logo.png HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rtc.prometil.com/jts/_theming/allThemeCSSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/_theming/resource/html/loginFooter.html HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/_theming/resource/img/LGM_logo.png HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/net.jazz.ajax/suite16.png HTTP/1.1Host: rtc.prometil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://rtc.prometil.com/jts/auth/authrequiredAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficHTTP traffic detected: GET /jts/web/net.jazz.ajax/suite16.png HTTP/1.1Host: rtc.prometil.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JazzFormAuth=Form; JSESSIONID=0000DShU9RQdwmxWeSBMoVyw3oF:0f72092f-6720-43be-9c05-68bb080eebce; WASReqURL=https:///jts/secure/authenticated/identity?redirectPath=%252Fjts%252Fdashboards
Source: global trafficDNS traffic detected: DNS query: rtc.prometil.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 81.252.45.234:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7020_1622681564
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7020_1622681564
Source: classification engineClassification label: mal48.phis.win@22/16@7/84
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,17576245282996650848,9608357377680091627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rtc.prometil.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,17576245282996650848,9608357377680091627,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://rtc.prometil.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://rtc.prometil.com/0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_style/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_js/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/dashboards0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_js/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/auth/authrequired0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Regular-Latin1.woff2?etag=dxKiPyY0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/secure/authenticated/identity?redirectPath=%2Fjts%2Fdashboards0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Bold-Latin1.woff2?etag=dxKiPyY0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_style/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/net.jazz.ajax/suite16.png0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/_js/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/_theming/allThemeCSS0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/web/dojo/resources/blank.gif?etag=dxKiCx60%Avira URL Cloudsafe
https://rtc.prometil.com/jts/_theming/resource/html/loginFooter.html0%Avira URL Cloudsafe
https://rtc.prometil.com/jts/_theming/resource/img/LGM_logo.png0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
rtc.prometil.com
81.252.45.234
truetrue
    unknown
    www.google.com
    142.251.41.4
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://rtc.prometil.com/jts/auth/authrequiredtrue
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/dashboardsfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/false
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_style/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbcfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/_theming/resource/html/loginFooter.htmlfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_js/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-usfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Bold-Latin1.woff2?etag=dxKiPyYfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/_theming/resource/img/LGM_logo.pngfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Regular-Latin1.woff2?etag=dxKiPyYfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/net.jazz.ajax/suite16.pngfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_style/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-usfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_js/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-usfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/dojo/resources/blank.gif?etag=dxKiCx6false
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbcfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/web/_js/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-usfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/secure/authenticated/identity?redirectPath=%2Fjts%2Fdashboardsfalse
      • Avira URL Cloud: safe
      unknown
      https://rtc.prometil.com/jts/_theming/allThemeCSSfalse
      • Avira URL Cloud: safe
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      81.252.45.234
      rtc.prometil.comFrance
      3215FranceTelecom-OrangeFRtrue
      1.1.1.1
      unknownAustralia
      13335CLOUDFLARENETUSfalse
      142.251.35.170
      unknownUnited States
      15169GOOGLEUSfalse
      142.250.65.227
      unknownUnited States
      15169GOOGLEUSfalse
      172.253.63.84
      unknownUnited States
      15169GOOGLEUSfalse
      142.250.72.99
      unknownUnited States
      15169GOOGLEUSfalse
      142.251.40.238
      unknownUnited States
      15169GOOGLEUSfalse
      142.251.41.4
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.16
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1652925
      Start date and time:2025-03-31 15:57:45 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Sample URL:https://rtc.prometil.com
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:15
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal48.phis.win@22/16@7/84
      • Exclude process from analysis (whitelisted): svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.251.40.238, 142.250.72.99, 172.253.63.84, 142.251.40.142
      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
      • VT rate limit hit for: https://rtc.prometil.com
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with no line terminators
      Category:downloaded
      Size (bytes):28
      Entropy (8bit):4.235926350629033
      Encrypted:false
      SSDEEP:
      MD5:715184499DBC85C863DA025C4E53CAE6
      SHA1:42E832F74A4DF0B5EBD67F6CD08C5BAA6A3119D4
      SHA-256:DB1D5F2ADE950F1EF0D26265F2516EB346D7B8A2C400B91C9E0811144571725A
      SHA-512:1E645C08729737FB5EDC8F06DCD735B4D166ADC5FA34FF3EA7DA052FFEC008465119951CB55A473E129162F54901422FF43696EF32AE63F0F2934AF95EF5049C
      Malicious:false
      Reputation:unknown
      URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCVSuwYSy5VfDEgUNfx-dBRIFDT2ZFGsh2Qq896KGLN8=?alt=proto
      Preview:ChIKBw1/H50FGgAKBw09mRRrGgA=
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (538)
      Category:downloaded
      Size (bytes):593585
      Entropy (8bit):5.507413755976645
      Encrypted:false
      SSDEEP:
      MD5:79E0C4E5CC6AEAFCCB47086F58193CE5
      SHA1:18A26BFE7CD6C7B4FECB5AE206638BA09AF6E6A6
      SHA-256:3D4AEE7744D450438E71133B4584958EF3B7162AEFF19A9EA019CA6E5290FCF6
      SHA-512:EC98E7EDC815E8A123A62B8CF9628F3DA62A4961BE98C8F6EB650A9CC0BB24BDF277A97E459BF45AA2446D4C2BC1AB36471E9EE997EBD20808225F588DA4E3DD
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_js/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us
      Preview:var $jscomp=$jscomp||{};$jscomp.scope={};$jscomp.ASSUME_ES5=!1;$jscomp.ASSUME_NO_NATIVE_MAP=!1;$jscomp.ASSUME_NO_NATIVE_SET=!1;$jscomp.SIMPLE_FROUND_POLYFILL=!1;$jscomp.ISOLATE_POLYFILLS=!1;$jscomp.defineProperty=$jscomp.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.$jscomp.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};$jscomp.global=$jscomp.getGlobal(this);$jscomp.IS_SYMBOL_NATIVE="function"===typeof Symbol&&"symbol"===typeof Symbol("x");$jscomp.TRUST_ES6_POLYFILLS=!$jscomp.ISOLATE_POLYFILLS||$jscomp.IS_SYMBOL_NATIVE;$jscomp.polyfills={};.$jscomp.propertyToPolyfillSymbol={};$jscomp.POLYFILL_PREFIX="$jscp$";var $jscomp$lookupPolyfilledValue=func
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text
      Category:downloaded
      Size (bytes):2294
      Entropy (8bit):5.443291032920777
      Encrypted:false
      SSDEEP:
      MD5:907647BD96CD1D1EDC23151A6007B466
      SHA1:28B7D377D70CAC42EFAFAC6223CDE6588EE56830
      SHA-256:2B0DF4407A69251845B0158F5D8FDC3C043637BB719D190DBEE7B7A1AA60B0AA
      SHA-512:497091E1EFCE4BD585C3549863DF3BF8928B90FFF7DB850C5D467C27FB7EA405A4308716246E092027210E69E10394786F07D4414F326317A5320F208754DE42
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/
      Preview:<!DOCTYPE html>. . Licensed Materials - Property of IBM. (c) Copyright IBM Corporation 2005, 2021. All Rights Reserved.. . Note to U.S. Government Users Restricted Rights:. Use, duplication or disclosure restricted by GSA ADP Schedule. Contract with IBM Corp..-->..<html lang="en-us">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=10">.<title></title>..<link type="text/css" rel="stylesheet" href="/jts/web/_style/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc">..<link rel="icon" type="image/png" href="/jts/web/com.ibm.team.jfs.web/ui/graphics/JazzFoundation/suite32.png" sizes="32x32" media="(min-resolution: 120dpi)">.<link rel="icon" type="image/png" href="/jts/web/com.ibm.team.jfs.web/ui/graphics/JazzFoundation/suite16.png" sizes="16x16">...<style type="text/css">.#net-jazz-ajax-NoScriptMessage {..width: 100%;..color: #D0D0D0;..font-size: 2em;..text-align: center;..position: absolute;..top: 1
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with CRLF, LF line terminators
      Category:downloaded
      Size (bytes):6599
      Entropy (8bit):5.200790203060313
      Encrypted:false
      SSDEEP:
      MD5:F324D1639E4615A756C85DDDFCA3BB05
      SHA1:0B7DE9CEA9FEB029E4EEEAC069F4C147E89774D4
      SHA-256:286EAB6694EF152B9D27CCD394746B832AE560B427F365CADAB736979BED7348
      SHA-512:408F7D7740D1C2C50F9B6B4785ECF713C073E7C16B512B729E1457338C754489518586A3D601D7A7AFDEF6E6BEF2E7E2329E43C3F38618E9DF3A4FF50F6A957E
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_style/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc
      Preview:/* DnD avatar-specific settings */..dojoDndAvatar...{font-size: 75%; color: black;}..dojoDndAvatarHeader td.{padding-left: 20px; padding-right: 4px; height: 16px;}..dojoDndAvatarHeader.{background: #ccc;}..dojoDndAvatarItem..{background: #eee;}..dojoDndMove .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndNoMove.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndCopy .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndNoCopy.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndMove .dojoDndAvatarCanDrop .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndMove.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndCopy .dojoDndAvatarCanDrop .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndCopy.png?etag=dxKiE28"); background-repeat: no-repeat;}...dojoDndHandle {cursor: move;}..dojoDndIgnore {cursor: default;}...dj_a11y .dojoDndAvatar { font-size: 1em; font-weight:bold;}..dj_a11y .
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text
      Category:downloaded
      Size (bytes):332118
      Entropy (8bit):5.570873855715193
      Encrypted:false
      SSDEEP:
      MD5:5F41060A52FA79A5FB049CE0A27CB101
      SHA1:9FF22D163A424579DD532226071490DBF74B16A2
      SHA-256:2017BE870839F18F6030B90BD462F87B05163FE2D9E65036D3D2F45313A65B15
      SHA-512:9A2C24C8257EA8B645CA3B0B5C6E643ACFD7E58D905B2C1AA049070E132E782950B24A4FBDE4DF5C5173E97925A593149F97085AEB47D7FEA4492DD40DCCDE0F
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc
      Preview:/* DnD avatar-specific settings */..dojoDndAvatar...{font-size: 75%; color: black;}..dojoDndAvatarHeader td.{padding-left: 20px; padding-right: 4px; height: 16px;}..dojoDndAvatarHeader.{background: #ccc;}..dojoDndAvatarItem..{background: #eee;}..dojoDndMove .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndNoMove.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndCopy .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndNoCopy.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndMove .dojoDndAvatarCanDrop .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndMove.png?etag=dxKiE28"); background-repeat: no-repeat;}..dojoDndCopy .dojoDndAvatarCanDrop .dojoDndAvatarHeader.{background-image: url("../dojo/resources/images/dndCopy.png?etag=dxKiE28"); background-repeat: no-repeat;}...dojoDndHandle {cursor: move;}..dojoDndIgnore {cursor: default;}...dj_a11y .dojoDndAvatar { font-size: 1em; font-weight:bold;}..dj_a11y .
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text
      Category:downloaded
      Size (bytes):2223
      Entropy (8bit):5.454043244214917
      Encrypted:false
      SSDEEP:
      MD5:C9145C2119281A5531C66EC8302696CD
      SHA1:3DD1BDC90BB0BC44F3B35B48682265E5B4C27AD1
      SHA-256:DF9B79A818EF3396F0FD4E3767E172EE4CE410B3CAEEA8D75BEB5D9A5F7792B0
      SHA-512:E2AC52E5E47A636A2C0AB91ACEB23F2E788024C1E04FBD6BBF474A9CCD1880DBA8460CB15BB4EBD8B8049BFD5B9BC6C5B2976D90794D989E41BEDF6CF5BE8F32
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/auth/authrequired
      Preview:<!DOCTYPE html>. . Licensed Materials - Property of IBM. (c) Copyright IBM Corporation 2005, 2021. All Rights Reserved.. . Note to U.S. Government Users Restricted Rights:. Use, duplication or disclosure restricted by GSA ADP Schedule. Contract with IBM Corp..-->..<html lang="en-us">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=10">.<title></title>..<link type="text/css" rel="stylesheet" href="/jts/web/_style/?include=A~&etag=C0Yj5yG63qy_en_US&_proxyURL=%2Fjts&ss=biBbc">..<link rel="icon" type="image/png" href="/jts/web/net.jazz.ajax/suite32.png" sizes="32x32" media="(min-resolution: 120dpi)">.<link rel="icon" type="image/png" href="/jts/web/net.jazz.ajax/suite16.png" sizes="16x16">...<style type="text/css">.#net-jazz-ajax-NoScriptMessage {..width: 100%;..color: #D0D0D0;..font-size: 2em;..text-align: center;..position: absolute;..top: 1%;..z-index: 999;.}.</style>..</head>..<body class="claro">..<nos
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 147 x 100, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):5249
      Entropy (8bit):7.938877276609174
      Encrypted:false
      SSDEEP:
      MD5:2DE40E3E107AE0C31D077709913781C2
      SHA1:463275C064AB02E336BDF35E9870BA403E89076A
      SHA-256:788E210A1BA5B6C6FC5AB5D3DB9CE39E58E71A92CF69A86ED9AE4EA896ABE050
      SHA-512:6C82365A3FF487FF980C44CDCB444555F6738A3BF99CFB40E09E373E82B5400465812EA1FD08178569FC2A5A840B7D20E0DA360B9DB0AA7BB0A64C105E9A37EF
      Malicious:false
      Reputation:unknown
      Preview:.PNG........IHDR.......d......r..... cHRM..z%..............u0...`..:....o._.F....pHYs...$...$.........tEXtSoftware.paint.net 4.1.5dGXR....IDATx^.]..T........{91..%...;.J.dg. .Q.j.A...fE],....X.%Q<....=.c9..'.p.....Sv.EP..|.}w.)wf..v.s..v..........@ ..v...7.3. ~R(#6Ob.-}Z...M.....*.....~}.d...I..@Y\..m....AS_....!vW6..Y.n..H@.#~R(..v....Q!.!..5&;\.R..Y.....+..........6.iIU..T/...sZ.Xx...eq...s..s:.\C..@d.;.7....O..PB.....,....<.T.5E.b;AL...TTW...`.......n..y6Rm..)...Uz....;..'~V(.<_.....L..>..$.Y..#..M..~.b..l...?)...6..p.g _C..`;=t..G.R.XZ@D.....r...=..+,..`....mD^~KUZ...QW.C8.{..L...:...g.,..2}M;;,..oE..y.....K.J....H.kH.m...:^.....!.X..`...xzIDp.....NS.._.,..?...2.o...'Q......!..P}.F~...... \.P..Q.Z.X>.............r...X...O.-...t........E.EV..=......,m...bQ..".....^[m..U.\...F...b.......$.....^C/X...G......#..N.j....f.L..bW]!d.}.. .......:!.......2Pkm..^....l..5..D...?y......6......,v.H...4....T4.a.7.[\'..5.."..g...N-..".op...{L.....d.N.L}0
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text
      Category:downloaded
      Size (bytes):891
      Entropy (8bit):4.968867977779511
      Encrypted:false
      SSDEEP:
      MD5:FDE00565B3158DB9CD6530FB3B64C443
      SHA1:C01D1C1C8EE25C2DA84DBF0CD16029C834072D30
      SHA-256:658E5CAA40F7F3A1DBB954D8549730230156DECB06222ED3BF79D9886E1DC333
      SHA-512:FA10961B1AD7EEA69F34EF7FEA91BF10CBAF4CC75D60310ED131A2B00CE16E88D3EC7649D0C7E70B0BA495ECFC9D8E93BD3142B7F94CF590FBCD3D4317E29779
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/_theming/allThemeCSS
      Preview:.pmt_login{. background-color: hsl(0, 0%, 100%);. color: #000000;. font-size: 12pt;. text-align: center;.}...jazz-app-LoginWidget .jazz-team-server div {. display: inline-block;. background-image: url("resource/img/LGM_logo.png") !important;. background-repeat: no-repeat;. background-position: -0px -0px;. width: 147px;. height: 100px;.}...jazz-app-LoginWidget .illustration {. background-image: url("resource/img/LGM_logo.png") !important;..background-repeat:no-repeat;..background-position: -0px -0px;..width: 167px;..height: 140px;..position: relative;..float: left;..margin-top: 5px;..margin-left: 6px;..padding-left: 10px;.} ...jazz-app-LoginWidget .form {. position: relative;. overflow: hidden;. zoom: 1;. margin-top: 0px;. padding-left: 30px;.}...jazz-app-LoginWidget .main-wrapper {. overflow: hidden;. margin-bottom: -20px;.}.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (538)
      Category:downloaded
      Size (bytes):261247
      Entropy (8bit):5.478721497440763
      Encrypted:false
      SSDEEP:
      MD5:36A0CBE9605BC40827BC8AB2A10C922A
      SHA1:BBB0477F0A65C286DBA56170EAF71503045EBE9D
      SHA-256:C90A2F851B590C3333C444DF095A592699F6908BC46C261912FAF5313862F68B
      SHA-512:3C3C8780B3E25F169BECD2807DA592A98E1588086C1F9B6D1AC772A9339553168664464A8C7CDEF19611B7B46665CB87BD6499A87F28829821D0DE5B06653374
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_js/?include=M~&etag=tPxsrPiY_en_US&_proxyURL=%2Fjts&ss=biBbc&locale=en-us
      Preview:var $jscomp=$jscomp||{};$jscomp.scope={};$jscomp.ASSUME_ES5=!1;$jscomp.ASSUME_NO_NATIVE_MAP=!1;$jscomp.ASSUME_NO_NATIVE_SET=!1;$jscomp.SIMPLE_FROUND_POLYFILL=!1;$jscomp.ISOLATE_POLYFILLS=!1;$jscomp.defineProperty=$jscomp.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.$jscomp.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};$jscomp.global=$jscomp.getGlobal(this);$jscomp.IS_SYMBOL_NATIVE="function"===typeof Symbol&&"symbol"===typeof Symbol("x");$jscomp.TRUST_ES6_POLYFILLS=!$jscomp.ISOLATE_POLYFILLS||$jscomp.IS_SYMBOL_NATIVE;$jscomp.polyfills={};.$jscomp.propertyToPolyfillSymbol={};$jscomp.POLYFILL_PREFIX="$jscp$";var $jscomp$lookupPolyfilledValue=func
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text
      Category:downloaded
      Size (bytes):8246
      Entropy (8bit):5.015809277185302
      Encrypted:false
      SSDEEP:
      MD5:28D656A18A5E75CB1B6F17F8C77CE8C8
      SHA1:2FA8FC01078950A4B2412DB50E87AE98A2225279
      SHA-256:649B3E42AF665BAE917E210E98A0430C650DA6A157E1C5419158FB2175695F0D
      SHA-512:806BDF8119A331251362C2009AE8C4AE3B975815ED673C3B1BED10A74859393EF3923D3B8E6B83FBA1F02873E23E5F69C0D0A149101B63F660B6F0C00D0EC731
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_style/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us
      Preview:/* ContentPane . *.. * .dijitContentPane. * .set padding for basic content pane. * .. * Nested layouts:. * . * .dijitTabContainerTop-dijitContentPane,. * .dijitTabContainerLeft-dijitContentPane,. * .dijitTabContainerBottom-dijitContentPane,. * .dijitTabContainerRight-dijitContentPane. * .set background-color and padding of ContentPanes nested within TabContainer (can do top, left, bottom, or right) or Accordion Container. *. * .dijitAccordionContainer-dijitContentPane. * .set background-color and padding of ContentPane nested within Accordion. *. * .dijitSplitContainer-dijitContentPane, . *.set background-color and padding of ContentPane nested within a SplitContainer . *. * .dijitBorderContainer-dijitContentPane. *.set background-color and padding of ContentPane nested within a BorderContainer . */..claro .dijitContentPane {. padding: 8px;.}./* nested layouts */..claro .dijitTabContainerTop-dijitContentPane,..claro .dijitTabContainerLeft-dijitContentPane,..claro .dijitTabContainerBot
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Web Open Font Format (Version 2), TrueType, length 19704, version 3.196
      Category:downloaded
      Size (bytes):19704
      Entropy (8bit):7.983623637618524
      Encrypted:false
      SSDEEP:
      MD5:CA88AACAEA7B7141243419BD33239795
      SHA1:ABCE369EA6202FCB960FC490BB8542CD046A00C6
      SHA-256:133203B759A3D1F5A7EABE6C98B1BC6552F3DC2E2CC574ABC8D6DFCD204D45EE
      SHA-512:47DB2B1F626B0C96F2FC2AEFB64CB95A3916BE4C83979F50A0AA67837533289978D1EC0DD478C83693255D94A798FFD436C5D616AFE38B3C357C55CB60FD9A05
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Regular-Latin1.woff2?etag=dxKiPyY
      Preview:wOF2......L...........L..........................:..j..4.`..,.>..s.....D....6.$........ ..d..\..2.........YU...s.E.q.f..f....@..m...?#9.C...J...'...Y*,m.].aH..q...e...O...G..4.....--........._c...'^...C.]....q..f!...#\.........#...{..F..F.(D....N......6.i*.\..EXZ.../...+..c.i1q.O9...".q.#Y9y..y;._..L.'a....!..b..b..S....j.I'.8t.LH`$|U9.`Ob.....s..{...m3.....(HK.."(..b....j..*...LW..PN.....;.l.A.E..#~...HF.......A..O+..J....K.y.=p.mR....>?P.:.e.....*U.Llif..Z....vH.vU.K.................D.].v...NM.T..=k._...L..60..W.8..l...i|.....C...v..........I............V. .A....e.[/..AN...!...l.I>%..kj.~..x.-[Z.]J.......5.lf...d.A...A....{.Y.2.`...V.J].D.#F..-.V.{......s....(*k....".[i..7L.A.-<..2..).,.P...p...L3R..-..-..{k.y..=.M...l.....-.@.$.G..4..i\.......{+...xcM$cL.Lh|.X>S(..2)..O.H....M..K.k\.f.....*..bm.}*....B.....j.E#..{3=.vY.{.....$R.$U.....y....T..q......iA.4.+..A.^^..UU..*....*.Bz.......2.....j.H...(..k.V.j ...C._..|.g...=.[i.F..Y......
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (721)
      Category:downloaded
      Size (bytes):43077
      Entropy (8bit):5.383225406018435
      Encrypted:false
      SSDEEP:
      MD5:9D2DDA648C90CB66C817D6AC7F5FD6CC
      SHA1:B006C4A1AC9E894A33C1358F9CA5491C762257EA
      SHA-256:405259B1D31BCA61A0B45A6E3C97E1938E7F188BB122DBF9A25592DD5F6E7AF1
      SHA-512:BCFFA8F9EDAC740FC0EC6A53D5AA0DE3904DB49407F4A9C9149CA7DA8957695336DED0B2454E59E591704571F8944756FB86C15507C3DA8C0337FC76B849FF34
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/_js/?exclude=A&include=dijit.Dialog&ss=biBbc&_proxyURL=%2Fjts&locale=en-us
      Preview:.;define("dojo/dnd/common",["../sniff","../_base/kernel","../_base/lang","../dom"],function(_1,_2,_3,_4){.var _5=_3.getObject("dojo.dnd",true);._5.getCopyKeyState=function(_6){.return _6[_1("mac")?"metaKey":"ctrlKey"];.};._5._uniqueId=0;._5.getUniqueId=function(){.var id;.do{.id=_2._scopeName+"Unique"+(++_5._uniqueId);.}while(_4.byId(id));.return id;.};._5._empty={};._5.isFormElement=function(e){.var t=e.target;.if(t.nodeType==3){.t=t.parentNode;.}.return " a button textarea input select option ".indexOf(" "+t.tagName.toLowerCase()+" ")>=0;.};.return _5;.});...;define("dojo/dnd/autoscroll",["../_base/lang","../sniff","../_base/window","../dom-geometry","../dom-style","../window"],function(_1,_2,_3,_4,_5,_6){.var _7={};._1.setObject("dojo.dnd.autoscroll",_7);._7.getViewport=_6.getBox;._7.V_TRIGGER_AUTOSCROLL=32;._7.H_TRIGGER_AUTOSCROLL=32;._7.V_AUTOSCROLL_VALUE=16;._7.H_AUTOSCROLL_VALUE=16;.var _8,_9=_3.doc,_a=Infinity,_b=Infinity;._7.autoScrollStart=function(d){._9=d;._8=_6.getBox(_9);
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 1 x 1
      Category:dropped
      Size (bytes):43
      Entropy (8bit):3.322445490340781
      Encrypted:false
      SSDEEP:
      MD5:6D22E4F2D2057C6E8D6FAB098E76E80F
      SHA1:B80B11203D97FE01C5597CA3BE70406EA48F5709
      SHA-256:AFE0DCFCA292A0FAE8BCE08A48C14D3E59C9D82C6052AB6D48A22ECC6C48F277
      SHA-512:95DD0E4944B1541A9BE48A60A1A105FCFA0D69DD215ABAA9C1771ADECC5EE0C0FE91D0EB367B6D46A4F8B2E06E6FB962D56DFC1C53F1F62CC8B314710628CB1E
      Malicious:false
      Reputation:unknown
      Preview:GIF89a.............!.......,...........L..;
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text
      Category:downloaded
      Size (bytes):183
      Entropy (8bit):5.310764099718033
      Encrypted:false
      SSDEEP:
      MD5:3F2D0E7266984B89E178E48B8BDEB61B
      SHA1:CDE31EF4AE02EB45B92C195988E40DC6DE8D7C68
      SHA-256:D21C6F73FDCF8DAD9EF6A2BA896F0DD2EB00C53053B39D615B6EDAED86D47490
      SHA-512:A79F8DB755D32545C0744581A64FDDF72C8D8E949E920919D8739F99533C18E7CC02379647B4EAF3FB072A0834D2217681A27FD51BED6AEA607E80AA722ADADE
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/_theming/resource/html/loginFooter.html
      Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">.<html>.<body>.<p style=""class="pmt_login">Serveur de production v7.0.3</p>.</body>.</html>.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):680
      Entropy (8bit):7.6046763495786225
      Encrypted:false
      SSDEEP:
      MD5:8EEE66B403F62A7800C466163A5B42B7
      SHA1:025F6D8AEEA1F52CF68FF0678A4045A28B63B6C0
      SHA-256:97C2ADCED10131585A22CF75DB0FBAAA17A570AB6480C59048804FF90747CAFF
      SHA-512:7858606DB9339342D80E4ED3CA5B087E0802418C6CF80654DDE36C5C7C18AD535A5D43920F4112C9EE89A534A49C4F7DC3501155681165840E503479BFA90902
      Malicious:false
      Reputation:unknown
      Preview:.PNG........IHDR..............w=.....pHYs...........~....ZIDATH..V..)A.>...Q..b.%o........<.v...T..P.F)Z....Dl...|.3.ke.n.....g..3.|g.13...{.w.?...D4./.x<.D"A.T.).....5W*.&"e.f.o.[..=Ey..0....a..8....r.. .L...._....fc...d.j5.l6d....m....4.LD.Z.......z....`.h....|./.....v\(..X,~GQ.v.C.n.<...^.s:...x.. .]...7.t.Z-A..y:..4M..F...E..2>A...@..@.a@]...}..E.Ug.......=.S.....e.a.....z....._..9...(u!0...........`...d2...i..[..2=!..r..j....../.`wa [...E.G.[..r..n.}...Y.A05I.Z.[.......L........$.$..).eY.J...m.a......J%n4.<..x:.*.EQ.+.mX..^.9.6.T`..A7]E."....z.&.q.u].m[............J`..........-.@..*.a..V/.0b.L)GiX.....W.>........@<...o.3..1\....0#....IEND.B`.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Web Open Font Format (Version 2), TrueType, length 19984, version 3.196
      Category:downloaded
      Size (bytes):19984
      Entropy (8bit):7.990494994701952
      Encrypted:true
      SSDEEP:
      MD5:7BA4390A1649EE3418D697838178A62D
      SHA1:829FEACC524DC04D08AEAFFA2779AB6B01DB0E63
      SHA-256:7E842F7016CD83D01521CD1550E039080A5550E8A83FB0B66810B8FB42D1B5DB
      SHA-512:BE87BE96AEB32118F9AE6EE20E8371B6390156719B271332FB2F76C10B878272EB784308DF1FA2BC2C976DA0EDD051B23996EBA16ED03393DDFBC370B08B616B
      Malicious:false
      Reputation:unknown
      URL:https://rtc.prometil.com/jts/web/plex/IBM-Plex-Sans/fonts/split/woff2/IBMPlexSans-Bold-Latin1.woff2?etag=dxKiPyY
      Preview:wOF2......N...........M..........................:..>..4.`..,.@..s..... ..W.6.$........ ../..\..t.Z.G..../w...QN.;X.u.....H;.I}....?%9....li...C.B.....8.P....DOh.#..5.*\.T......{`...m<..@..w.}.0.....[......^..............8c.yu....p.!M...pa.o3..ng......,".p.m.*+d.....c*.KQQ.....?,./.`w...f.,....\./...1......{..{.....H..r)....(......g&p.4.J..@9G08e.`....H@@"...)...A....(....).E.t........Q...=.3sw.}......B+....li...j.....!.H<.1...|.rt.Af............. ...~.|!..n....:..p.7$.'1N..7.w6.S.W."R.....-....9-.X..u.._....D!...~..d).j...q.T?^.>.Y.+\......D.2Lv....90.v.vX...Po{.$.@.........5.T..F.v_`....Y......S..v........$j..A...dX...A.{.wo.S.o..6..k_..e.g..P.t%9...1.#...ZR.].......-......5.Xr)H....^...-x....a..C.'..h....#_.w/%..@..XeV.Z..5=.t.z...^V..l@..Y6....4..TgEuNVvn-...Lm..as.9J.:...c..$0..?.L.c.`.....C..A|.%..A........b.V4}.+.......Y....., [......#..........".R.pw.5.%aw&.4F6v.'.......3.........c.0..!.........Y.....!..hn...Y..2.3z...I.:.(kt.~j.H.._!.....2..
      No static file info