Edit tour

Windows Analysis Report
https://rto.cloud-store.services/7d42b07b4d00117b?l=27

Overview

General Information

Sample URL:	https://rto.cloud-store.services/7d42b07b4d00117b?l=27
Analysis ID:	1528216

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13328927132499502834,14502186450771141446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rto.cloud-store.services/7d42b07b4d00117b?l=27" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc	HTTP Parser: No favicon
Source: https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.18:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.18:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.18:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.18:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.161:443 -> 192.168.2.18:49865 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: rto.cloud-store.services
Source: global traffic	DNS traffic detected: DNS query: _49153._https.rto.cloud-store.services
Source: global traffic	DNS traffic detected: DNS query: tslp.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: java.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: d25q7gseii1o1q.cloudfront.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.18:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.18:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.18:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.18:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.161:443 -> 192.168.2.18:49865 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/31@18/217

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13328927132499502834,14502186450771141446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://rto.cloud-store.services/7d42b07b4d00117b?l=27"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1976,i,13328927132499502834,14502186450771141446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	54.231.226.217	true	false	unknown
java.com	2.23.209.184	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
d25q7gseii1o1q.cloudfront.net	18.245.62.177	true	false	unknown
prod-lp-alb-1655798893.us-east-1.elb.amazonaws.com	52.20.232.13	true	false	unknown
tslp.s3.amazonaws.com	unknown	unknown	false	unknown
rto.cloud-store.services	unknown	unknown	false	unknown
_49153._https.rto.cloud-store.services	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
18.245.62.177	d25q7gseii1o1q.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
18.245.62.146	unknown	United States	16509	AMAZON-02US	false
54.231.225.57	unknown	United States	16509	AMAZON-02US	false
216.58.206.74	unknown	United States	15169	GOOGLEUS	false
3.214.70.204	unknown	United States	14618	AMAZON-AESUS	false
142.250.185.138	unknown	United States	15169	GOOGLEUS	false
52.20.232.13	prod-lp-alb-1655798893.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
2.23.209.184	java.com	European Union	1273	CWVodafoneGroupPLCEU	false
54.231.226.217	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528216
Start date and time:	2024-10-07 16:57:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://rto.cloud-store.services/7d42b07b4d00117b?l=27
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/31@18/217

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.142, 64.233.184.84, 34.104.35.123, 216.58.206.74, 142.250.185.170, 142.250.185.67, 142.250.185.138
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ajax.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://rto.cloud-store.services/7d42b07b4d00117b?l=27

LLM Input / Output

Input	Output
URL: https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc Model: jbxai	{ "brand":["Foundever"], "contains_trigger_text":true, "trigger_text":"You fell for a phish!", "prominent_button_name":"English", "text_input_field_labels":["RTO (return-to-office) policy"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "text":"Do not worry, this was an approved phishing simulation run by Foundever. We are here to help.", "has_visible_qrcode":false}

Input

Output

URL: https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc Model: jbxai

{
"brand":["Foundever"],
"contains_trigger_text":true,
"trigger_text":"You fell for a phish!",
"prominent_button_name":"English",
"text_input_field_labels":["RTO (return-to-office) policy"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"text":"Do not worry,
 this was an approved phishing simulation run by Foundever. We are here to help.",
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 13:58:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9732367951931957
Encrypted:	false
SSDEEP:
MD5:	5A451A4C9483A4DC4074DC76B4C634FC
SHA1:	78DEF8E8DC8420BE71C61C94E0991FA62A1CDD66
SHA-256:	50B5F13F0D7331D53F4F524DF0E555339B39ED02BB504E02EE52B8ADDB3BCDEC
SHA-512:	1CCC80199439B9849CE53E3D29239BE3BEF3A24465E20DE11778295479C42BE6F7EA1DACC1C39747778888322D684E52E4AFB3E284FEF8307B13F98508836335
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Qw6\........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYMw.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 13:58:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9901466342088376
Encrypted:	false
SSDEEP:
MD5:	3FC8CE55552AAA1E49A82BBD1CE82C7C
SHA1:	5D26E28F3426B9E28190A4F93F9257F93205A393
SHA-256:	CF8DCD4BEDF702964009320BB0E0EF5A99EF59086132CFE6B600BDEA5E7C1A1B
SHA-512:	63EED79D5811D1EF803F7A1B35EBDD2B967F518008516B0B9AE8AADE769858E2B3A6311DF5C25F6990AE6B6C63BE66C79510FBFF58F305800F09951B7C956EC7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......)\........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYMw.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	3.999007729119599
Encrypted:	false
SSDEEP:
MD5:	B5602CE60F69DA1CE78C25C4E4595D84
SHA1:	3B489E579C65BF32D6F7B10B802A5AA8B7DC7800
SHA-256:	81CDAE0A019DB60BBC254A9578BC4B9DC0630D0E09F3339425847DAEB7284A73
SHA-512:	646621EF5E31A31F5BABB66D5ADB641D6AD9C2E9CCE7D1D8E2AB687A68A758FAA5BABD57F65CF43A3355D727C71F5FEC00CCFBF119CB030F1DA3112027598EA5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 13:58:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9861935234262584
Encrypted:	false
SSDEEP:
MD5:	1100C5EF1F60EF8B2FA64E3FB53000F6
SHA1:	A2D06F2A0AB202D157716BDCA9E8FCEE1C0BCA41
SHA-256:	A538D2C159ED9AD55F93C1CC5729DB31688C32966D6A45F9DEEA8CB70C41DB78
SHA-512:	4EA90E80437102646969481C017A442959B6C8A1C865DB27B3B93442B289DD58E1C179F2BE52B4CD054C2922972A6E40203A5484AD195BC89409694E85B5BCDC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...._.#\........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYMw.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 13:58:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.976298310021001
Encrypted:	false
SSDEEP:
MD5:	B263DF4D6CF3FF682630BBCA979DD9D1
SHA1:	E9870DBA5B41B54DA1648F05BB805AD3D86477BB
SHA-256:	C599ED110FFBE78A9C2CF012A99F25BA4599F6FF1B66AF55E15BCB8372A3B3CB
SHA-512:	40C5280935142B35D89B649D81E2CAD5E5DCFF6FBECB8EE347F4F4B60E9C63B12FB5FDFA4FE4AD5D3B695F54B8D9320AE2A7500773A758FD4E30B546DFD4C847
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......0\........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYMw.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 13:58:25 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9863615539294828
Encrypted:	false
SSDEEP:
MD5:	8F14B3521AE457757C3813F9FAFC0CA8
SHA1:	18728E40D904A47FC4FF397D02644B109B9C3729
SHA-256:	27B40EC6DC21D6CF0D051DB0E3C6912D0D9A60FB2068285B336758008FF0CD28
SHA-512:	E0977F2C867D41A4D9E81F17F8C246253388F02853F436CA166BB76A0EE6C080C53D3100ED15935E949B9A065749145AC35880F5D473526E3F5E7E387F2C93FC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......\........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IGYDw....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGYKw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VGYKw....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VGYKw...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGYMw.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5941
Entropy (8bit):	3.890139995787555
Encrypted:	false
SSDEEP:
MD5:	FFD2CC77BB64D40BEEB5D561FFFE1F79
SHA1:	6CB535641677D27E4DE591CEB3C4E2F408826E7D
SHA-256:	CDB16CA3DDD3CEAD71121799751FA80D3033375ABCDBC5FC84D35FB82C7FC9DE
SHA-512:	F47EC76CE96D8652D068FE13DFF15D76CE31B1292061765844BEFCDF668270BA75A1D0757A993F2B73F8D509BCC1883DDE2D4CC5B58B320CF21B77A526F43556
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/detect/wmp.js?guid=42b07d0011&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ WindowsMediaPlayer ].[ isMinVersion getVersion hasMimeType getInfo onDetectionDone ].[ AllowActiveX BetterIE ]./.(function() {. j = PluginDetect;. var o = {. setPluginStatus: function(p, r) {. var q = this;. if (p) {. q.version = j.formatNum(p). }. q.installed = q.version ? 1 : (r ? 0 : -1);. q.getVersionDone = q.installed === 0 ? 0 : 1;. },. getVersion: function(t, q) {. var r = this,. s, p = null;. if ((!s \|\| j.dbug) && r.nav.query().installed) {. s = 1. }. if ((!s \|\| j.dbug) && r.axo.query().installed) {. s = 1. }. if ((!p \|\| j.dbug) && r.axo.query().version) {. p = r.axo.version. }. if (((!s && !p) \|\| q \|\| j.dbug) && r.FirefoxPlugin.query().version) {. s = 1;.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4234
Entropy (8bit):	3.7012321814825753
Encrypted:	false
SSDEEP:
MD5:	E6DD596D2BC204EA573B868B92028C26
SHA1:	FA58BBA4C9A01B3764A881949A8423B773D8A338
SHA-256:	0730A7E6770925FA4232096E4D9874514985EC791A63FE873F0E4E3CD7722381
SHA-512:	4857A83D1F1AC1127A578B2BDE94973BCE3ECD2720CBC4D72DDF8CB193F0F3676BF932D0352F0F45CA3A553677D3960A61B472CA15C66E74F3E6384E36E018B4
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ Silverlight ].[ isMinVersion getVersion hasMimeType getInfo onDetectionDone ].[ AllowActiveX BetterIE ]./.(function() {. j = window.detector;. var h = {. getVersion: function() {. var r = this,. p = null,. q = 0;. if ((!q \|\| j.dbug) && r.nav.query().installed) {. q = 1. }. if ((!p \|\| j.dbug) && r.nav.query().version) {. p = r.nav.version. }. if ((!q \|\| j.dbug) && r.axo.query().installed) {. q = 1. }. if ((!p \|\| j.dbug) && r.axo.query().version) {. p = r.axo.version. }. r.version = j.formatNum(p);. r.installed = p ? 1 : (q ? 0 : -1). },. nav: {. hasRun: 0,. installed: 0,. version: null,. mimeType: ["application/x-silverlight", "application/x-silve

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (322)
Category:	dropped
Size (bytes):	6999
Entropy (8bit):	3.826075419802806
Encrypted:	false
SSDEEP:
MD5:	EE73F2F47D51116DC40B85A6B57EAF20
SHA1:	6C42011667BAC1FA6C3272A11B510F22962D72A2
SHA-256:	6AE53963F41133561C78B4332B564C01F551C471CD91D980436A9F5DACDD8F19
SHA-512:	162F426E8C5787B989C07332EC466A68F97164400EE09562B925D3B4FE34D4BF393214C8A173174F22B0A47F635A0864D81D9E1BD3CB8D73DA4335A3F715A37D
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ QuickTime ].[ isMinVersion getVersion hasMimeType getInfo ].[ AllowActiveX BetterIE ]./.(function() {. j = PluginDetect;. var i = {. setPluginStatus: function(q, p, s) {. var r = this;. r.version = p ? j.formatNum(p, 3) : null;. r.installed = r.version ? 1 : (s ? (s > 0 ? 0.7 : -0.1) : (q ? 0 : -1));. r.getVersionDone = r.installed == 0.7 \|\| r.installed == -0.1 \|\| r.nav.done === 0 ? 0 : 1;. },. getVersion: function(s, t) {. var u = this,. p = null,. r = 0,. q;. t = j.browser.isIE ? 0 : t;. if ((!r \|\| j.dbug) && u.nav.query(t).installed) {. r = 1. }. if ((!p \|\| j.dbug) && u.nav.query(t).version) {. p = u.nav.version. }. q = !p ? u.codebase.isMin(s) : 0;. if (q) {. u.setPluginStat

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	926
Entropy (8bit):	7.650083871007416
Encrypted:	false
SSDEEP:
MD5:	3C506B80D78539262795C9BA59A0631A
SHA1:	0B7EF5BDEADE81C3FFC8ABC8EF8A17F7566A10F4
SHA-256:	A35DE3A30E58BF477FEBCA8B47225959F48FD384FAF088A218D6BF2251F06CBE
SHA-512:	AA04687DE6D0C6DF36B655891B055FA3BC22BF8A5619589CA012150B7F64036A5F21FF8EBBD6C604C6FBCBA686D1946AC23712EE052FFFEB163C16E29A9A23E6
Malicious:	false
Reputation:	unknown
URL:	https://d25q7gseii1o1q.cloudfront.net/training/fish/mail.png
Preview:	.PNG........IHDR...0...0......,.....PLTE..............................`.......tRNS...........F.X...%IDATx^u.;o.W....:.4..vK:...%.0....v.. fG#v.vd^.v+E..s.K-...N..N..f.......G....]~/\|"V...ss..i......AF.(..G..q......3..=...0....2...E..._v.y......8..@..z..\.]3..+6..~...r.r.>R...............'=..W......NO........M#.,.]..67.c..A.......o..^..'H.b>....i.....C..(....\c....,....M..j:.M......9[ ..BY>...u....+mUD..d..n..E...F..{1.d.d%......FUUg..........E.<?h.......".......X.m->c....I...V..O9k.........f.yf#!.xn.N.......`.M._..<C.Z.>%.K!.J.........#q........W5.5..Dq...UX..&.3.1..<;.C.x'..S.N...........R......g......=...Ez.."=l.tNU.$...s.Z#..~.-..W.0.}"..W!Rr...V....@..5=........D..>.h3....J..^..]......%..2:R_.2U...M.Mp....."..1=.w..y....b?.0...jc.....d...K.Xh.z+.I...iH..?F#....E.d.P....7....u.C...@.{ip.j..n.]..gW...!.N..E.Z.M...M.@<.$..a.}..<.........HCW.b:s..j+....R...c5....IEND.B`.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32341)
Category:	downloaded
Size (bytes):	96381
Entropy (8bit):	5.38156916982579
Encrypted:	false
SSDEEP:
MD5:	8FC25E27D42774AEAE6EDBC0A18B72AA
SHA1:	B66ED708717BF0B4A005A4D0113AF8843EF3B8FF
SHA-256:	B294E973896F8F874E90A8EB1A8908AC790980D034C4C4BDF0FC3D37B8ABF682
SHA-512:	87D90A665C15D71AC872BD8BC003D9863964C7EC7ADA6370B902B93C0BBD7770FE25730D946C7C6A465BAA95EFA74BC0E78AF3F83AEA615AF35060CC8702A6C1
Malicious:	false
Reputation:	unknown
URL:	https://rto.cloud-store.services/assets/ajax/libs/jquery/1.11.0/jquery.min.js
Preview:	/! jQuery v1.11.0 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k="".trim,l={},m="1.11.0",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functio

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	22855
Entropy (8bit):	3.5177544592160155
Encrypted:	false
SSDEEP:
MD5:	0D5882D41C8B6E40059C8D9ACBCF1518
SHA1:	53103565F3C07416FC691583A43A91943DBF0809
SHA-256:	D9B7C6163477008469AF64B211E2DBD4F4171B85B51E3714F11C99F9BA2C32F9
SHA-512:	2E70A43F053797DF07CF2A7F6CF4CDD99A0082CB3DC1FBF661FAB775E98EDC18866FC762576B9E26A9DF4C094523AF98D7B46C92F9D6A7BED2CBFE6CBA01447E
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ AdobeReader PDFjs ].[ isMinVersion getVersion hasMimeType getInfo onDetectionDone ].[ AllowActiveX ]./.(function() {. j = PluginDetect;. var c = {. OTF: null,. setPluginStatus: function() {. var p = this,. B = p.OTF,. v = p.nav.detected,. x = p.nav.version,. z = p.nav.precision,. C = z,. u = x,. s = v > 0;. var H = p.axo.detected,. r = p.axo.version,. w = p.axo.precision,. D = p.doc.detected,. G = p.doc.version,. t = p.doc.precision,. E = p.doc2.detected,. F = p.doc2.version,. y = p.doc2.precision;. u = F \|\| u \|\| r \|\| G;. C = y \|\| C \|\| w \|\| t;. s = E > 0 \|\| s \|\| H > 0 \|\| D > 0;. u = u \|\| null;. p.version =

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32089)
Category:	downloaded
Size (bytes):	92629
Entropy (8bit):	5.303443527492463
Encrypted:	false
SSDEEP:
MD5:	397754BA49E9E0CF4E7C190DA78DDA05
SHA1:	AE49E56999D82802727455F0BA83B63ACD90A22B
SHA-256:	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
SHA-512:	8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
Malicious:	false
Reputation:	unknown
URL:	https://rto.cloud-store.services/assets/ajax/libs/jquery/1.9.1/jquery.min.js
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (306)
Category:	dropped
Size (bytes):	50085
Entropy (8bit):	3.5610506396954245
Encrypted:	false
SSDEEP:
MD5:	00A513F07603DF01E3B99BE00F370754
SHA1:	F0C03B1C50F39C95075DF687CD55F18861631526
SHA-256:	4BAB432979D731F8264BCD9D40422CA7DFCFCB0E0E703288DB78BBFA555F853A
SHA-512:	9824C521D8B214847E6193CB8046488CFF1F113D6C9637241D5EE1042ADC6C8C7724452611DD0994E7A478768860E69A29B4F4E6B51FD726761DE520D5C05765
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ ].[ isMinVersion getVersion hasMimeType getInfo ].[ AllowActiveX BetterIE ]./.(function() {. var j = {. version: "0.9.1",. name: "PluginDetect",. addPlugin: function(p, q) {. if (p && j.isString(p) && q && j.isFunc(q.getVersion)) {. p = p.replace(/\s/g, "").toLowerCase();. j.Plugins[p] = q;. if (!j.isDefined(q.getVersionDone)) {. q.installed = null;. q.version = null;. q.version0 = null;. q.getVersionDone = null;. q.pluginName = p;. }. }. },. uniqueName: function() {. return j.name + "998". },. openTag: "<",. hasOwnPROP: ({}).constructor.prototype.hasOwnProperty,. hasOwn: function(s, t) {. var p;. try {. p = j.hasOwnPROP.call(s, t).

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (438)
Category:	downloaded
Size (bytes):	2890
Entropy (8bit):	4.939391601793129
Encrypted:	false
SSDEEP:
MD5:	184F963F1D0FA2D79C5A373F0C9449C1
SHA1:	36258C03DE1504DFF071B8C68A20F53414EBB8C6
SHA-256:	80DA308DFAB92F82DAA165444E04D889CF654CE3FE8E852484EF9ADA972B3083
SHA-512:	03F52FF5340C71608B790F2E623FACFF31532195177D2696F0D1CB4A96B5B491F9A0FE2C563DC1F724183CA4196AA511FC986B3FFFE488E243362F94DD6BFA27
Malicious:	false
Reputation:	unknown
URL:	https://rto.cloud-store.services/training_screenshot?guid=42b07d0011&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc
Preview:	<!DOCTYPE html>.<html lang="en">.<head>.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta charset="utf-8">.<meta name="viewport" content="width=device-width,initial-scale=1">.<meta name="x-apple-disable-message-reformatting">..<title></title>.. [if mso]> . <noscript> . <xml> . <o:OfficeDocumentSettings> . <o:PixelsPerInch>96</o:PixelsPerInch> . </o:OfficeDocumentSettings> . </xml> . </noscript> . <![endif]-->..<style type="text/css">table, td, div, h1, p {font-family: Gotham, "Helvetica Neue", Helvetica, Arial, sans-serif;}..</style>.</head>.<body style="margin: 10px; padding: 0px;">.<table role="presentation" style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; background: #ffffff;">..<tbody>...<tr>....<td align="center" style="font-size: 14px; padding: 0px;">....<table style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px;">.....<tbody>......<tr>.......<td align="left" style="">..

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	6680
Entropy (8bit):	3.6986423324780655
Encrypted:	false
SSDEEP:
MD5:	F9AD9A096894BA248E4A1F73E7EBA1BE
SHA1:	F2449CE5F7A5C42FFDCC5F087A75B2513E73592C
SHA-256:	A26D01D5912459798481786640DC44FD7605D09F2F9E6DD24720205EFCAB6861
SHA-512:	230C6B3F64BAD4A1681A90CD835FD2037068AD951D1BFB027E2B90F832C074D0AF686D2AA51175BE538BFAE9A08D96E9D46C941AEF223567937E0CD280B76DD4
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ Flash ].[ isMinVersion getVersion hasMimeType getInfo ].[ AllowActiveX BetterIE ]./.(function() {. j = PluginDetect;. var e = {. mimeType: "application/x-shockwave-flash",. setPluginStatus: function(t, q, p) {. var s = this,. r;. s.installed = q ? 1 : (t ? 0 : -1);. s.precision = p;. s.version = j.formatNum(q);. r = s.installed == -1 \|\| s.instance.version;. r = r \|\| s.axo.version;. s.getVersionDone = r ? 1 : 0;. },. getPrecision: function(t) {. if (j.isString(t)) {. var q, s = "\\d+",. r = "[\\._,]",. p = [s, s, s, s];. for (q = 4; q > 0; q--) {. if ((new RegExp(p.slice(0, q).join(r))).test(t)) {. return q. }. }. }. return 0.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	50717
Entropy (8bit):	3.4749180527505756
Encrypted:	false
SSDEEP:
MD5:	2BEC0061039DC3FB25FC20AAF611D5B9
SHA1:	DFC11B0662AC5950D309E2615E887032DD1DDE0C
SHA-256:	4805FC6ABDAD8075AF2165E241B781C3073D4769AE725E4004BF79064ACB5F24
SHA-512:	A0B342EED3291E1E48E5DBECBBBE74370D06C15269196B5E5CFEC1EE58B401D5F24058E842222747B5144DC4902852B417EC3DC37A8799FD451C875C584AD8DF
Malicious:	false
Reputation:	unknown
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ Java ].[ isMinVersion getVersion hasMimeType getInfo onDetectionDone ].[ AllowActiveX BetterIE ]./.(function() {. j = PluginDetect;. var a = {. Property_names: [],. Property_values: [],. Property_values_lock: [],. JAVATOJSBRIDGE: 0,. JSTOJAVABRIDGE: 1,. mimeType: ["application/x-java-applet", "application/x-java-vm", "application/x-java-bean"],. mimeType_dummy: "application/dummymimejavaapplet",. classID: "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",. classID_dummy: "clsid:8AD9C840-044E-11D1-B3E9-BA9876543210",. navigator: {. init: function() {. var q = this,. p = a;. q.mimeObj = j.hasMimeType(p.mimeType);. if (q.mimeObj) {. q.pluginObj = q.mimeObj.enabledPlugin. }. },. a: (function() {. try {.

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	11194
Entropy (8bit):	5.3411998506500575
Encrypted:	false
SSDEEP:
MD5:	B69C29C8C917C014D6F4B79752D8CE0B
SHA1:	71A580B2E8792BA930815BCCA3BDA73E7715CA3F
SHA-256:	5CCCC465F4C8CDCEC789A0B28846823F18646206351BC9FF794F1AEC7F58F5B0
SHA-512:	72D5BA23DB12BE9AF117A3BE682801E3839639EBEB656E426A05367250D26B1520BBF4D1FE981083EF4F92DDEE3F50B62E69B82322FE18C697460D22F06A5209
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css?family=Open+Sans:400,700"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Open Sans';. font-style: normal;

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1900
Entropy (8bit):	4.759503479044407
Encrypted:	false
SSDEEP:
MD5:	5B4AB6EBB4B3B8082F88EA8F0C539B63
SHA1:	6E8228DE914A1E00DFA956248015C6540BB8667D
SHA-256:	4352F5405C4986ECDA99A6E6896D4DF331465A81F3647A0BB6332B720C2CD4E6
SHA-512:	1ABC2856934350EC34A9A56DB168C19FD920E582759B6B78ABDC70862FAE847BA24CDDA8A04A78DCBDBE920D78D31173AC3F8855C50839D21E723189B643F41E
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/training/embedded/translations/url/en-us.json
Preview:	{. "replacements":{. "title":"You have been Phished!",. "h1":"OOPS!",. "h2":"You fell for a <strong>phish!</strong>",. "p0":"Do not worry, this was an approved phishing simulation run by %COMPANY%.<br> <strong>We are here to help.</strong>",. "p1":"Below is the simulated phishing message you just received. Like a real phishing attack, on the surface, the email seems to be legitimate.. but it isn't..",. "p2":"If this had been an actual attack, clicking the link would have sent you to a dangerous site and exposed your system to ransomware, malware or another cyber security threat.",. "p3":"<br> When you receive an unsolicited email with embedded web links, keep the following tips in mind:",. "ul1":"<li>Be immediately suspicious if the message tries to scare you, offers an incredible deal, or prompts you to reset a password or update account information.</li> <li>Check each link by hovering over it to see its true source. If the URL is unfamiliar or differs fr

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	28356
Entropy (8bit):	5.215232550543418
Encrypted:	false
SSDEEP:
MD5:	A6B682FEC1E95D9A565627499E1B0FD2
SHA1:	9D9B94C97C01446AE496006BEAFA2B3A05AB7C6A
SHA-256:	940DA9FCC9AEF9C6F5EC3E47002962DC008A6B70D9A012F5D22AF8C53DA29210
SHA-512:	0AB6339098AF3CFA0D1F500D93FD2773472415DDAE8E33C0819A44DB3CFD46F10B20FEA1D18BF20CEE1757F1F3DB1F9B7E83BB8724E1528487EF4CE03D377DEA
Malicious:	false
Reputation:	unknown
Preview:	(function() {.window.base_post_url \|\| (window.base_post_url = ""), window.log_error = function(e, i) {.window.log_to_console(i), new Image().src = window.base_post_url + "/log?id=" + encodeURIComponent(window.tracking_id) + "&sev=" + encodeURIComponent(e) + "&msg=" + encodeURIComponent(i) + "&correlation_id=" + window.correlation_id;.}, window.log_to_console = function() {.void 0 !== window.console_debug && console.log;.}, window.log_message = function(e) {.window.log_to_console(e), new Image().src = window.base_post_url + "/trace?id=" + encodeURIComponent(window.tracking_id) + "&msg=" + encodeURIComponent(e) + "&correlation_id=" + window.correlation_id;.};.}).call(this), window.log_message \|\| (window.log_message = function(e) {.new Image().src = window.base_post_url + "/trace?id=" + encodeURIComponent(window.tracking_id) + "&msg=" + encodeURIComponent(e);.});..var BrowserDetect = {.init: function() {.this.browser = this.searchString(this.dataBrowser) \|\| "unknown", this.browserString =

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	9775
Entropy (8bit):	3.5887745114878893
Encrypted:	false
SSDEEP:
MD5:	3D7BE656672C16A34806C13388410325
SHA1:	C391646C980C60D75C35B33A974C97AE88114EEF
SHA-256:	88BE902CC76B5EC1EC932B6AE93457B6B0CA69D7A36BFADEFC2F24DB225DC238
SHA-512:	E4BFA1B906B6F12F9CE8FBB1CFC41FFD5341149B6AFFEB8567A6486E386C000C501AF6040D7986046CBF3E0E0C99C4F08B4011003302753536BA0166DE49CE0F
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/detect/realplayer.js?guid=42b07d0011&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc
Preview:	/.PluginDetect v0.9.1.www.pinlady.net/PluginDetect/license/.[ RealPlayer ].[ isMinVersion getVersion hasMimeType getInfo onDetectionDone ].[ AllowActiveX BetterIE ]./.(function() {. j = PluginDetect;. var n = {. mimeType: ["audio/x-pn-realaudio-plugin", "audio/x-pn-realaudio"],. classID: "clsid:CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA",. setPluginStatus: function(r, p) {. var s = this,. q;. if (p) {. s.version = j.formatNum(j.getNum(p)). }. s.installed = s.version ? 1 : (r ? 0 : -1);. q = s.installed == -1 \|\| s.instance.version;. q = q \|\| s.axo.version;. s.getVersionDone = q ? 1 : 0;. },. navObj: {. hasRun: 0,. installed: null,. version: null,. find: "RealPlayer.*Plug-?in",. avoid: "Totem\|QuickTime\|Helix\|VLC\|Download",. plugins: ["RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	1713
Entropy (8bit):	4.909213983910174
Encrypted:	false
SSDEEP:
MD5:	BC7F970AD0F163BC72C9AE9AA09E1CDE
SHA1:	BF67B0D0F3BB4038CAF1021A692B6EB6024C3E02
SHA-256:	5243766EEDFCBA70128C2931DBEF8875F942B81E39002D80DC0110167D4EF742
SHA-512:	86662D26C0D26E1DD10BA4E355385AEA41F8CD9859E0F0BC1A3759ED553CCC7A86D650512439E1E0CFA4142FF78352C9AC0A96DACD5B074CA196A9C9C785ECF8
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/training/teachable_moments/css/langdrop.css
Preview:	html {. margin: 0;. padding: 0;. -ms-text-size-adjust: 100%;. -webkit-text-size-adjust: 100%;.}..body {. line-height: 1;. margin: 0; padding: 0;.}..* {. -webkit-box-sizing: border-box;. -moz-box-sizing: border-box;. box-sizing: border-box;.}..ol,ul,li {. font-size: 100%;. font: inherit;. margin: 0;. padding: 0;.}...langDrop {. font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;. background: #484c55;. border: 1px solid white;. border-radius: 4px;. color: white;. display: inline-block;. font-size: 14px;. line-height: 160%;. margin-left: 10px;. padding: 5px 15px;. position: fixed;. top: 10px; right: 10px;. vertical-align: middle;. z-index: 2;. min-width:150px;. text-align: center;.}...langDrop span:before {. content: 'Language:';. position: absolute;. top: 5px; left: -80%;.}...langDrop span:after {. content: ' .';.}...langDrop ul {. border: 1px solid transparent;. border-top: 0 none;. list-style: none;. max-height: 0;. opacity: 0;. overflo

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8207
Entropy (8bit):	5.018706942766982
Encrypted:	false
SSDEEP:
MD5:	8B9A9D305BD69C962B600C08F3C69EDF
SHA1:	9A907E240CDF81D8265C9FB1322CFE10ED027288
SHA-256:	73F360F08E8C2A1719C098491E17D53CDAA98D246585BFD0285A2AFAD75C51A7
SHA-512:	813A8B088B07A36A02994D0EC09EBB1CCD3974BF88C617606F7BD9F632B32D1FBDBFE4C45A421BB17B6E8BDB0CFCD6D965D7CAEF6085CFA915E99B4D34CA5109
Malicious:	false
Reputation:	unknown
Preview:	jQuery.support.cors = true;..window.updatePage = function(language, data) {. var direction = data.dir \|\| "ltr";. var company_name = window.company_name \|\| "%COMPANY%";. var company_name_possessive = window.company_name_possessive \|\| "%COMPANY's%";.. $("#module-container" ).css({. "font-size": data.fontsize,. "line-height": data.lineheight. });. $("#module-container").attr("class", "ict-" + language);. $("#module-container").attr("dir", direction);.. var replacements = data.replacements \|\| data;. $.each( replacements, function( key, val ) {. var data_key = "*[data-text='"+ key + "']";. if ( $(data_key) ) {. $(data_key).not('input').html(val.replace(/%COMPANY%/g,company_name).replace(/%COMPANY_POSSESSIVE%/g,company_name_possessive)).attr("dir", direction);. $(data_key).html(val.replace(/%COMPANY%/g,company_name).replace(/%COMPANY_POSSESSIVE%/g,company_name_possessive)).attr("dir", direction);. if (direction == "rtl") {. $(data_key).attr("ali

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	8240
Entropy (8bit):	5.171555618435048
Encrypted:	false
SSDEEP:
MD5:	7C81AAEA1C09B1EA3114C4CEE76BFFE8
SHA1:	4470FB29DA8CC4F68A63BD8973FB96A1D07A3A08
SHA-256:	0380BCBDFF77D563A972E600254EE194772F3337FF914D24110AE3D9A9EA7665
SHA-512:	38ABAB82B51FC53AEDACEB239A762BA3B827755F7F78D5DD6AFFD62BB2068ECD8C488EAB4B167B3F2D2E6174EFBA6B231286C98C4C9551B1FD13F322BC92E5DD
Malicious:	false
Reputation:	unknown
URL:	https://rto.cloud-store.services/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc
Preview:	<!doctype html>.<html lang="en">.<head>.<meta charset="UTF-8" />.<title data-text="title">You have been Phished!</title>.<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700" rel="stylesheet" type="text/css" />.<link href="https://tslp.s3.amazonaws.com/training/embedded/css/url.css" rel="stylesheet" type="text/css" />.<link href="https://tslp.s3.amazonaws.com/training/teachable_moments/css/langdrop.css" rel="stylesheet" type="text/css" />.<meta content="width=device-width, initial-scale=1" name="viewport" /> [if lt IE 9]>. <style type="text/css">. header .fish { background: url(https://d25q7gseii1o1q.cloudfront.net/training/fish/fish.gif) no-repeat }. header .bubble { background: url(https://d25q7gseii1o1q.cloudfront.net/training/fish/bubble2.gif) no-repeat }. header .bubble:first-of-type { background: url(https://d25q7gseii1o1q.cloudfront.net/training/fish/bubble1.gif) no-repeat }. header .bubble:last-of-type { background: url(https://d25q7gs

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	2511
Entropy (8bit):	4.169228539892239
Encrypted:	false
SSDEEP:
MD5:	118032089FF5601C26DB331DC455DC1C
SHA1:	DA0F04C3B17DE1EBB03701F5760F1D53CFFA29B6
SHA-256:	FF15EE304B9FA684507D889A5A342F7C89116739B04B0A160BE65E0A63718F0F
SHA-512:	100161F784BF69F7BBD6FF9D80EF6DD30B7DDD7774CE877F889DDF91CF6F26EECE08E24B55900D8706169E43CC4406507D4FCB30DAC0FD03BD106DEE260C9807
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"."http://www.w3.org/TR/html4/strict.dtd">.<html>. <head>. <script>window.test_mode = true;</script>. <title>. The page cannot be found. </title>. <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">. <style type="text/css">. BODY { font: 8pt/12pt verdana }. H1 { font: 13pt/15pt verdana }. H2 { font: 8pt/12pt verdana }. A:link { color: red }. A:visited { color: maroon }. </style>. </head>. <body>. <script src="/assets/ajax/libs/jquery/1.8.0/jquery.min.js" type="text/javascript">.</script><script src="/assets/all.js?g=404" type="text/javascript">.</script>. <table width="500" border="0" cellspacing="10">. <tr>. <td>. <h1>. The page cannot be found. </h1>The page you are looking for might have been removed, had its name changed,

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	352
Entropy (8bit):	4.685775248288353
Encrypted:	false
SSDEEP:
MD5:	029AB28CA3C245DC425E3F3F6599D480
SHA1:	845057D3630D0A06E797A7049B3E9658D7650AF1
SHA-256:	8A1170223599205267C6EE3A3072855F1727461D9DD1066BB94F39180F963AF9
SHA-512:	5429DDC21DD62EBF7192985BAD0E22BD350C6C65051CA005BBFC27A9CD64088AEAE2B7AA2BC1065155B74509BE36E1524E04488A3E05D0407F5031F9E43480AB
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/assets/js/training.js
Preview:	$(document).ready(function () {. $('#training-form').prop('action', function (i, val) {. var correlation_id = new RegExp('correlation_id=([^&#]*)').exec(window.location.href);. if (correlation_id === null) {. correlation_id = "";. } else {. correlation_id = '?' + correlation_id[0];. }. return val + correlation_id;. });.});.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65480)
Category:	dropped
Size (bytes):	93435
Entropy (8bit):	5.372924511876392
Encrypted:	false
SSDEEP:
MD5:	0B6ECF17E30037994D3FFEE51B525914
SHA1:	D09D3A99ED25D0F1FBE6856DE9E14FFD33557256
SHA-256:	F554D2F09272C6F71447EBFE4532D3B1DD1959BCE669F9A5CCC99E64EF511729
SHA-512:	468C0F964014D76EC5966F5589B2CCC0A7B5F3E8A785134897DFA282A3E6824CE9A75584C9404B77A6962FEF99547356AABE8AA71A6499E2568B9DE792D90579
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v1.8.2 jquery.com \| jquery.org/license /.(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba(){return!1}function bb(){return!0}function bh(a){return!a\|\|!a.parentNode\|\|a.parentNode.nodeType===11}function bi(a,b){do a=a[b];while(a&&a.nodeType!==1);return a}function bj(a,b,c){b=b\|\|0;if(p.isFunction(b))return p.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return p.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=p.grep(a,function(a){return a.nodeType===1});if(be.test(b))return p.filter(b,d,!c);b=p.filter(b,

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 188 x 232, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5003
Entropy (8bit):	7.918202068997788
Encrypted:	false
SSDEEP:
MD5:	3E598C505586E70346FA62D104DD540F
SHA1:	497E981085A062E5E4972635E775C740FB701AD1
SHA-256:	7789F06BCF267AB54B9BC9C64EA04877C46AA141F67A21A501D908447FD95EBB
SHA-512:	D544074AA05732D6C1018B019CBB4F28AA257EC272E36DD0BCCA0094C3902DB92699127ADCC7116BC0BB0F7816028C881B5EA3DE3F6375E4144562AF7934B89C
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/training/production/314/hooks-a3eab7.png
Preview:	.PNG........IHDR.............UV.J...RIDATx^.....u.....\..1..BlR..b.dI...0...A.R.U....U@I..I.\.n...A...T..b=}....1.+..?.._..y...f....z.~......z...l.:..9.9<?5.}u..:.T.....Tf:.Lu.#......5"..#x.<.........A. x.<...z.^M.gg..g....{...2..~......^.5......9.......P.y..W.%.D...c........P....+.e..jom..A.].o....m..qK.?..>..3.{.j.5..`.c.....\mP>.............3/.\......C.. +.m.-....A. x.<.........A..........A. x.<.......#x.<.........A. x.<...?..rM....9..:...~U.......3..&OTg...G.J..we-e.l..tK..........~f[]......B.-.}S.k.-.~s...B.-.7.k...u.a..q6.9R-....3..2.....c..r....@.w4.^.O`~.!r..z.q\|if..\|....YW4.?..F..e.6.......g.c..i..Pk~o...sE.-.....ff."V2...U.uy#.o...D...X..../.[..+..xz...j.<Z....^o./df..w.x.E....m..r^w.:...c.}oe>o<,.;s..S......!...M..X.).Df...P.:s.&xx,.~../.s]....Kk..?>x...:..2{.....#W..._P.5.3.g>L.g..\iz.#..SYO.....u...........A. x.<.....G. x.<.........A. x.<.....A. x.<.........A. x.......A. x.<.........a..'..+.Y[.&......;..3..M......P,....V.G.

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (412)
Category:	downloaded
Size (bytes):	6367
Entropy (8bit):	4.9588260446643275
Encrypted:	false
SSDEEP:
MD5:	0560FEBF38CFE916AB8FFBEE8CE4E9FC
SHA1:	5E41BB9B576DB52BCEA94264B9929A286A20A0F4
SHA-256:	18FD69A3BB1FC61221C8D6C3BBBD177C38A21D96392BF2B403DDD9969615CF22
SHA-512:	EB8F196049AC589A399504FB03B56C3AB011DFC508206C1AD47554C4AE961E35BF8B7284E1EEE0CCEC8FD114674C664F8058256CDDC7B60B3EBC3107708365EE
Malicious:	false
Reputation:	unknown
URL:	https://tslp.s3.amazonaws.com/training/embedded/css/url.css
Preview:	.cf:after {. clear: both;. content: '';. display: table;.}..html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video {. margin: 0;. padding: 0;. border: 0;. font-size: 100%;. font: inherit;. vertical-align: baseline;.}..article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,main {. display: block;.}..body {. line-height: 1;.}..ol,ul {. list-style: none;.}..blockquote,q {. quotes: none;.}..blockquote:before,blockquote:after,q:before,q:after {. content: '';. content: none;.}..table {. border-collapse: collapse;. border-spacing: 0;.}..strong {. font-weight: bold;.}..em {. font-style: italic;.}..a {.

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3876
Entropy (8bit):	4.879226867035063
Encrypted:	false
SSDEEP:
MD5:	101189F80892A5F8D773A52F4E47CCB2
SHA1:	54DC4E4B71C859C6547816DB6732860DC8EDD639
SHA-256:	4FA5B285439D94376AF94654074658DFCD309CF96426AEB8098A65FDD66DFBBF
SHA-512:	ED911274257368EA36E95E951EAF0CFECA9810AE304BF93ABCB74AFC65F918ACC3D9237EC296B39E676E5675EF5D69CBCE24667A31FE552A0E7335CB3A831CD5
Malicious:	false
Reputation:	unknown
URL:	https://rto.cloud-store.services/7d42b07b4d00117b?l=27
Preview:	<html>. <head>. <title></title>. <noscript><meta http-equiv="refresh" content="1;url=/load_training?guid=2442b07bcd001199&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc"></noscript>. </head>. <body>. <noscript><img src="/trace.png?id=42b07d0011&msg=JavascriptDisabled&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc" width="1" height="1" style="display: none;"></noscript>. <img src="https://rto.cloud-store.services:49153/alt_pixel_click_42b07d0011.gif?correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc" width="1" height="1" />. </body>. <script type="text/javascript" src="https://tslp.s3.amazonaws.com/detect/plugin_detect.js?guid=42b07d0011&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc"></script>.<script type="text/javascript" src="https://tslp.s3.amazonaws.com/detect/java.js?guid=42b07d0011&correlation_id=8f335f95-dc2b-4023-bb8b-ec30980940fc"></script>.<script

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://rto.cloud-store.services/7d42b07b4d00117b?l=27

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 104

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 117

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 124

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://rto.cloud-store.services/7d42b07b4d00117b?l=27