Edit tour

Windows Analysis Report
https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.KBfYPgrxlnxQAVS2h8uHwJ9IY5jurnAGb427JxwGRGCy0QyR9daErl4fBs3j6QhXhHJTH-2BBQZozB0LOBU63FkyZ-2BcZA8d6g36

Overview

General Information

Sample URL:	https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.K
Analysis ID:	1525252

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,6964676322339580918,18023742431254268908,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.KBfYPgrxlnxQAVS2h8uHwJ9IY5jurnAGb427JxwGRGCy0QyR9daErl4fBs3j6QhXhHJTH-2BBQZozB0LOBU63FkyZ-2BcZA8d6g366WSWW6orZR006QbQU2czpfKDh02-2B6n5-2BAz7JmYpchX9pVr5baYBqmVPQYPWZgTUSjzkgZPALGgdt37rOXFpm1j-2FWBkW4-2Bn-2BGQrhDzDUlmLT3EasJ8JXTn8FVV2xoygNVjzQisGiGZk-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 27MB later: 38MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	DNS traffic detected: DNS query: www.clientaxcess.com
Source: global traffic	DNS traffic detected: DNS query: portal.cchaxcess.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/19@13/40

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,6964676322339580918,18023742431254268908,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.KBfYPgrxlnxQAVS2h8uHwJ9IY5jurnAGb427JxwGRGCy0QyR9daErl4fBs3j6QhXhHJTH-2BBQZozB0LOBU63FkyZ-2BcZA8d6g366WSWW6orZR006QbQU2czpfKDh02-2B6n5-2BAz7JmYpchX9pVr5baYBqmVPQYPWZgTUSjzkgZPALGgdt37rOXFpm1j-2FWBkW4-2Bn-2BGQrhDzDUlmLT3EasJ8JXTn8FVV2xoygNVjzQisGiGZk-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2000,i,6964676322339580918,18023742431254268908,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
tsztegz.x.incapdns.net	107.154.76.47	true	false	unknown
www.google.com	142.250.186.36	true	false	unknown
opia7n2.x.incapdns.net	107.154.76.47	true	false	unknown
www.clientaxcess.com	unknown	unknown	false	unknown
portal.cchaxcess.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.clientaxcess.com/sharesafe/#/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
142.251.168.84	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
107.154.76.47	tsztegz.x.incapdns.net	United States	19551	INCAPSULAUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525252
Start date and time:	2024-10-03 23:44:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.KBfYPgrxlnxQAVS2h8uHwJ9IY5jurnAGb427JxwGRGCy0QyR9daErl4fBs3j6QhXhHJTH-2BBQZozB0LOBU63FkyZ-2BcZA8d6g366WSWW6orZR006QbQU2czpfKDh02-2B6n5-2BAz7JmYpchX9pVr5baYBqmVPQYPWZgTUSjzkgZPALGgdt37rOXFpm1j-2FWBkW4-2Bn-2BGQrhDzDUlmLT3EasJ8JXTn8FVV2xoygNVjzQisGiGZk-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/19@13/40

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.238, 142.251.168.84, 34.104.35.123, 199.232.214.172
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.clientaxcess.com/sharesafe/#/MFA?key=MDA0MzQzNDgwMDAyMDAwMDAwMjBoT1UzZE9tMG52NkhRMHYzUXJXZEdYb1VWVVdIWURoSDhCNk1MMU9uZGtMTGVxd2JzQ2RXWkptUkJ3djBBelMvNUhlWTJrQmRJRFpKZXdpUEh3U0REUT09Du001.KBfYPgrxlnxQAVS2h8uHwJ9IY5jurnAGb427JxwGRGCy0QyR9daErl4fBs3j6QhXhHJTH-2BBQZozB0LOBU63FkyZ-2BcZA8d6g366WSWW6orZR006QbQU2czpfKDh02-2B6n5-2BAz7JmYpchX9pVr5baYBqmVPQYPWZgTUSjzkgZPALGgdt37rOXFpm1j-2FWBkW4-2Bn-2BGQrhDzDUlmLT3EasJ8JXTn8FVV2xoygNVjzQisGiGZk-3D

LLM Input / Output

Input	Output
URL: https://www.clientaxcess.com/sharesafe/#/ Model: jbxai	{ "brand":["Share Safe"], "contains_trigger_text":true, "trigger_text":"Unable to establish connection with Share Safe.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: https://www.clientaxcess.com/sharesafe/#/ Model: jbxai	{ "brand":[], "contains_trigger_text":true, "trigger_text":"Unable to establish connection with Share Safe. Please try again by clicking the Share Safe URL or 2-Step Verification link from your Share Safe email.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 20:45:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9861244317430113
Encrypted:	false
SSDEEP:
MD5:	B9585FF5656B6E4CD5C907EDCEE17F35
SHA1:	462E4E55FD989D2C5CCAB047F45CAF8F1CC26744
SHA-256:	701E0CFE275B6A4CAECD7F52ED6B6BE308618E2775D90F4BF5826B253A66F57D
SHA-512:	22DD9FCC74693CF509563845294A9242942D47B8C05B9AEB8B197F0893F5E87B450D39D1ABD9D831D73CBD84439DAF3A3B4F26A84E69B5226643DAE747C32D95
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....0h.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 20:45:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9992939724483434
Encrypted:	false
SSDEEP:
MD5:	9B0BA8009AC353B90527915A71317B87
SHA1:	8BE7234F9F4ADE8B9BBBE14FCEC4A90900E6970A
SHA-256:	DCD203132DC7417B43C1359C1E9AC95D5AE65C919066559EDBAA1095496270B1
SHA-512:	4108034DFCB633DEDCB953AEE0B9ADC72099EC68E7FE738A3040B75ED63EA02EDE16CFB23A14563FD2B60FA9C1482A97FC74A955619B211FF8F5C8B8A4D7D506
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....p.\.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009275474153751
Encrypted:	false
SSDEEP:
MD5:	5E1AA5A1416A0FEB13C49470876F91FB
SHA1:	8180E54F4688CAAA1204D055000C8172FAB5A543
SHA-256:	4C86C52CAB2A2D61E2F9A7AAD61ABDA23817605739D4987951F30386314BE5CB
SHA-512:	3237CCA28736E7D3D126E8BAA29D66D7F8293D700A6FCD2996F6FCA23ABAC81442313E628F69940D8D03AED0B5507D849C990D7F0FA73BED7BA328EA1E33D0E8
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 20:45:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9990557061454792
Encrypted:	false
SSDEEP:
MD5:	91E65E937AA1A9972030B8E20785A0D1
SHA1:	FD40AFF7B9CC195DF576C02E2768BB3EDBD77F5D
SHA-256:	ADC78B8B065F95AF0582B027BE76470D2B07DFD52860F85C518371D795D00462
SHA-512:	BA4BF010CCB3739D872298C7E1316B9C97DABF8517FEB737A54F625D6BB0583532E4491C432E458D30A3EBB24C19A9E8F2F993D0169EEB4EE5FCB05772975ACA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....gW.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 20:45:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9873192952341556
Encrypted:	false
SSDEEP:
MD5:	2073BA0EF2CF885C474AFE691FAEB26D
SHA1:	0541E23C529CC5049B950600D4AD2C0F951AD509
SHA-256:	2A050A38F81544753FD4A66ABD9E8753352214191566D56BF8337D3DF0C13672
SHA-512:	DF26D1162512A8F54E6F2854858CBCFA137CD43D33690BAACFE4A1D29DCB4E6BA5973981C55B00FB582F70BC2CFD1FDD4A3A2B0A9E3020A4D00B445B48ADC1A6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....cb.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 20:45:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.998771200701794
Encrypted:	false
SSDEEP:
MD5:	7C92DDF8A9D00D354EC005B56150B2F1
SHA1:	3C9CD8BC8CBB7E9F2DE81D8AE5D6EDA05B21D20C
SHA-256:	0F2E8A5E45B15F46EBB2E069D62A8BF2FC73A1B42F4A17322A37643F2798B8FD
SHA-512:	990FC696D1FB9862E5D21202C1A85C191DCFC9913DE20DE11B20D7EBE13359055D108032B7E092211EE6FB13DB0A43AD0B26F301068A291FC06F70D5D7A08ABC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......N.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ICY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........u.'......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	565855
Entropy (8bit):	5.393426899149831
Encrypted:	false
SSDEEP:
MD5:	26D2BF74AAA5CE5E8C23080F72CD6A1F
SHA1:	DDA484BE84B75A3BE227EE73D449ED940123E3FC
SHA-256:	96818CE5143741A09F2B22B3A8088B5B348B639D0177141CF54FC8C4840CE972
SHA-512:	5472B7FD0E64DBE4B9840AB44F38D60C27C4C8D295176436CF2914EF9F7B978EA99BFE3B8A38C75207044FF2B2BF1381F12210D2EA8B303A4F8883FF111733E3
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/sharesafe/main.f59ca31bf50384ac.js
Preview:	(self.webpackChunkSharesafe=self.webpackChunkSharesafe\|\|[]).push([[179],{682:(ur,Ko,ec)=>{"use strict";function $e(t){return"function"==typeof t}function w(t){const e=t(i=>{Error.call(i),i.stack=(new Error).stack});return e.prototype=Object.create(Error.prototype),e.prototype.constructor=e,e}const tc=w(t=>function(e){t(this),this.message=e?`${e.length} errors occurred during unsubscription:\n${e.map((i,r)=>`${r+1}) ${i.toString()}`).join("\n ")}`:"",this.name="UnsubscriptionError",this.errors=e});function Zo(t,n){if(t){const e=t.indexOf(n);0<=e&&t.splice(e,1)}}class pn{constructor(n){this.initialTeardown=n,this.closed=!1,this._parentage=null,this._finalizers=null}unsubscribe(){let n;if(!this.closed){this.closed=!0;const{_parentage:e}=this;if(e)if(this._parentage=null,Array.isArray(e))for(const o of e)o.remove(this);else e.remove(this);const{initialTeardown:i}=this;if($e(i))try{i()}catch(o){n=o instanceof tc?o.errors:[o]}const{_finalizers:r}=this;if(r){this._finalizers=null;for(const o

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	6.674538552245189
Encrypted:	false
SSDEEP:
MD5:	4FC49187E76676498E41C73176D06295
SHA1:	BD38A8F14E0125C8EE486BB3E7E1DDE6C036246A
SHA-256:	3BF85D4A9F70AFEA2E91CB18BFB82088E183BA0A60E073DCCF26932E6C120EBB
SHA-512:	BA5F90795B2284BB302C798CA5B8866B2AE3B67819DC1D31E70FD26149BE214150B7CA25A9EA17481E90D232FA8F95C6419ABAFEA5C48ED1C5BFE265D0D6E1FC
Malicious:	false
Reputation:	unknown
Preview:	............ .h.......(....... ..... .....@............................o(B.!....ZD."....................}..X....En=b.............j$D.-....."..%.n.L........$/...........T.>.:e.`......XV.8.."..!..#..#..%.u.hG_L(..........V.K.M.<.T.=.7c)^.......Y........#.."..."...k........_.[.E.7.I.9.F.2.G./.:5+.........y..&.....&..1..1...q..}.9.9.D.=.J.>.M.=.a.L....`VA2..........4..&..3.....D..Z.j...o.m.H.@.?.5...............b\......i...5.....F.t.h.........=.A..#....................g.I.7.............o.i.m......e.V.I.0P...................A. 8.V.l.Z...x.........h.Cw..b~...0..(.{.n.............!..I.@.R.W........B.u....y..~........#...._.P........;.,.F.1.......>..N..O.\|.7.x.....~...i..".......J4.&0c.lE.&.N.L._..O..M..G..K..j.t........"..........w..B.,.F.S.X..a..\..T..P..>....;...$...N..E..............Q0LC.z.N..Z..b..a..P...G6......v.\.................xR.R.....=%6B.x.N..\..L.}\|................XD

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (6076)
Category:	downloaded
Size (bytes):	6796
Entropy (8bit):	5.3268521146183225
Encrypted:	false
SSDEEP:
MD5:	366FE0742BAF4E223E71A925CC02D00F
SHA1:	8D8B8E8CB244C79E04674DE53DDE643975003D35
SHA-256:	E1D49B60DDEA576F7D394C8C257104EC599E00BB6B4F7BD8542D65CA8507BB79
SHA-512:	A99CB93AB196D9898C9593B1630F1BE51755182E271243D92B5441CC2AF91076B4AED6F00BAEC69160067417A30FEB6BF32894E9F2F57789B6A276679199ECBC
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/sharesafe/
Preview:	<!DOCTYPE html><html lang="en"><head>. <meta charset="utf-8">. <title>Sharesafe</title>. <base href="/sharesafe/">. <link rel="icon" type="image/x-icon" href="favicon.ico">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">.<style>@charset "UTF-8";:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (990), with no line terminators
Category:	downloaded
Size (bytes):	990
Entropy (8bit):	5.209617262407641
Encrypted:	false
SSDEEP:
MD5:	8CB946EE8CB255FDC5BDA1413EE3C115
SHA1:	5814DCE24C62E2B6548D943C0B2DFB9EEA8DB110
SHA-256:	70FFF54C0B710DFE00CCA9A69B7B3B4D061D499057AE0F490518B786B980D2D1
SHA-512:	4A5B2AF4C9D314AF25E0E75BA66D3E165496F5D48133527C13A8EDC3AA830E1A211F628ED3356232DD335516EBA380DFC150B0417349938E37330AA1BE4B6DF4
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/sharesafe/runtime.1316af9a48a455db.js
Preview:	(()=>{"use strict";var e,h={},v={};function n(e){var l=v[e];if(void 0!==l)return l.exports;var r=v[e]={id:e,loaded:!1,exports:{}};return h[e].call(r.exports,r,r.exports,n),r.loaded=!0,r.exports}n.m=h,e=[],n.O=(l,r,c,f)=>{if(!r){var i=1/0;for(a=0;a<e.length;a++){for(var[r,c,f]=e[a],o=!0,s=0;s<r.length;s++)(!1&f\|\|i>=f)&&Object.keys(n.O).every(_=>n.O[_](r[s]))?r.splice(s--,1):(o=!1,f<i&&(i=f));if(o){e.splice(a--,1);var t=c();void 0!==t&&(l=t)}}return l}f=f\|\|0;for(var a=e.length;a>0&&e[a-1][2]>f;a--)e[a]=e[a-1];e[a]=[r,c,f]},n.o=(e,l)=>Object.prototype.hasOwnProperty.call(e,l),n.nmd=e=>(e.paths=[],e.children\|\|(e.children=[]),e),(()=>{var e={666:0};n.O.j=c=>0===e[c];var l=(c,f)=>{var s,t,[a,i,o]=f,u=0;if(a.some(p=>0!==e[p])){for(s in i)n.o(i,s)&&(n.m[s]=i[s]);if(o)var d=o(n)}for(c&&c(f);u<a.length;u++)n.o(e,t=a[u])&&e[t]&&e[t][0](),e[t]=0;return n.O(d)},r=self.webpackChunkSharesafe=self.webpackChunkSharesafe\|\|[];r.forEach(l.bind(null,0)),r.push=l.bind(null,r.push.bind(r))})()})();

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	384
Entropy (8bit):	4.842512649914068
Encrypted:	false
SSDEEP:
MD5:	6736F6CE68A491B424F3F245B8C1073F
SHA1:	1FEF4B23873145294FEFF33313BE8610E95217B7
SHA-256:	3FB29223C337FE9831165C68FADC531F1CDF0275F1380CBDDB3AFFD3F3AD17D3
SHA-512:	9C7455CBA610B21410E5E6EAFC46E4055479CB3565C82D5743C1CC8CEADE769AF6CDBC09AB98EFCBB0675021338221A42A081BFAF719AEAFBE982A7F7DF69C95
Malicious:	false
Reputation:	unknown
URL:	https://portal.cchaxcess.com/PortalServer/api/security/useraccount/CheckMaintenancePage?LocalDateTimeOffset=-240
Preview:	{"Status":"down","Reason":"ApplicationMaintenance_stop","StartMaintenanceTime":"2024-08-09T02:19:10","EndMaintenanceTime":"2024-08-09T02:49:10","ProductName":"PORTAL","InternalAccountList":[77800,213446,980223,982351,982354,982356,982533,982534,982535,982610,983773,983774,990022,90100018,90200018,90300018,24262,24423,24454,24511,24512,24520,24531,24862,982183,982357],"cutOffFlg":1}

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (34508), with no line terminators
Category:	downloaded
Size (bytes):	34508
Entropy (8bit):	5.402293981523149
Encrypted:	false
SSDEEP:
MD5:	31E45CAD93D1CF0A5E13812C03C78644
SHA1:	08E6FA6206595666C430F0167539520404787E6B
SHA-256:	0D4BC6424E1A8F6769EF6DC1C09B51A111F1D024E95D7C600FAC868200F62966
SHA-512:	40FFAD7ADC4307815236371337AD1187007C8B4F6E6258A34DB958A2EBEC00DBF51AD2DEED56CCBECEAAFEB42890FD3AE225DEF0466558CAA58B4D8DC5E3C0EB
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/sharesafe/polyfills.8f47af0c876cb8b7.js
Preview:	"use strict";(self.webpackChunkSharesafe=self.webpackChunkSharesafe\|\|[]).push([[429],{678:(fe,ge,me)=>{const we=typeof globalThis<"u"&&globalThis,Me=typeof window<"u"&&window,Pe=typeof self<"u"&&typeof WorkerGlobalScope<"u"&&self instanceof WorkerGlobalScope&&self,Re=we\|\|typeof global<"u"&&global\|\|Me\|\|Pe,Te=function($,...O){if(Te.translate){const Y=Te.translate($,O);$=Y[0],O=Y[1]}let se=oe($[0],$.raw[0]);for(let Y=1;Y<$.length;Y++)se+=O[Y-1]+oe($[Y],$.raw[Y]);return se};function oe($,O){return":"===O.charAt(0)?$.substring(function ye($,O){for(let se=1,Y=1;se<$.length;se++,Y++)if("\\"===O[Y])Y++;else if(":"===$[se])return se;throw new Error(`Unterminated $louserze metadata block in "${O}".`)}($,O)+1):$}Re.$louserze=Te,me(583)},583:()=>{!function(e){const n=e.performance;function i(M){n&&n.mark&&n.mark(M)}function o(M,E){n&&n.measure&&n.measure(M,E)}i("Zone");const c=e.__Zone_symbol_prefix\|\|"__zone_symbol__";function a(M){return c+M}const y=!0===e[a("forceDuplicateZoneCheck")];if(e.Zone)

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 183268, version 0.0
Category:	downloaded
Size (bytes):	183268
Entropy (8bit):	7.994761911346693
Encrypted:	true
SSDEEP:
MD5:	200D5E7CC951BBFFDA6945F883E3123E
SHA1:	F8BBC899989FC50FE9C1C1E99AAC46CB924DC827
SHA-256:	F424919647A665EEBD5F5F6FB13F022B46F8542365F2892D6E5CF9318574379B
SHA-512:	0B6806A810BAA014FA445D127E3AA27B460A5CDADDDEB699D4905D14D4998795F315589E8549FD669D89C6B4A4E5FD78FD899B0D4F3367DA8BAC3EC9729B9C6D
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/assets/fonts/FiraSans-Regular/FiraSans-Regular.woff
Preview:	wOFF..............).........................DSIG................GDEF............8.?0GPOS......z...3..-.YGSUB..\|..."]..J.YV~.OS/2.......W...``..Ccmap...p..(...QH...cvt ...4...U.....~?tfpgm...............gasp...,............glyf...l........<..head..hL...6...6....hhea..h....!...$...Khmtx..h.......)....loca..w....Y..) .8..maxp....... ... ....name...4.......E..w.post......1...k..}3.prep...4........IiD.x....J.Q.Fg....S..K.M.B.AI....tR;....X......(.G......c..3..............ws.GK...h.<Z..[..k..JYB...j..;....j.'ql.n\.t...m.kK[x.~.......V..(.g...u...C...:!?...W./...U..u._.....^b..\|eXQ...^cbg.:l.A.T.W.uCr.&.MZ.^.$m..G=..:$.....{.......C........~..[?.TS.7v.8..)...VQt...x.....U.?~...~.n.e...\|>3.f.c.1wsK....d%I.$I..de.$I.$Y..J....$Y;ke5k%M...$;Yd~..<.}>..(]v......q^....^..:..>o..c^.m.af............:..Y...a}.IaX].~........k..q.......y._..z..."........uy?.......f\.W.....Y..5ilm..fs.~..Rs.&....g.8..2..,......N..Z.L.?.Kd-Y'.?7.V,K...Xk.Y.......V.....e..._..dmY...,..

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 192184, version 0.0
Category:	downloaded
Size (bytes):	192184
Entropy (8bit):	7.995455995145527
Encrypted:	true
SSDEEP:
MD5:	9A74216339D8A17B8498820E5245D4C0
SHA1:	854D6F5274C333C041DA65C7CEC94B293B78677E
SHA-256:	74B56498F8C815D221489B3CA73714B643986F0AA02BCC1D6B3CA91C43E6E8F0
SHA-512:	D1BB906E940DE65F706E91FDCC6AC09852BEF5C25FC2D968CB5EEA48BA9F89D0A6B30B0B2E0D54D863AA990DABFFB228ABDB7863453424730223A87D903446CC
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/assets/fonts/FiraSans-Italic/FiraSans-Italic.woff
Preview:	wOFF.............G.........................DSIG...............GDEF............8.?.GPOS......{...4T....GSUB..~... ...D.....OS/2.......[...``..&cmap...p..)...Qn..?.cvt .......X.....d?cfpgm...`............gasp................glyf..............head.......6...6...khhea.......#...$...8hmtx.......I..)4.BK.loca...8......)8...:maxp....... ... ....name...........Q....post......1$..k.W...prep............IiD.x....JBQ.E..v.y*.W..z..>%.....J..v... P. 5._......Y..0..s.Ysosf.h..y[.9.j..w.~.....u.....\..-s.+i........`Cw...8.c..+\|.gf[;.P.O2...SJ..:..u....3..Ye.rx^y.X'x...EXR...2^...M..T#..N.S......./uE.T....l.Er...gh.:$]u.zx_}.^..@.\|.!>.....>.....T..S_....>.......p..)..F.R....x..}......Z.e...g..$g.1.>c.-.q..$Ir.$I.$I.$I.$G.J.....&I..4Ir&G.$Is.f.....].2.t9.w..f......Y.....8c..N.;..k.~,..w...n.7.&.?...cX.fP.V[........p...Y. ...2?..%3gQ..-Y.%E.Z..^uiK6.W.-.>=.?.o.^-.~}..qu....?.5f.."....8.F..`MY<.X..d..9k+.s.f,..N..f^.%..<,..d.X....6.{@...@.A[...M.M...-..z..qcxO....@

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26084, version 2.0
Category:	downloaded
Size (bytes):	26084
Entropy (8bit):	6.478343167422037
Encrypted:	false
SSDEEP:
MD5:	424D5D780346F5992BD32DBEA003A623
SHA1:	2E599C1042D3ECF332C9F51AA7A5509EF812023A
SHA-256:	34C59997775A449E58400CD21B90136079B5727E330047A7493996A6381ACED0
SHA-512:	16A9F7BC853139FE5033F5868B0726647F8E775A656A4B26BABAF2F444DD771E558C77110B70FE3EC15AF35A80383CD0D8C1DF8F7CA97BA0DCFFD422E9706B76
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/assets/fonts/axcess-common/axcesscommon.woff
Preview:	wOFF......e.......e.........................OS/2.......`...`....cmap...h...T...T.V..gasp................glyf......^...^..d{.head..`d...6...6..B.hhea..`....$...$...Bhmtx..`.............loca..b............2maxp..c.... ... ....name..d.............post..e.... ... ...............................3...................................@........@...@............... .................................8............. .......... ................................................79..................79..................79...................%.....%..%..........W.U.UW...&E.U..E......y...................%.....%..%..7'?.....'..........U.U.UU.....6..dd.6..'D.U..D......x...u.,..,..u...f.......7.o.t.y...3>.5<.=.0454&'#.........1....5..'5>.3:.;.:.32.....#.+.7#.............3>.5<.=.8.54&/........#.+.*.#"&'5>.3:.;..!.!..!.!...j3HH3.3G"......7&.......&6..6&...X.i3HG3.3G".....6&.......&6..6&...Y.a...VE.4...k.I3......3J..I3......#;..8. ..&55%.&5..I4.......3I..I3.....#;..7.!..&55&.%5.....x.D.......f................

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65308)
Category:	downloaded
Size (bytes):	740360
Entropy (8bit):	5.260671060242254
Encrypted:	false
SSDEEP:
MD5:	56FFD9E3BE3FA3FB9939E9B6118C5DCE
SHA1:	493480984672850A0412275255475F85589E3FDB
SHA-256:	561ECBD23C38E9C4DCB9375AA7F11FD9CA7421193451FED3F7BE377CC8E382D3
SHA-512:	97C70D6654F0A54B0FF706C12FF7CB8FCCE15CD629347295F554BA89AF0F341076BBBB5E5E52D78CD908C1077CF9D488EBA3F42242C4A46674D73B07B35F758C
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/sharesafe/styles.c02aa105704886c5.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.2.3 (https://getbootstrap.com/). * Copyright 2011-2022 The Bootstrap Authors. * Copyright 2011-2022 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 198128, version 0.0
Category:	downloaded
Size (bytes):	198128
Entropy (8bit):	7.995427629627268
Encrypted:	true
SSDEEP:
MD5:	DEFC482E83C81D8844CD30C0F5882129
SHA1:	74864DD467242CB8FA0A22D4BA3CE6ABBDA1DD84
SHA-256:	DB1AA0A77C24B18B0C6091853F025ABC4FC197A46169CEB3423009856655353A
SHA-512:	A9A001A4FB4420442E1F4CADCF0A19F271FB25423DD40AE6B44BBF7EB208CFF5593323590D530130E0AB4F78A46358B17D15460D9A0540CF585E2DC8CE6E2D3B
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/assets/fonts/FiraSans-Medium/FiraSans-Medium.woff
Preview:	wOFF...............@........................DSIG................GDEF............8.?0GPOS......{2..3p.L/{GSUB..}..."]..J.YV~.OS/2...@...V...`au.Rcmap......(...QH...cvt ...D...T......A4fpgm................gasp...<............glyf..............head...0...6...6....hhea...h...!...$...Khmtx..........).>i..loca...@......) .y..maxp....... ... ....name...(..........x.post...,..1...k..}3.prep...@........IiD.x....J.Q.Fg....S..K.M.B.AI....tR;....X......(.G......c..3..............ws.GK...h.<Z..[..k..JYB...j..;....j.'ql.n\.t...m.kK[x.~.......V..(.g...u...C...:!?...W./...U..u._.....^b..\|eXQ...^cbg.:l.A.T.W.uCr.&.MZ.^.$m..G=..:$.....{.......C........~..[?.TS.7v.8..)...VQt...x..}.\|.........s..l.$."..B..B....)" ""R.H.....)E..H....""...R.K)"E.H1...A(...F.$.s......b.....}o.w...9..s.g....1.Z......z.e.;..;.e.x.w..Q....*.AaXC..q,.2l..]...6...T....k...Y....Ig....7........w.....g:.W..,....tV.....qv....2.........Y...d..r.^..d......X.k.:.....Z........,W..e.......dv%..5eA.....a).

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	89600
Entropy (8bit):	5.3614428766419335
Encrypted:	false
SSDEEP:
MD5:	F2735B189A2C861FAD2F7B495079EB75
SHA1:	89BBAFB0A459E2BEA89575BFAAA12127F88D8B9E
SHA-256:	196B63636A70CEBD530413B5E13EA292267AA6C4D6720BB632BF72DB5ED58FB0
SHA-512:	F3026E29A037408316A492B25813EB20B1C6F1F75EC33640EE9BABE54043E438024FDDABE42863BB93FBB34526AC6BBCD5269824653A530E0B3A1784B5201F33
Malicious:	false
Reputation:	unknown
Preview:	!function(H,Je){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=H.document?Je(H,!0):function(pe){if(!pe.document)throw new Error("jQuery requires a window with a document");return Je(pe)}:Je(H)}(typeof window<"u"?window:this,function(H,Je){"use strict";var pe=[],Jt=Object.getPrototypeOf,je=pe.slice,Kt=pe.flat?function(e){return pe.flat.call(e)}:function(e){return pe.concat.apply([],e)},At=pe.push,ut=pe.indexOf,lt={},Zt=lt.toString,ct=lt.hasOwnProperty,en=ct.toString,Kn=en.call(Object),F={},P=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},Me=function(e){return null!=e&&e===e.window},R=H.document,Zn={type:!0,src:!0,nonce:!0,noModule:!0};function tn(e,t,n){var r,o,a=(n=n\|\|R).createElement("script");if(a.text=e,t)for(r in Zn)(o=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&a.setAttribute(r,o);n.head.appendChild(a).parentNode.removeChild(a)}function Ie(e){return null==e?e+"":"object"==typeof e\|\|"function"==typ

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 182984, version 0.0
Category:	downloaded
Size (bytes):	182984
Entropy (8bit):	7.993751228986383
Encrypted:	true
SSDEEP:
MD5:	29430787E85C5DC0A9E8A164FAB4A5BF
SHA1:	A5342CE682A3BD549B689C504A06734F38F8E2A7
SHA-256:	069B8CF6B4A171AEE27622E6180B166615DC25CBB25542E03A6476B8E44D398F
SHA-512:	583BEAC9CDE430359D5A4C37A370BD3AAF12A2EBFFB709D578935D1DE48D6BB2DF219CF24986A4B7065264718F4D7A608FEE23676B5129107DD7ED91431D4657
Malicious:	false
Reputation:	unknown
URL:	https://www.clientaxcess.com/assets/fonts/FiraSans-Light/FiraSans-Light.woff
Preview:	wOFF...............<........................DSIG................GDEF............8.?0GPOS......z...3.&.m.GSUB..}0.."]..J.YV~.OS/2.......W...``=.1cmap......(...QH...cvt .......V.....V=.fpgm...p............gasp................glyf..........k.....head..f....6...6...hhea..f....!...$...Khmtx..f....h..).9...loca..vT......) ..ijmaxp....... ... ....name............w.4.post......1...k..}3.prep............IiD.x....J.Q.Fg....S..K.M.B.AI....tR;....X......(.G......c..3..............ws.GK...h.<Z..[..k..JYB...j..;....j.'ql.n\.t...m.kK[x.~.......V..(.g...u...C...:!?...W./...U..u._.....^b..\|eXQ...^cbg.:l.A.T.W.uCr.&.MZ.^.$m..G=..:$.....{.......C........~..[?.TS.7v.8..)...VQt...x..}...U..9.}.....;...$I.1.1.$IB.$.J...$I.$I..de%++k%I..Z.Jv..&I...&!M.....y..3..g....~...........9..y.9.q...;..s..,t.}...V.....V2...G...0.....X..Gq8..5f-.8.k.RY+V..;_..w.wE...y..il.....c.46.......(.^=.Ic+{.0.z.".v...5bMX..f....2.7.%..Xk...\|.).R.\,.]..on.g.X...a....V}..k.r.z,..e..[}.b-X..v.Ka..\|

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info