Edit tour

Windows Analysis Report
https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D

Overview

General Information

Sample URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D
Analysis ID:	1431746

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,13295750669435240631,14930290102246976825,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: Iframe src: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: Iframe src: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: Iframe src: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: Iframe src: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D

HTTP Parser: Number of links: 0

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D

HTTP Parser: <input type="password" .../> found

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="author".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="author".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="author".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="author".. found

Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="copyright".. found
Source: https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.157.11:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49773 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	DNS traffic detected: DNS query: idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: consent.truste.com
Source: global traffic	DNS traffic detected: DNS query: consent.trustarc.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.157.11:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49773 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@14/35@14/84

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,13295750669435240631,14930290102246976825,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,13295750669435240631,14930290102246976825,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
consent.truste.com	13.32.230.2	true	false	high
dp.aaaaaaaazhl7hfdgch6jj5oh64gla3hqdwbwht7fvcwkdmx2fzdz3zribfua.idcsprod.us-phoenix-idcs-3.idcs.prod.oraclecloud.com.us-phoenix-idcs-3.oraclecloud.com	147.154.119.52	true	false	high
www.google.com	142.250.9.106	true	false	high
consent.trustarc.com	52.85.132.42	true	false	high
idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D	false		high
https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.124.100	unknown	United States	15169	GOOGLEUS	false
52.85.132.42	consent.trustarc.com	United States	16509	AMAZON-02US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
142.250.9.106	www.google.com	United States	15169	GOOGLEUS	false
3.161.150.83	unknown	United States	16509	AMAZON-02US	false
13.32.230.2	consent.truste.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.15.94	unknown	United States	15169	GOOGLEUS	false
142.250.9.95	unknown	United States	15169	GOOGLEUS	false
147.154.119.52	dp.aaaaaaaazhl7hfdgch6jj5oh64gla3hqdwbwht7fvcwkdmx2fzdz3zribfua.idcsprod.us-phoenix-idcs-3.idcs.prod.oraclecloud.com.us-phoenix-idcs-3.oraclecloud.com	United States	31898	ORACLE-BMC-31898US	false
142.251.15.84	unknown	United States	15169	GOOGLEUS	false
172.217.215.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431746
Start date and time:	2024-04-25 17:43:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@14/35@14/84

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.15.94, 172.253.124.100, 172.253.124.113, 172.253.124.102, 172.253.124.101, 172.253.124.139, 172.253.124.138, 142.251.15.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:43:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9963176368577518
Encrypted:	false
SSDEEP:
MD5:	33D15E48430E8081E279257A75230F79
SHA1:	A687CE4D2A15AE9583AEBCB3E12DFEDF6BE0AA1B
SHA-256:	2A6C6864B2449DD717BFB036BBBC58DD07D3AD8BD766A7D08AA5BF4A933EB53C
SHA-512:	DA153B4133EC3DF691B2B1562AE7CE14EE76B6ECF250896D2C4AEBC15A7568D3ECB82D41DE435DAA2558D4D6938015631D65B3125F9DFFEE59A7F7AB93791FAA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......a'.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X\|}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:43:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.015154559284531
Encrypted:	false
SSDEEP:
MD5:	64B914B0486FA455D9069D3F47EB6C7B
SHA1:	DE6D75B4595FB19BC7147408683F8B2BE5C8A7F9
SHA-256:	40F21878E4350B299451B2FCA50378053564F0B617B1E315A11C80FE3AE534D7
SHA-512:	45E7A2E6E9B3BD53BDDA0867A4AB4FD9017B3D05DC8C55AC77AF0B8D7406D420CE4496AD6B4C75F98DBA5C155D703452E57DFD3146B0E05C6880FA4E4901D9A0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....`..`'.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X\|}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.020482327627133
Encrypted:	false
SSDEEP:
MD5:	6DD9D1BE709ACEBCD6F97354A9F34521
SHA1:	AE2ACB4FDF8F90A7A1CA0A22C2804D8408AB348E
SHA-256:	2D87768DFD2CE5D03404EB397A671B4C5FC14D90B5C721D708FDABD50947F192
SHA-512:	3A221FEE86FB31E3580ADEAD7034D74A63922C3B5E54D88ECA6634A00E8255F4A037E0E2FCD995C5697F5617107DAF08ED8F4D316C3AFC4F544525351B7DF90A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:43:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.009786053951216
Encrypted:	false
SSDEEP:
MD5:	07159C55905E8AB81234027EDD9F0837
SHA1:	735F192B033750576013589B3786CFA74E113193
SHA-256:	6144C3667185C1AC97DCFFCA9EA38D6171D396B5B935FCCC4A854212B583641E
SHA-512:	A9E3E3A8D558E46EB69B17B16A2EF8B5F0EA96961946F1370A28EE3623F1E76B2E5D03D3B5E869A1786369162C366D238D90CB82C6661A4AD65BDFABD2C6671B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....l..`'.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X\|}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:43:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.002123688721368
Encrypted:	false
SSDEEP:
MD5:	B366E7BD043F64A8686CB199DFC220ED
SHA1:	D9E8154C80CA32F24508C9574C79194C8D78C9A7
SHA-256:	EA71EFED89E6E20F9B4DD45AD6926677302597C5794B2CDDEBC1F744885A34F2
SHA-512:	3EE732B3832C6B374892E36F281C7CF469A51F482165929EE6FD4240F906D9A67818D42226784D9929703CACA6C3ACA2EDF56E19E0CE4EE13C99814E531DEB9B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......`'.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X\|}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:43:54 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.012775151927547
Encrypted:	false
SSDEEP:
MD5:	78A672B9C305B4A8E310A0259846AA91
SHA1:	21968C06C2E792F33B0104943B010AC242F48FE2
SHA-256:	2B2E31169A2621A53C8AA2A4E72182C20007BA23A328575BE9DA2D51F220246A
SHA-512:	38C4408C55A804052EB9D1232397F4D7B50C6D121E22183CEFC31C67A1BB6324405BA0A3992389B95632659F8C87F15390D191C4A4404824F0239758F56C3D5D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....h.`'.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xq}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xz}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Xz}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Xz}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X\|}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........~lL......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7130), with no line terminators
Category:	downloaded
Size (bytes):	7130
Entropy (8bit):	5.264545608022326
Encrypted:	false
SSDEEP:
MD5:	0788EC8A243DA8048DB2CDBFFBF3BDD6
SHA1:	E73DC8FA9DFD1EBCAA708E76C33CABBD4AC37A77
SHA-256:	B598E3A3B0ED10DF69911DECE5EF1B5C56D98563D4E68E07DCBB415E13B6AD26
SHA-512:	29FD6AF008641C451397884AF04C80508DE5FA1FBFF604FDC74397DA08E6744EA60483D70E6F55EF89B2B4E73C1E1FDDE24343F050AF2D70994E301397D547BC
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/signinModule/signin-main.js
Preview:	define(["ojs/ojcore","knockout","jquery","signinModule/util/utils","commonModule/util/main.util","commonModule/util/common.util","commonModule/platform/logger","commonModule/platform/idaascore","commonModule/util/feature.util","commonModule/util/theme","commonModule/util/soupStateReinitiate","ojs/ojarraydataprovider","ojs/ojmodule-element","ojs/ojrouter","ojs/ojmessages","ojs/ojmessage","commonModule/app","commonModule/binding-handlers","commonModule/platform/idaasshell","commonModule/platform/idaassession","commonModule/platform/idaasconstants","commonModule/component/control/ojIdaasSigninMessage/loader","ojs/ojdatetimepicker"],function(e,o,n,i,t,a,r,l,s,d,u){function c(){T&&a.isHomeRegionDown().then(function(e){V=e}).catch(function(e){l.Shell.addErrorMessage({detail:e})}),A&&(document.getElementById("idcs-signin-style-link").href="signinModule/style/redwood/signin.css",document.getElementById("idcs-signin-title-logo").href="commonModule/asset/oracle-favicon.ico"),(D\|\|L)&&(document.ge

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6916), with no line terminators
Category:	downloaded
Size (bytes):	6916
Entropy (8bit):	4.87569682417923
Encrypted:	false
SSDEEP:
MD5:	E76A8295B7AD26D38FDF8B610CD653DF
SHA1:	F768D80C121874598FAC6A14F0A61AA0A93ED5F9
SHA-256:	7C2CC83140290ED39932869C03CF2EE0ABB2F0C58FC0DAE22B10296B928EDA4D
SHA-512:	6B28DB377684375048417ACDC6D2B6A252615558031AB8CB07764B0F0EC0FE53E29D7BFB96F986B88B4F17368E3D78F5BED64B5724331A788743396D6DB804FC
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/signinModule/style/signin.css
Preview:	html{box-sizing:border-box;font-size:1em}*,:after,:before{box-sizing:inherit}body{background-color:#f0f1f4}a{cursor:pointer}oj-idaas-signin-app-shell .oj-button-primary .oj-button-text,oj-idaas-signin-app-shell h4{font-weight:700}oj-idaas-signin-app-shell a:focus,oj-idaas-signin-app-shell a:hover{text-decoration:none}oj-idaas-signin-app-shell .oj-label{color:#1e2834}oj-idaas-signin-app-shell .idcs-signin-select-one-width .oj-select{max-width:100%}oj-idaas-signin-app-shell h5{color:#1e2834;font-weight:500;margin:0}.idcs-signin-field-label-top-margin{padding-top:24px}.idcs-signin-field-label-bottom-margin{padding-bottom:24px}.idcs-signin-section-content-top-margin{padding-top:32px}.idcs-signin-section-description{color:#4a4a4a;font-size:1rem}.idcs-signin-section-image{height:48px;width:112px}.idcs-signin-link-button{font-weight:500;font-size:1rem}.idcs-signin-link-padding{padding-left:5px}.idcs-signin-disable-link{pointer-events:none;cursor:default;opacity:.5}.idcs-signin-text-italic{fon

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2178), with no line terminators
Category:	downloaded
Size (bytes):	2178
Entropy (8bit):	5.216854247225728
Encrypted:	false
SSDEEP:
MD5:	4D5EF1646D4ED9C5B01DFE7460C84083
SHA1:	A4A25442AE7A2612611B3815128CC437A5AEBAAF
SHA-256:	4E02FDA4BDFBDF9DF0E3523B8B2B385AFBD007A3F8318E0E640F8D0A0DA100BE
SHA-512:	2E6C05DCB0EA44B4DDB24C35FA72FE2555676C9CE3726D98E0519B794426279B00E77378595BF49CE9E75555124F4107D7A412AF43001C1B47FA5D600578D985
Malicious:	false
Reputation:	unknown
URL:	https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Preview:	<html><head><script>!function(){var e,t,a,r,n,o="truste.consent.",i=function(e){var t,a={},e=a._url=e;if(e=(a._query=e.replace(/^[^;?#][;?#]/,"")).replace(/[#;?&]+/g,"&"))for(e=e.split("&"),t=e.length;0<t--;){var r=e[t].split("="),n=r.shift();a[n]\|\|(a[n]=r.length?decodeURIComponent(r.join("=")):"")}return a}(location.href).domain;function s(e,t){var a=JSON.stringify({source:"preference_manager",message:e,data:t});top.postMessage(a,""),parent.postMessage(a,"*")}function c(e){var t=null;try{var a=self.localStorage;t=a.getItem?a.getItem(e):a[e]}catch(e){}return t&&JSON.parse(t)\|\|null}function p(e){try{var t=o+e,a=c(t);if(!a)return null;if(new Date(a.expires)<new Date)try{return self.localStorage.removeItem(t),null}catch(e){return null}return a}catch(e){}return null}function l(e,t){var a=c(e);!t.popTime&&a&&a.popTime&&(t.popTime=a.popTime);var r="string"==typeof t\|\|t instanceof String?t:JSON.stringify(t);try{var n=self.localStorage;n.setItem?n.setItem(e,r):n[e]=r}catch(e){}}void 0!==i&&s

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7012), with no line terminators
Category:	downloaded
Size (bytes):	7012
Entropy (8bit):	4.772936266073891
Encrypted:	false
SSDEEP:
MD5:	6DA17C9BC52064CD72EBF2D105B6CF8E
SHA1:	9FA441BC249834139B2BF2A7BBC79D1D3C0A4085
SHA-256:	0010C170213143ED10E154920C801A17852F9D2E7286435B1747FCA591780E27
SHA-512:	A650E4217E9D92B7A94120F937FDDFECAB8E6D86060C576529AFD9A8A836B3033E1771BC86EFFD5D98BEAC14CABA3E1DD4CB3CBE2CDCED88697F33CEDDB49877
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/style/font-icon.css
Preview:	@font-face{font-family:IDCS;src:url(fonts/IDCS.eot?mltxzn);src:url(fonts/IDCS.eot?mltxzn#iefix) format('embedded-opentype'),url(fonts/IDCS.ttf?mltxzn) format('truetype'),url(fonts/IDCS.woff?mltxzn) format('woff'),url(fonts/IDCS.svg?mltxzn#IDCS) format('svg');font-weight:400;font-style:normal;font-display:block}.idcs-icon{font-family:IDCS!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.idcs-email_verification_mail:before{content:"\e551"}.idcs-identity-management:before{content:"\e900"}.idcs-cloud:before{content:"\e901"}.idcs-clouds:before{content:"\e902"}.idcs-saml:before{content:"\e903"}.idcs-phone:before{content:"\e904"}.idcs-mobile:before{content:"\e905"}.idcs-sms:before{content:"\e906"}.idcs-arrow-right:before{content:"\e907"}.idcs-windows2:before{content:"\e908"}.idcs-ios:before{content:"\e909"}.idcs-android:before{content:"\e90a"}.idcs-print:before{con

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	25412
Entropy (8bit):	5.09382411229362
Encrypted:	false
SSDEEP:
MD5:	83983618004F2B3319EC3B5FB777B051
SHA1:	C0748E0D4EBBEA42EAA1D05DF537670FEF7F8EEB
SHA-256:	F44B83D72C366E82843DC83223934ABCC179B033D9CDC298648FC07D06E20FF4
SHA-512:	BCD3627B4C02B1A307FDEFC8B371FF28E27C06A7D296937E438B796A37CD372573AF2451E038EE64C66874AE523C62F844A40E5F6FB845C9063043547872B209
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?><svg width="968" height="44" viewBox="0 0 968 44" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><svg id="cbsingle_hover_selected" viewBox="-10 6 20 20" width="20" height="20"><style>.aast0{fill:#fcfcfd}.aast1{fill:#c6c7c8}.aast2{fill-rule:evenodd;clip-rule:evenodd;fill:#027bc7}</style><path class="aast0" d="M-6 23.5c-.8 0-1.5-.7-1.5-1.5V10c0-.8.7-1.5 1.5-1.5H6c.8 0 1.5.7 1.5 1.5v12c0 .8-.7 1.5-1.5 1.5H-6z"/><path class="aast1" d="M6 9c.6 0 1 .4 1 1v12c0 .6-.4 1-1 1H-6c-.6 0-1-.4-1-1V10c0-.6.4-1 1-1H6m0-1H-6c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2H6c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2z"/><path class="aast2" d="M5.8 13.2l-6.9 7.6c-.3.3-.7.3-1 0l-3.7-4c-.3-.3-.3-.7 0-1l.6-.7c.3-.3.7-.3 1 0l2.5 2.7 5.9-6.3c.3-.3.7-.3 1 0l.6.7c.3.2.3.7 0 1z"/></svg><svg id="cbsingle_hover_unselected" viewBox="-10 6 20 20" width="20" height="20" x="20"><style>.abst0{fill:#fcfcfd}.abst1{fill:#c6c7c8}</style><path class="abst0" d="M-6 23.5c-.8 0-1.5-.

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.6743998814130405
Encrypted:	false
SSDEEP:
MD5:	316DEC97CDA0B219E86C4766173CEA0D
SHA1:	3E9A6F99E495C4BB7D8A51B05068B28477849EB0
SHA-256:	003F989A88D08B5E114643BAD636F721564A32B73DD605E3529A9DB2E946DB3A
SHA-512:	872E021B31697219CEB1BA045AAA075B56642CE9AF9F4965BF2E6A9A333EAB124BCD196E3E4753E0EBEBD84CD79A61030752D24EA5096A91E2764D7D0D5C657D
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/component/layout/redwood/ojIdaasSigninSection/asset/info.svg
Preview:	<svg width="20" height="20" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">. <path d="M12.13,11.59 C11.97,12.84 10.35,14.12 9.1,14.16 C6.17,14.2 9.89,9.46 8.74,8.37 C9.3,8.16 10.62,7.83 10.62,8.81 C10.62,9.63 10.12,10.55 9.88,11.32 C8.66,15.16 12.13,11.15 12.14,11.18 C12.16,11.21 12.16,11.35 12.13,11.59 C12.08,11.95 12.16,11.35 12.13,11.59 L12.13,11.59 Z M11.56,5.67 C11.56,6.67 9.36,7.15 9.36,6.03 C9.36,5 11.56,4.54 11.56,5.67 L11.56,5.67 Z"></path> . <circle fill="none" stroke="#000" stroke-width="1.1" cx="10" cy="10" r="9"></circle>.</svg>

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1810)
Category:	downloaded
Size (bytes):	94379
Entropy (8bit):	5.297413209420254
Encrypted:	false
SSDEEP:
MD5:	FD4C6774C4375AF26D9D3052B630294E
SHA1:	11275B2C3C04CCBA7F38ABA7E84850C97CAC3075
SHA-256:	7904D8846E66F0C538335E696B4E06FE1D1D10F8856E275316D409EFDA45EAD9
SHA-512:	9D6F053AF487C11FFE97C1654B67F995DEA2B76F954E200FF1B36FFE690499816F71D1DD5A942280F60A89A5B91AB3BC775E4B80C983BDDC1265C876190E4661
Malicious:	false
Reputation:	unknown
URL:	https://consent.trustarc.com/asset/notice.js/v/v1.7-3185
Preview:	function _truste_eu(){function t(){var g=truste.eu.bindMap;g.feat.isConsentRetrieved=g.feat.crossDomain?g.feat.isConsentRetrieved:!0;if(!t.done&&truste.util.isConsentResolved()){t.done=!0;var k=function(){var a=(new Date).getTime(),c=truste.util.readCookie(truste.eu.COOKIE_REPOP,!0),d=truste.eu.bindMap.popTime;return d&&d!=c&&a>=d}();k&&(g.feat.dropPopCookie=!0);truste.eu.ccpa.initialize();truste.eu.gpp.initialize();truste.eu.gpcDntAutoOptOut();truste.eu.gcm();var a=function(){var a=truste.eu.bindMap;.if(a.feat.consentResolution){var c=truste.util.readCookie(truste.eu.COOKIE_GDPR_PREF_NAME,!0);if(c&&(c=c.split(":"),!RegExp(a.behavior+"."+a.behaviorManager).test(c[2])&&(/(,us\|none)/i.test(c[2])\|\|"eu"==a.behaviorManager&&/implied.eu/i.test(c[2]))))return!0}return!1};truste.util.fireCustomEvent("truste-cookie",g.prefCookie);truste.eu.isGPCDNTEvent()?g.feat.dntShowUI&&"expressed"==g.behavior&&truste.util.executeOnCondition(function(){return g.prefCookie\|\|g.feat.gpp.gppApplies&&null==truste

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (326), with no line terminators
Category:	downloaded
Size (bytes):	326
Entropy (8bit):	4.765986200786995
Encrypted:	false
SSDEEP:
MD5:	1A7442EB740C91083FB1799AAB367DA1
SHA1:	78B4947D08126CF3F03EBF31F5D2B2BC54D95E97
SHA-256:	BF2EEF3AA752D877EB59B8F25EE7EEA6ED3F97756E20F6ECA8AAB73550DDD9EE
SHA-512:	4AEAC22B21D7B78E1CBE6765ABF8195880566F0CEB4FAC2289056EA9AD515F89C5970F9CB2FEA684C122A2AAF04C7F8E8D3DCE416D31565E545C29B444383888
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/dashboardModule/style/ojuxIconFont.css
Preview:	@font-face{font-family:ojuxIconFont;src:url(ojuxIconFont_Rg.woff) format("woff")}.ojux-icon{font-family:ojuxIconFont}.ojux-icon-18{font-size:18px}.ojux-icon-external-link:before{content:"\f24e"}.ojux-icon-chevron-up:before{content:"\f1d1"}.ojux-icon-chevron-down:before{content:"\f1cb"}.ojux-icon-close:before{content:"\f1e2"}

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 508 x 48
Category:	dropped
Size (bytes):	2915
Entropy (8bit):	7.820165821786466
Encrypted:	false
SSDEEP:
MD5:	28DE91F5BD4D65C74C73F77D164B2FB2
SHA1:	AC670BE035B15A1B49285D64A9856C0E3C08987F
SHA-256:	8E6DD58380C3499934FCBAD69735E50238AADADCDD6D43963482A0C173E78A08
SHA-512:	F7613EF62A6ED2282CEF369FAA23413FCAB2F894684D9D3C3A8AAC1D7ABF3F866176BA529E8618A75D1212603ABC3B3532BFF49DAA3C7761A15799954431E2A1
Malicious:	false
Reputation:	unknown
Preview:	GIF89a..0.......U\e...4?GOY....8AL...qw....cjr..........'3................................................!.......,......0.... $.di.h..l.p,.tm.x...... C.....r.l:....H....;H.]..t,sd..z.n....vN..Z..{o.c............_3.........Q..@..S.........{".....G..t.t..+yX.n}..,..W...g..0.......J..s..L..r..Y....bn......F.s....w....t..'...m..).....eA.....L...a......[...s....bEb.&z\|p.....G..hdB.?6.T.`.f.\|)2.\6..z...A.m'..%t..h..A.........o(\.T.3........vX......A......A@..,.;.x<....-.Hh.J....v.2T.6.8.\|..2.....M.............Y6..Lx.a..2.4...l,}g.\.....Z...+.5..Oo(.kc.I......87.&l.lC...8c... <....?@.C...3H?.-.z.'.Sf.`.....(....5L...2.......hZ@F.\|.....t.CH.....yt.......a.'....xQ..w#.w_..!.a.S......A.p..A...........L...C....K.h.\...$....8......k.jQ.....VxN....P.,..r%..].$.A:..,.....ZP...Y.e>...@.(y..'..hB........#\|K.P&..a.......V.0.,..0j/....yF..\|........JBZ.8.f.....H.....,.."1............@...X...I..../..^..B`.:. .BQ.0/3BuE.rdH.(g!.d72@Y...?.k..b'.J.../..1...pm..4....`.XV..

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	287
Entropy (8bit):	4.721673946578551
Encrypted:	false
SSDEEP:
MD5:	153901701B710EF47E7A73FA1D7F88A2
SHA1:	B0A0D4993929EF45E941EAA744D116D58715EA25
SHA-256:	804C43D1D92A861818C0D52E656EFB799BB7D7147DF8DE33876D06694801AE77
SHA-512:	B519AC7B973A5835A6D1D1B0CD53E12BE8FF03A0C86A76984C48D75D83CFF3C973C1A5EFA63BCD96A6DC1B34E5F2771EDE25EA1D808CBB18344E50E8961F1D17
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/unauthenticatedModule/view/resetPassword/style/reset-password.css
Preview:	.idcs-unauthenticated-reset-password-change-password-container{max-width:650px}.idcs-hidden-focus-capture{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.oj-idaas-employee-signin-app-shell-redwood-login-card-top{min-height:310px}

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (12239), with no line terminators
Category:	downloaded
Size (bytes):	12241
Entropy (8bit):	4.929557461457689
Encrypted:	false
SSDEEP:
MD5:	31262CD65F2D2D21B1CCFB30E03CEFAF
SHA1:	77761F89E445EC3C9296624EE6A0B7E1300DCCD9
SHA-256:	834094BF1AA824F33FC1FB6A3D23D9D863BC37C35E4891B63C0F8965BBA62BDB
SHA-512:	54B431DCED704B0F5F4AB74185CAB7F3FEC6FA3F1F2CC94F55EE5F1AA593B3F0565CA5ED926513AA5960B3CBBF004EF0B19317A651A847847E4B4F5311B41CCA
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/lib/@oracle/oraclejet/dist/js/libs/oj/resources/nls/en-US/timezoneData.js
Preview:	define({main:{"en-US":{identity:{version:{_number:"Revision: 12418",_cldrVersion:"32"},language:"en",territory:"US"},dates:{timeZoneNames:{hourFormat:"+HH:mm;-HH:mm",gmtFormat:"GMT{0}",gmtZeroFormat:"GMT",regionFormat:"{0} Time","regionFormat-type-daylight":"{0} Daylight Time","regionFormat-type-standard":"{0} Standard Time",fallbackFormat:"{1} ({0})",zone:{America:{Anchorage:{exemplarCity:"Anchorage"},Bogota:{exemplarCity:"Bogota"},Buenos_Aires:{exemplarCity:"Buenos Aires"},Caracas:{exemplarCity:"Caracas"},Chicago:{exemplarCity:"Chicago"},Chihuahua:{exemplarCity:"Chihuahua"},Costa_Rica:{exemplarCity:"Costa Rica"},Denver:{exemplarCity:"Denver"},Edmonton:{exemplarCity:"Edmonton"},El_Salvador:{exemplarCity:"El Salvador"},Godthab:{exemplarCity:"Nuuk"},Guatemala:{exemplarCity:"Guatemala"},Guayaquil:{exemplarCity:"Guayaquil"},Halifax:{exemplarCity:"Halifax"},Indianapolis:{exemplarCity:"Indianapolis"},Lima:{exemplarCity:"Lima"},Los_Angeles:{exemplarCity:"Los Angeles"},Managua:{exemplarCity:"

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	45775
Entropy (8bit):	7.990426942957828
Encrypted:	true
SSDEEP:
MD5:	87018297AA7722E7374FE26E77528898
SHA1:	00765CB92C1F52C14B5F7DFEECEFB6FD54B06F5F
SHA-256:	D33D9AD36963C8B990686795F0A78F8E25EDF8F2E01A81C89E54F89A7C1DBF83
SHA-512:	D126A35CA2DA75C55143BB8AE2597FD704687A5646DC9A6101B7F57AC17294633C7A37D4D9A36E9DE4319245C72AEEEBD2A704F20162BC6182A2C7ACC04F48D0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............X.....AiCCPICC Profile..H..W.XS...[..@h........@J.-..".JH...c ..E......U.....E.,../.T.u.`W............9.3g..@.8G$.A.....c.......:..H..p.D..p..P....:@...{..?..k..... Q.................\|......0@..Iq...Hq...... n.@I...g..z....n..P..Q....P.C.;..q...F..T....N..4.59..a,...(...D9...g:.w......U%S..#.3....)aR..q.0-".bM.?.x2{.QJ.$$^n..p.X0gp.......Al.q.0'"\..........N... .x.?/0Va.Q<%F..mL.....,G,.+.u_...T......jaf\"..........B......[.....Kb..C.........tqP..47oh...L.;B...g...s9...\.K\|!3~H..7>\|h.<~@.\|..3.0>V..A...#..SD9Q.{...,.M!v.+.U..........8y.xa.'4J.........t .5.L.Y@.......=A... ........(...k,(..B..y...e.\|P.....j..e........ ...{.l.p.[.x...?.s`..xs`...{~...0!..`$C..jC..@b.1..D...q.....W?X.p..14....'...C.5B7..dA...(.n....E...-..+.{Cu.......w.~../...Y."niV.?i.m.?....HF.#.~d.G.....Hs.c~...5........6.gKl...;....aG.&@.Z.f..;...lw.y....u...7...L.9.;.:~....K..5E4C,...3...Og.....N.N..H./...h.w.....-...........V..

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1867
Entropy (8bit):	4.086452143404536
Encrypted:	false
SSDEEP:
MD5:	23A816AB7188FC0D47E604ADFE5A5D91
SHA1:	88A7D8514CAFED9D5A766A981F219B86FF0E794E
SHA-256:	F184BF27668C85AA51B71067F39733180E9FCB6A601DE381E96DB85938965909
SHA-512:	74ED43FCB2975CF80E2C28D56D900D9560A5BE84F2AF4B2C4FF9A296FDA0ABC2C291180CA70300BFA86E3B949F1BACA18F11461288FCF2E435E366B17608CAE8
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/asset/oracle-red.svg
Preview:	<svg. width="185". height="24". viewBox="0 0 185 24". fill="none". xmlns="http://www.w3.org/2000/svg">. <path d="M79.6674 15.6113H91.8608L85.4229 5.22496L73.5969 23.9945L68.2062 24L82.6018 1.46166C83.2124 0.547087 84.2651 0 85.4146 0C86.5502 0 87.5863 0.530509 88.1942 1.42022L102.642 24L97.2515 23.9945L94.7178 19.8029H82.3669L79.6674 15.6113ZM135.617 19.8084V0.229335H131.041V21.7205C131.041 22.3145 131.284 22.881 131.707 23.3092C132.157 23.7458 132.749 23.9945 133.381 23.9945H154.223L156.914 19.8084H135.617ZM60.0109 16.3021C64.4512 16.3021 68.0404 12.7046 68.0404 8.2671C68.0404 3.82961 64.4512 0.229335 60.0109 0.229335H40.0063V23.9945H44.5792V4.42091H59.6959C61.8263 4.42091 63.5421 6.13953 63.5421 8.2671C63.5421 10.3864 61.8263 12.1105 59.6959 12.1105L46.82 12.105L60.453 23.9945H67.0954L57.9193 16.2966L60.0109 16.3021ZM11.884 23.9945C5.32167 23.9945 0 18.6783 0 12.1105C0 5.54824 5.32167 0.229335 11.884 0.229335H25.6993C32.2616 0.229335 37.5805 5.54824 37.5805 12.1105C37.5805 18.6

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1524), with no line terminators
Category:	downloaded
Size (bytes):	1524
Entropy (8bit):	5.032286646659905
Encrypted:	false
SSDEEP:
MD5:	A9200BA610BABAA7805D8C442049BE1A
SHA1:	B52F8CC0AA688BEA37A130C6E1C9AE9B2637FED2
SHA-256:	7A2034F80A341B86D4E2D9B4B63DAF4C98338426168D9FFFE1F4C748AF8B0D60
SHA-512:	27F1CAF6E040CA078EF3CBCEFA6BA3DB5ECC5307A40065E8BDF78EDA7EFA5C1314FDAC6FBFAA2548A5B7455DED49EA7D34E6B806168D58FC15FE49298AF9DE7E
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/unauthenticatedModule/view/resetPassword/viewModel/reset-password.view-model.js
Preview:	define(["ojs/ojcore","knockout","jquery","commonModule/platform/idaascore","signinModule/util/utils","unauthenticatedModule/view/resetPassword/util/reset-password-constants.util","commonModule/component/layout/idcsPageShell/loader","commonModule/component/control/idcsPageHeader/loader","ojs/ojrouter"],function(e,t,r,o,n){function s(r){var s=this;s.bundle=function(t,r){return e.Translations.getTranslatedString(t,r)},s.isTencent=n.isTencent(),s.parentRouter=r.parentRouter;var a=s.parentRouter.currentState().id;s.router=s.parentRouter.createChildRouter(a),s.router.configure({"change-password":{value:o.resetPassword.Constants.CHANGE_PASSWORD_PAGE,isVisible:!0},"password-must-change":{value:o.resetPassword.Constants.CHANGE_PASSWORD_PAGE,isVisible:!0},"change-password-confirm":{value:o.resetPassword.Constants.CHANGE_PASSWORD_CONFIRM_PAGE,isVisible:!0}}),s.currentStateId=t.computed(function(){return s.router.currentState()?s.router.currentState().id:void 0}),s.contentView=t.observable("unauth

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (32060)
Category:	downloaded
Size (bytes):	469289
Entropy (8bit):	4.8494074372202896
Encrypted:	false
SSDEEP:
MD5:	E9A3559358F37CB305D63C5269271CBD
SHA1:	BB96BCC0E9B0F0D4882E51802913CE2A07E9EDF6
SHA-256:	A14B52E11C60CA9AD478A9EA487F1EBBC44A0BAB901D8FDE64581DCB18D34760
SHA-512:	9578F57C890581F67BC356D346A0B05684A931D65E38379B9DCBA41C35ADFB2CE84B54CC34F6F594064904DCE478F76A88AB3CB5C69788C581B09CE2927034F6
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/translations/resources/nls/idaas-translations.js
Preview:	define({root:{accessRequest:{myRequests:{pageTitle:"My Requests",noRequestsAltText:"There are no requests in the system.",noRequestsMessage:"You have no requests to display.",groupRequest:'Membership to the "{0}" group.',applicationRequest:'Access to the "{0}" application.',justification:"Justification: {0}",submittedOn:"Submitted: {0}",status:{COMPLETE:"Completed",CREATED:"Created"}},myAccess:{gotoCatalogLabel:"Add",gotoCatalogTooltip:"Click to request group or application access.",gotoGroupsCatalogTooltip:"Request group membership.",gotoAppsCatalogTooltip:"Request application access.",groupsSearchTooltip:"Enter a string that begins with the group name.",requestAccessMessage:"To request access, click Add to go to the Catalog",noAppsAssigned:"You do not have access to any applications.",appsTabTooltip:"Click to view the applications to which you have access.",groupsTabTooltip:"Click to view the groups to which you have access.",requestAppsTabTooltip:"Click to view the applications whic

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4124273
Entropy (8bit):	5.393128892559733
Encrypted:	false
SSDEEP:
MD5:	DDD18A32E63E9D7585209640C3AA3484
SHA1:	40E4792BB42DE6FF44397ACA8FE273CB02DD417C
SHA-256:	952C7C2A643C67C281F91B4FFCD30B342579C723F39A7513951F1036E4B73C7B
SHA-512:	2BF5E626FAB831F18D9B4F6041F90E672E81CDB20B05511E786AF64A7F50119BD843CB64F490A64E91BF7C4147212CA123B3044E855C2975EFB74DFDE4CDC98E
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/signinModule/signin.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.//Not using strict: uneven strict support in browsers, #392, and causes.//problems with requirejs.exec()/transpiler plugins that may not be strict../jslint regexp: true, nomen: true, sloppy: true /./global window, navigator, document, importScripts, setTimeout, opera /..var requirejs, require, define;.(function (global, setTimeout) {. var req, s, head, baseElement, dataMain, src,. interactiveScript, currentlyAddingScript, mainScript, subPath,. version = '2.3.6',. commentRegExp = /\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/mg,. cjsRequireRegExp = /[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,. jsSuffixRegExp = /\.js$/,. currDirRegExp = /^\.\//,. op = Object.prototype,. ostring = op.toString,. hasOwn = op.hasOwnProperty,.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, IDCS
Category:	downloaded
Size (bytes):	54760
Entropy (8bit):	6.316946510171684
Encrypted:	false
SSDEEP:
MD5:	FAA62274281954C023D1388DF4C2F3B0
SHA1:	7F3B03E9EB9F5FEB8A52A55AD8DE47E85FD75074
SHA-256:	282E45925AB4B7640B605BD4595DEE684D4858BD4D01583D81F21E0C9687132C
SHA-512:	0F1B85A81574776E8B4463624D7EA3DE955D4CD3D411C59F34D376896A15ED9929481AB9A9017FF4D55C0A846A6972886FB9DAE5C29A6440FDC9D4156B3D5780
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/style/fonts/IDCS.ttf?mltxzn
Preview:	...........0OS/2...........`cmap...........\gasp.......x....glyf...+.......head4..........6hhea"......@...$hmtx.......d....locam..n.......Lmaxp.......D... name.VL....d...bpost........... ...$.......................3...................................@........@...@............... .................................@............. .Q.......... .Q....................................................79..................79..................79...................$.@.]...2.........#!"&5.463..!5.../.%!...?..2............#"'..'&547>.76."............327>.7654'..'&#.........N.........0....\|........j]^.((((.^]jj]^.((((.^]jfZY.'&&'.YZffZY.'&&'.YZf.J...............N..p....p&v......((.^]jj]^.((((.^]jj]^.((.&'.YZffZY.'&&'.YZffZY.'&......,.....[.o.\|....."'..'&546747>.7632..>.32..:.32..............&'&67>.54&#*...'..#"...'..#"............32....#%"&10.#0......67>.'&.2....#"&5463...+."&=.46;..732....+%&8..ZE..9&%+1U....=e....+&&9....4##(......6MS;......J.......@%:S..$6KR9......w]_w.."--\[,-"...........`.....

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	552107
Entropy (8bit):	4.9806472525214005
Encrypted:	false
SSDEEP:
MD5:	E51ABFC2B74ABFB92D68DF38E99DDA7D
SHA1:	3012A32B0D260DAE9FB267E206E400CCB6830D32
SHA-256:	A4BA49DF721F73456D68EA5B52550F459521CDAA8BB7C3CCD98A3B78B4E9344B
SHA-512:	BB0A33E0CE7790228411DEDDCFF520EF05DECA3206CEBA29514E118BA1D44ECAF3682674B495E83A28C523D05EE2BDA6B2A18DA480782339A29B743302D6F125
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/lib/@oracle/oraclejet/dist/css/alta/oj-alta-min.css
Preview:	/! normalize.css v8.0.0 \| MIT License \| github.com/necolas/normalize.css /html{-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=su

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	3.4870900817043133
Encrypted:	false
SSDEEP:
MD5:	8F12FA12CCF8FC9EFF6D2B375A5D1A8A
SHA1:	E8E231F94BAC4DBFDCD896A555C67DE33FA60AAA
SHA-256:	C30532B77543554823321767E638D67187B4FBE99151101C04371ED15FBC8B54
SHA-512:	8E1A8DC154B0A421C5269E935E329111B8DCD2D508BC5910D0BEC53C031340F39720FE81BD7CFAA787446C4A702AC0BCEE5A5B87407AF0B01679F1C4EA70E796
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/asset/oracle-favicon.ico
Preview:	...... .... .........(... ...@..... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................1<i.Ld..=L..DU..KZ.(LZ.-Pb..Qc..Rc..Rc..Rc..Rc..Rc..Rc..Rc..Rc..Qb..L\.*DV..>M..Z...2;m.................................@O..03^.EX..DY.kCX.DX..FY..FY..EZ..EZ..FZ..FZ..FZ..FZ..FZ..FZ..FZ..FZ..EY..DY..EX..EY.DY.pCW."CH..@O......................HW..KW..FY.cDY..EY..DY..DY..DY..DY

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31902), with no line terminators
Category:	downloaded
Size (bytes):	31902
Entropy (8bit):	5.21054096458283
Encrypted:	false
SSDEEP:
MD5:	1E2494CF99B742233FFDDD07A72F64D3
SHA1:	7C09C6239BF244FCDFAF5804AF92DFA0BA2AA72E
SHA-256:	F29DFCF77EE7A202A64DA034E903336290B8EFCACE908672723A77FCFB3F2436
SHA-512:	0137126B599A8B7BDD431EE644143288E8426C6178FE4B23B82F84113FEA792575610B8E5A07CD60B9E732CF3DE47279E593694441444661A40AFE5F739979CE
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/legacyModule/scripts/resetpwd.js
Preview:	function getFingerprint(e){var o={currentTime:(new Date).toString(),screenWidth:screen.width,screenHeight:screen.height,screenColorDepth:screen.colorDepth,screenPixelDepth:screen.pixelDepth,windowPixelRatio:window.devicePixelRatio,language:navigator.language,userAgent:navigator.userAgent,cookieEnabled:navigator.cookieEnabled,mimeTypes:navigator.mimeTypes?navigator.mimeTypes.length:0,plugins:navigator.plugins?navigator.plugins.length:0,timeZone:(new Date).getTimezoneOffset()},n=JSON.stringify(o);return null!==e&&null!==document.getElementById(e)&&(document.getElementById(e).value=n),n}require(["signinModule/signin-main"],function(){}),define("legacyModule/scripts/resetpwd",function(){}),define("text!legacyModule/scripts/templates/login/change-pwd.tmpl.html",[],function(){return'<div class="oj-form oj-md-labels-inline oj-padding-lg-top" id="contentarea">\n <div data-bind="css: {\'idcs-hide\': !showExpError()}" class="oj-row" id="chpassword-error-div">\n <div style="padding-left: 120p

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel
Category:	downloaded
Size (bytes):	58937
Entropy (8bit):	7.562946646846093
Encrypted:	false
SSDEEP:
MD5:	2A3D21E82E287EB55A18A608EE159343
SHA1:	9C491669D7AA0C847C89C6A62B5318E91A49F17B
SHA-256:	51EF958A567B93A3A758EA4AFAC84004FB79B847074566CE3C86884BB3DD2E1D
SHA-512:	82A062FCB9EACBC31804FCB66FEA18B031A5D13FC7759C2D8F184861A7104EAAAD763671B3060115516B698507E28AC804ACC44E408C89345CABEA229BDCB928
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/legacyModule/css/images/favicon.ico
Preview:	............ .....F...00.... .h&..A... .... .(............. .h........PNG........IHDR.............\r.f...$iCCPICC Profile..8..U.o.T.>.oR..? XG...US[......I...J....$.:7......O{.7...@...H<!..b{....IS..IH{...!&..U.vb'S.\...9.9.;.^.D=_i...U......$......M...K...N-..................N.#.z..."O.n..}...Q..k.K.....i.......6.....}..x..'=N!?.........<..f/.a_....Un.."f....ar../.q.1....u..].X....c....+.T..?....K._..Ia......\|.x.Q...}t..G__......{.p..M.ju1{.....%..#8.ug......V...c..Si.a..J}.._.qV...Z...#.d......?.......:73...KWkn..A..YQ..2.;^..)m.......v....J...&..fzg............t..y.?.:/....].Rb...G.DD#N.-b.J;.P.2..F6<%2....a1"O..l.y9.......-.Q.;.p..X?S....b..0.g...7...K.:....rm:..}(..OuT.:NP..@}(.Q..........K+.#O.14[.. ..hu7.>.kk?..<......kkt.q..m.6.n.....-.mR.;`z.....v..x#.=\..%..o.Y..R.......#&.?.>........n._....;j..;.$}*}+.(}'}/.L.tY.".$].....9..%.{._a..]h.k.5'SN.{.......<...._..............t..jM.{-...4.%.....T..t.Y...R6....#.v\..x:..'H..O...3...

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.208966082694623
Encrypted:	false
SSDEEP:
MD5:	9467E76AC96A4B1497E142762AA4A79E
SHA1:	A2D4D5341C2A5CC59C690279ACAB9BEEC810A702
SHA-256:	F46DFCF6162C6C230FA958BF55A5D611363A0E44BC5C450E9C7BF8E6AF496F71
SHA-512:	9DAC9D501B37360FAD854DB52AE831AA06ABD491E6D2D15E1CEAEB85B159EE61FCDFBD63D1B53BF4075436D2E5876CF854E69AC472301C0318BDCB6EE5966143
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwmZRNk0eKGDjRIFDWqDxHYSBQ2Vb4r7?alt=proto
Preview:	ChIKBw1qg8R2GgAKBw2Vb4r7GgA=

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33426)
Category:	downloaded
Size (bytes):	96532
Entropy (8bit):	5.312821469027422
Encrypted:	false
SSDEEP:
MD5:	40B71FDCED4333E6BDBE213E9D6DFC47
SHA1:	AB7B11B99C4FB8C699069A618B0460865C5FCFF9
SHA-256:	D6FC7903FBA737BF40925AB2BF888B213A43C53A0460D2025143FC6C5B27A519
SHA-512:	D2CE603C8E4F4EEFF1C0D10A21DE6800B60EB399BDDF498240D14D058CE1F603A0C543EBFC320D70B188DCC4015ABCA9E118CDFD73ADA4D68EDF4BC4BE41A8EF
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/unauthenticatedModule/unauthenticatedModule.min.js
Preview:	function getFingerprint(e){var o={currentTime:(new Date).toString(),screenWidth:screen.width,screenHeight:screen.height,screenColorDepth:screen.colorDepth,screenPixelDepth:screen.pixelDepth,windowPixelRatio:window.devicePixelRatio,language:navigator.language,userAgent:navigator.userAgent,cookieEnabled:navigator.cookieEnabled,mimeTypes:navigator.mimeTypes?navigator.mimeTypes.length:0,plugins:navigator.plugins?navigator.plugins.length:0,timeZone:(new Date).getTimezoneOffset()},t=JSON.stringify(o);return null!==e&&null!==document.getElementById(e)&&(document.getElementById(e).value=t),t}define("text!unauthenticatedModule/view/createAccount/template/create-account.tmpl.html",[],function(){return'<div aria-live="polite" class="oj-flex">\n <div class="oj-flex-item oj-sm-12">\n <h3 class="idcs-create-account-header">\n <oj-bind-text value="[[bundle(\'createAccount.createAccountText\')]]">\n </oj-bind-text>\n </h3>\n </div>\n <div class="oj-flex-item oj-sm-12">

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14873), with no line terminators
Category:	downloaded
Size (bytes):	14873
Entropy (8bit):	4.975065772822229
Encrypted:	false
SSDEEP:
MD5:	7DEC5FD75C1CA7EDECF31728CA0DCF96
SHA1:	65D7460F5CF6BEC9538A152E407ED932DACAB777
SHA-256:	C83238E983C7ABEDBC51818E8BA200346653227826764B07A5A053D3E2C15506
SHA-512:	A95759892031496F41B17C945696B78682564BEAD11EF64B3C6FA2C9E43B1C72C83AA0142CD39BC3E54D8B2ED40E84CC9568AC73660FBECA37B245A3ACB19B36
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/signinModule/style/redwood/signin.css
Preview:	html{box-sizing:border-box;font-size:1em}*,:after,:before{box-sizing:inherit}body{background-color:#f5f4f2;background-color:var(--alloy-bgBase,#f5f4f2)}a{cursor:pointer}.oj-button-jqui.oj-default.oj-button-full-chrome,.oj-button-jqui.oj-focus-only.oj-button-full-chrome,.oj-button-nocomp.oj-button-full-chrome,.oj-button.oj-default.oj-button-full-chrome .oj-button-button,.oj-button.oj-focus-only.oj-button-full-chrome .oj-button-button{border-color:#161513;border-color:var(--alloy-secondaryBase,#161513);color:var(--alloy-secondaryDarkest);background-color:#fff;background-color:var(--alloy-chFgBase,#fff)}.oj-button-jqui.oj-disabled.oj-button-full-chrome,.oj-button-nocomp.oj-button-full-chrome:disabled,.oj-button.oj-disabled.oj-button-full-chrome .oj-button-button{background-color:#312d2a;border-color:transparent;color:#fff;opacity:.4}.oj-button-jqui.oj-hover.oj-button-full-chrome,.oj-button-nocomp.oj-button-full-chrome:hover,.oj-button.oj-hover.oj-button-full-chrome .oj-button-button{backg

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3561)
Category:	downloaded
Size (bytes):	14746
Entropy (8bit):	5.482028646463673
Encrypted:	false
SSDEEP:
MD5:	838F6D5631473E0BBCF5EB8622794160
SHA1:	A8E232B10A29149A1A456095040CA5C64119BA56
SHA-256:	24A61BA219ECFFFB873662B8840B5D9B3C5F41E15E55BC37263DD66C4ECDB211
SHA-512:	D7E18BB313F071388A80A6FE61DF91C1434322FBC24473B5C1C003C588C6AB48EE7C22004E64302308D8FA240DD9B343E5B3BF8F8EE45027FD897468FD7382FC
Malicious:	false
Reputation:	unknown
URL:	https://consent.truste.com/notice?domain=oracle.com&c=idcs-signin-basic-form-cookie&text=true&gtm=1&language=en-US
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.truste.util.error=function(p,l,o){o=o\|\|{};var n=l&&l.toString()\|\|"",e=o.caller\|\|"";if(l&&l.stack){n+="\n"+l.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+l.stack.match(/(@\|at)[^\n\r\t]$/)[0].}truste.util.trace(p,n,o);if(truste.util.debug\|\|!l&&!p){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete o.caller;delete o.mod;delete o.domain;delete o.authority;o.msg=p;var m=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.m.open("POST",d.apigwlambdaUrl,true);m.setRequestHeader&&m.setRequestHeader("Content-type","application/json");.m.send(truste.util.getJSON({info:truste.util.getJSON(o)\|\|"",error:n,caller:e}))}};truste.util.trace=function(){if(self.console&&console.log&&(this.debug\|\|this.debug!==false&&(self.location.hostname.indexOf(".")<0\|\|self.location.hostname.indexOf(".truste-svc.net")>0)

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 72196, version 1.0
Category:	downloaded
Size (bytes):	72196
Entropy (8bit):	7.996922165077364
Encrypted:	true
SSDEEP:
MD5:	B179A9FD826F982477932142E3328B09
SHA1:	F5C49D95F662CC06ABF54ABCE55834E4494CAA68
SHA-256:	C51CC628A80B45818306A94456166FC264F79AD52292DC8BA22ACADE49989AC3
SHA-512:	F33B01CDEB995B4A5A0452EFC0AF4244CC062FB018D010278971B7217F5DB6C9763EC8F6FBF3672895C206CE4A114066A12F070A36AB0C4122F9F5EA513CC408
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/asset/OracleSansVF.woff2
Preview:	wOF2..............................................;...J..,?HVAR.-.`?STAT.$'".../T.....X..@0..N.6.$..j..8.. ..D. ..[.r.58Jj...:.f....S.o.2W.NX...Z......).....p....s.....L.m ...C%......=R.NNJi.../k....u....{.q?...>..L...../..:#!D7..XJ.^wA.....8)Dn.}..sF.{F.L!..R..F.>..."7.....5........:u.[..bn.&'&...F.{.%.......e.......Z.~H.lO...g.gn..x.FA......56....%._...w4...(f.D.''Z H..J...J.]..'.6..~Q&E...Z.........{..q/]Ef...#...C..z01.h,#............d...y..........5.F.9`.6.$...5B0qCl...1?ma.ea._iq.......-"".`$,...@.......MT..c......5.Dh.0.D...'\..b.......q.{....8g783..-&....8?...{^.I`...q.I....j.......y....(.A."8..:..B#+...t>.#..jsw.Z}C.z.r.l~6P....@s}N...'d..".)(.w).Qc.V...b.....9...I.%....%[.,j.I:.L?.Z....[.-..B...X.....ki_..dD..,.e*....50.z=...t.vC.9.k..Ul.%.....\|...;.%..A.Vi.J..............KE.(..B.!.jj..$K&.c.. %..i.}........0..Y..F...j..B.~-.w7.9.W....u.H.3U..t...<..........S...%HH.Y..Q7.7n.......o3.n&......i.M.{...)L1.N<.4.L:......xR...#..$\|29..

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9020), with no line terminators
Category:	downloaded
Size (bytes):	9034
Entropy (8bit):	5.001462751679015
Encrypted:	false
SSDEEP:
MD5:	3F1B8F8919F105D3C5B2F909304DDD76
SHA1:	C5061BDD28C1F031F1F9656D12AFBEC47BAE984B
SHA-256:	31469FF78F7E4FE9A3908F63B9DEBD8B8A3ACB7E003438A9378BAA3C22A0D5F2
SHA-512:	C9DEB4ABD4CE35F9145FAEAF5DB8A877E0238140F5387CE3A042021952C7FB9508C79621A0F14A17E6791B37B6B7851BF32AD20C3B8D4651CBFEDD33D354C5DE
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/lib/@oracle/oraclejet/dist/js/libs/oj/resources/nls/en-US/localeElements.js
Preview:	define({main:{"en-US":{identity:{version:{_number:"Revision: 13705",_cldrVersion:"32"},language:"en",territory:"US"},dates:{calendars:{gregorian:{months:{format:{abbreviated:{1:"Jan",2:"Feb",3:"Mar",4:"Apr",5:"May",6:"Jun",7:"Jul",8:"Aug",9:"Sep",10:"Oct",11:"Nov",12:"Dec"},narrow:{1:"J",2:"F",3:"M",4:"A",5:"M",6:"J",7:"J",8:"A",9:"S",10:"O",11:"N",12:"D"},wide:{1:"January",2:"February",3:"March",4:"April",5:"May",6:"June",7:"July",8:"August",9:"September",10:"October",11:"November",12:"December"}},"stand-alone":{abbreviated:{1:"Jan",2:"Feb",3:"Mar",4:"Apr",5:"May",6:"Jun",7:"Jul",8:"Aug",9:"Sep",10:"Oct",11:"Nov",12:"Dec"},narrow:{1:"J",2:"F",3:"M",4:"A",5:"M",6:"J",7:"J",8:"A",9:"S",10:"O",11:"N",12:"D"},wide:{1:"January",2:"February",3:"March",4:"April",5:"May",6:"June",7:"July",8:"August",9:"September",10:"October",11:"November",12:"December"}}},days:{format:{abbreviated:{sun:"Sun",mon:"Mon",tue:"Tue",wed:"Wed",thu:"Thu",fri:"Fri",sat:"Sat"},narrow:{sun:"S",mon:"M",tue:"T",wed:"W",

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4549), with no line terminators
Category:	downloaded
Size (bytes):	4549
Entropy (8bit):	4.857382918215014
Encrypted:	false
SSDEEP:
MD5:	3C8876E4698EA467831BDC8CC887135B
SHA1:	FA9987CCB0D79C43F16694412F0ED6789E6615F4
SHA-256:	EFD203EA911D2FEC572B3C4AE0810F0D3039D8FF93ECAC5DC24B66C789D9908C
SHA-512:	F8912BDE59B8DC285B8631D7CD619F4D73A8DB12005E48CF4CED02AB686AD903B042DE1BB58D3297AF2DF0B4DCA04345F63783894EF69BD24248880EFA7AAB81
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/style/helper.css
Preview:	.idcs-pull-right{float:right}.idcs-pull-left{float:left}.idcs-breadcrumbs{padding:0;margin:5px 0}.idcs-breadcrumbs>li{display:inline-block;list-style-type:none}.idcs-breadcrumbs>li:after{content:'\003e';display:inline-block;margin:0 4px}.idcs-breadcrumbs>li:last-child:after{content:''}.idcs-font-bold{font-weight:700}.idcs-font-semibold{font-weight:600}.idcs-text-left{text-align:left}.idcs-text-right{text-align:right}.idcs-text-center{text-align:center}.idcs-text-justify{text-align:justify}.idcs-text-nowrap{white-space:nowrap}.idcs-heading-color{color:#333}.idcs-text-lowercase{text-transform:lowercase}.idcs-text-uppercase{text-transform:uppercase}.idcs-text-capitalize{text-transform:capitalize}.idcs-box-sizing-border{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;-ms-box-sizing:border-box;box-sizing:border-box}.idcs-img-responsive{display:block;max-width:100%;height:auto}.idcs-img-circle{border-radius:50%}.idcs-img-rounded{border-radius:6px}.idcs-img-thumbnail{padding:4px;line

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1246
Entropy (8bit):	4.892334057450777
Encrypted:	false
SSDEEP:
MD5:	A2934AA543AE9BCF2F1E0097EC3E1497
SHA1:	BAAEEBAAE6E745A1B73EC3EE70F8B23318928BBB
SHA-256:	A45411F6191C4D4A87AD130F2859E22F15D055BB03F787B1A19ADC4C355F4FF3
SHA-512:	3A6928AAF6F60279015ADC4177FCEFB83D1E2ABFA5D129D62C02CC985B0999987962F139058B323A315DBD066F1F7E85074ECEEA78C5FD489E44E26BC40D7A74
Malicious:	false
Reputation:	unknown
URL:	https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/public/23.2.123-240403161545/dist/commonModule/asset/oracle-logo-pill.svg
Preview:	<svg. width="42px". height="26px". viewBox="0 0 42 26". version="1.1". xmlns="http://www.w3.org/2000/svg". x="0px". y="0px". enableBackground="new 0 0 42 26".>. <title id="logo-title">Oracle .</title>. <g. stroke="none". strokeWidth="1". fill="none". fillRule="evenodd". >. <g transform="translate(-130.000000, -56.000000)" fill="#C74634">. <g>. <g transform="translate(127.000000, 45.000000)">. <g transform="translate(3.000000, 11.000000)">. <path d="M28.7215646,-1.59872116e-14 C36.0555841,-1.59872116e-14 42,5.817738 42,12.9954667 C42,20.182262 36.0555841,26 28.7215646,26 L13.2815234,25.9939556 C5.94750386,25.9939556 4.76063633e-13,20.1792398 4.76063633e-13,12.9954667 C4.76063633e-13,5.817738 5.94750386,-1.59872116e-14 13.2815234,-1.59872116e-14 L28.7215646,-1.59872116e-14 Z M28.3726197,4.58467976 L13.6273803,4.58467976 C8.87802367,4.58467976 5.02727741,8.3503429 5.02727741,12.9954667 C5.02727741,17.6466349 8.87802367,21.4153202

Static File Info

⊘No static file info

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 97

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://idcs-c59c045e6afd4aeeac0771349ef77182.identity.oraclecloud.com/ui/v1/resetpwd?token=DRXOlTuefAd5vVF1LDo1qAG79OOz0ZI2z7OrhzaCdF8%3D