Edit tour

Windows Analysis Report
https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fad830fe6-1ef5-467e-8767-71b894c7a923%2Fdata%2Fmetadata&dk=zj5sd1RYE7oBWsww99m8Ub9Z49b3tl8d

Overview

General Information

Sample URL:	https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fp
Analysis ID:	1431857

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fad830fe6-1ef5-467e-8767-71b894c7a923%2Fdata%2Fmetadata&dk=zj5sd1RYE7oBWsww99m8Ub9Z49b3tl8dYxvfG%2BC1tHs%3D MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,5457600201943539609,7870095458948727040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://equifax.secure.virtru.com/secure-reader/initial-loader	HTTP Parser: No favicon
Source: https://equifax.secure.virtru.com/secure-reader/initial-loader	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49776 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	DNS traffic detected: DNS query: equifax.secure.virtru.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.virtru.com
Source: global traffic	DNS traffic detected: DNS query: rum.browser-intake-datadoghq.com
Source: global traffic	DNS traffic detected: DNS query: api.amplitude.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49776 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@13/25@16/88

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fad830fe6-1ef5-467e-8767-71b894c7a923%2Fdata%2Fmetadata&dk=zj5sd1RYE7oBWsww99m8Ub9Z49b3tl8dYxvfG%2BC1tHs%3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,5457600201943539609,7870095458948727040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,5457600201943539609,7870095458948727040,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fad830fe6-1ef5-467e-8767-71b894c7a923%2Fdata%2Fmetadata&dk=zj5sd1RYE7oBWsww99m8Ub9Z49b3tl8dYxvfG%2BC1tHs%3D	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
rum.browser-intake-datadoghq.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api-gcp.virtru.com	130.211.46.139	true	false		high
alb-logs-http-rum-pub-s0-1171131448.us-east-1.elb.amazonaws.com	3.233.153.122	true	false		high
static-gcp.virtru.com	34.160.98.162	true	false		high
api.amplitude.com	52.32.35.160	true	false		high
www.google.com	64.233.177.103	true	false		high
equifax.secure.virtru.com	unknown	unknown	false		high
rum.browser-intake-datadoghq.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
api.virtru.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://equifax.secure.virtru.com/secure-reader/initial-loader	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.160.98.162	static-gcp.virtru.com	United States	2686	ATGS-MMD-ASUS	false
3.233.153.122	alb-logs-http-rum-pub-s0-1171131448.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
142.250.105.138	unknown	United States	15169	GOOGLEUS	false
130.211.46.139	api-gcp.virtru.com	United States	15169	GOOGLEUS	false
44.239.44.141	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	www.google.com	United States	15169	GOOGLEUS	false
142.251.15.84	unknown	United States	15169	GOOGLEUS	false
142.250.9.94	unknown	United States	15169	GOOGLEUS	false
52.32.35.160	api.amplitude.com	United States	16509	AMAZON-02US	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431857
Start date and time:	2024-04-25 21:48:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://equifax.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=WFADevOps%40equifax.com&p=ad830fe6-1ef5-467e-8767-71b894c7a923#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fad830fe6-1ef5-467e-8767-71b894c7a923%2Fdata%2Fmetadata&dk=zj5sd1RYE7oBWsww99m8Ub9Z49b3tl8dYxvfG%2BC1tHs%3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@13/25@16/88

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 142.250.105.138, 142.250.105.113, 142.250.105.101, 142.250.105.100, 142.250.105.139, 142.250.105.102, 142.251.15.84, 34.104.35.123, 199.232.214.172
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:49:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9914586058724892
Encrypted:	false
SSDEEP:
MD5:	EB011BD9A1AA7832F23F30C242FED248
SHA1:	8D9AE63EAB72CAC8628C23AF90253A4713DB0961
SHA-256:	0DB722BA7909E8FCF6DF05261F6BD8089B61043479AD76593BDE8488F5640257
SHA-512:	F69665DF6E3581CB56CED6E4C37826DCD378486EACF3E9E83DE7F17D7CE7FF6A68FAB9513942A7F1126546559EDB2EB70692484CFA91E57ECE33544998908A79
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Z..I...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:49:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.0053946070096575
Encrypted:	false
SSDEEP:
MD5:	E753F51E69B8B1E009303D2F350A262B
SHA1:	4E1060BE70178E6CE0F0846ED90315B42FAC02A7
SHA-256:	5FC486CB86C6A43A30B9671537CFF7A6C623A34C1956D4F3EF27C4DEAF016F2E
SHA-512:	BEB4AC44322FB347DDF8F95BA348D6AB435F3EE9DFDD67F742B0D3492615F4B0231EE11D8C9BB4B26396305CA426C1015F0F8B87A78EEDA8DFAE218BEF9C76D4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........I...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.012201325869401
Encrypted:	false
SSDEEP:
MD5:	04DFC9084956180B83CBE7869B20EB58
SHA1:	4015995A735A3908B369F580616BCD710878618E
SHA-256:	BC7029ADDAD4B5552EED53DD7EB9096BAD18E2B097168C11D3C64B5CF477E472
SHA-512:	7A0BCC4F4FAEEC114BF3FA1ADB8D2EEFDCB2F07B1EBB07E880563E16351A0C66B3875F656F2B1DD3FF7D8181F2778671C8D62AD871DBE67DE7DB1E43539F6C80
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:49:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.003142034947517
Encrypted:	false
SSDEEP:
MD5:	45CDE376D4E4B035A0AABCF270D61C49
SHA1:	F9EFC7642687E792B10C7F3A133E962D7F92B0B7
SHA-256:	376EF7A2F0E57DDFFF3EFF9FF2F7094841B865B28FD9ECF6E15B969EF727EA70
SHA-512:	1D278F2BD7328E064707296558DBB0E2D9598A33625C8BA9159066F52628714662B4414F81A33967203983F4E3C383B475C5138408D60FA476F33E44E5ACFCE2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....^U..I...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:49:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992313636186631
Encrypted:	false
SSDEEP:
MD5:	716758D2DEBDE2C0C09C0DAB7646F9D6
SHA1:	3567A760A83F1512D6B20A1B272E72FC9E44AC23
SHA-256:	DBFA6DC86A77E27340BDD6E1860A2FAE0840A96D795E74233F719060848371EF
SHA-512:	E6DA5DF25CCFBDFA213923DD621E9C6FB4C91D903A6B8A946C15A1874C5B1F104D51BFB214C6D65B586F7608D611757880E1A35A35235212CC755A7B67A8A924
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....x..I...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 18:49:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002715784352657
Encrypted:	false
SSDEEP:
MD5:	BF0A7EEAA99D641D55B8F25B8558E980
SHA1:	03EA3D192BAB6BF7070B448B725A2DDBC83A49E2
SHA-256:	E24FA126A6A9657DCF25608FC6A849869504BA093096C4445D7EA12A30B82A36
SHA-512:	A235B7542D3655605B309A70FDE4E2C2E00A5074254957DF151BA7ED7D9DECA57A27CDB953A19D1E204BC35E9FF7E6FBC7814766D1541D1470814F80D921CDD0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......I...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X&.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X-.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X-.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X-............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29186)
Category:	downloaded
Size (bytes):	29259
Entropy (8bit):	5.170009776149324
Encrypted:	false
SSDEEP:
MD5:	F64F85BC0413453773899BB055F10AAF
SHA1:	CA73826494AC1A82A0F826A59580B0D7EBFBEA2E
SHA-256:	0454CEAD2E524C23DAE6A6E5A1D1A695EE721789241B919FB4B4B9D3A50E6A6D
SHA-512:	A8CEB3AD0CB4BE87928B4393E925353D3A92D0612EC57E0A388F5FA7A54B6E15690FCDD86C9BBA19DD8C55F3D3DF9CC6514A0E80A9C7EE59483D73A9944A2C8D
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/localforage.min.js
Preview:	/! For license information please see localforage.min.js.LICENSE.txt /.!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).localforage=e()}}((function(){return function e(n,t,r){function o(a,u){if(!t[a]){if(!n[a]){var c="function"==typeof require&&require;if(!u&&c)return c(a,!0);if(i)return i(a,!0);var f=new Error("Cannot find module '"+a+"'");throw f.code="MODULE_NOT_FOUND",f}var s=t[a]={exports:{}};n[a][0].call(s.exports,(function(e){return o(n[a][1][e]\|\|e)}),s,s.exports,e,n,t,r)}return t[a].exports}for(var i="function"==typeof require&&require,a=0;a<r.length;a++)o(r[a]);return o}({1:[function(e,n,t){(function(e){"use strict";function t(){f=!0;for(var e,n,t=s.length;t;){for(n=s,s=[],e=-1;++e<t;)n[e]();t=s.length}f=!1}var r,o=e.MutationObserver\|\|e.WebKitMutationObserver;if(o){var i

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	3.085055102756477
Encrypted:	false
SSDEEP:
MD5:	E1B468C52D580BB0C563F7DDAC593474
SHA1:	D41AF16632A19F7BEB11A6471387F576EB3D3BA7
SHA-256:	179F1CEA3A0D7D6A99E2A7C10A0B27AE9831C71978051A3EDB0743203DA8C10A
SHA-512:	95E27DC11252999AF74B28CF6D96EDAB1AC69861A59BF72B6E2DFC63E790FA9D9D43DCC57E68622BD9DA021948F3E92EBCAA8891D32285C9EB78F82AE8CD6778
Malicious:	false
Reputation:	unknown
Preview:	missing_event

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (54527), with no line terminators
Category:	downloaded
Size (bytes):	54527
Entropy (8bit):	5.409108834192943
Encrypted:	false
SSDEEP:
MD5:	8FCC638D03AB732103B0F2767676B1B5
SHA1:	1E93F857FAEA1D1BC15C59149E27D628308EA2C6
SHA-256:	F35C1E0F3A509F0EA022D277B957EEEF07CCD3BD63C997C13625338AD892E645
SHA-512:	32EDA52A88A3E5463CC1278B18A4C44E80141548DB6E8A2426C06013060858FADE907E7FBCA3E977F12F907670C889028F35FDB0197A727F5418A459ECC0887C
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/error-views-chunk.js?v=7.31.0
Preview:	(self.webpackChunksecureReader=self.webpackChunksecureReader\|\|[]).push([[617],{48442:function(n,e,l){function t(n){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n},t(n)}var o,i,r,c,s=(o="/app/src/components/Input/Input.js",i=new Function("return this")(),(c=i[r="__coverage__"]\|\|(i[r]={}))[o]&&"a8b8bd293fb0191f6d3c89e22e308535869df949"===c[o].hash?c[o]:c[o]={path:"/app/src/components/Input/Input.js",statementMap:{0:{start:{line:1,column:14},end:{line:1,column:30}},1:{start:{line:2,column:18},end:{line:2,column:39}},2:{start:{line:3,column:11},end:{line:3,column:32}},3:{start:{line:5,column:15},end:{line:5,column:37}},4:{start:{line:7,column:14},end:{line:9,column:2}},5:{start:{line:8,column:2},end:{line:8,column:96}},6:{start:{line:11,column:0},end:{line:13,column:2}},7:{start:{line:15,column:0},end:{line:17,column:2}},8:{start

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3671)
Category:	downloaded
Size (bytes):	5667
Entropy (8bit):	5.941697689360729
Encrypted:	false
SSDEEP:
MD5:	28B3CD7D4C7196F6EDAFA232CBD32797
SHA1:	6B4B178D67937C6966E752E0A56C325D6DCCFC21
SHA-256:	15D823B10278A49249DDD25B901116994A322163482A66846A4A671B92B5DA6A
SHA-512:	1A31A08575518425C0E8C0F3CE66595DC849A700D491E330F5998C017AA95F3DD421A1CEC6595A4662CEA23ABABC4A1495CC2F15BA1906B348A983A900FDA5E7
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/styles/whitelabel/equifax.css
Preview:	[data-theme="wl-header"], [data-theme="wl-header"] :not([data-theme="wl-header-logo"], [data-theme="wl-header-delimiter"], [data-theme="wl-header-font"]) {. background: #ffffff !important;. color: #000000 !important;. fill: #000000;. }.. [data-theme="wl-header"] a.rowCloseIconContainer:hover, [data-theme="wl-header"] a.rowCloseIconContainer:hover > svg, [data-theme="wl-header"] a.rowCloseIconContainer:hover > svg {. background: #000000 !important;. color: #ffffff !important;. fill: #ffffff !important;. }.. rect#Rectangle {. fill: #9e1b32 !important;. }.. [data-theme="wl-header"] {. background: #ffffff !important;. / border-bottom: #9e1b32 1px solid; /. }.. [data-theme="wl-header-font"] {. color: #000000 !important;. fill: #000000 !important;. }.. [data-theme="wl-header-delimiter"] {. background: #000000 !important;. margin: 0 34px 0 32px !important;. }.. [data-theme="wl-poweredBy"] {. color: #000000 !important;. /* d

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2162
Entropy (8bit):	7.462032808142066
Encrypted:	false
SSDEEP:
MD5:	2B4CB92F976837DBB0F7F07BD78653D8
SHA1:	B2CE2C78F1AA730E9FE06E40372100B294E90EDF
SHA-256:	2364AC34D390B125F4A0B83DADA45C0FA3A1B21AF1CE3ACF0DABE0B7DCE9A54A
SHA-512:	A016F9D15BEAF19DB51CAB2383190DEB0231A2AB873EDA4F34103B60F4679C8A0E06F0C283C558CC4E620F746EFE592AFBE6BA213109FF58F0BF1FDDAE201E9C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:C7074CD8434211E3B13EFA65B18A67BB" xmpMM:DocumentID="xmp.did:C7074CD9434211E3B13EFA65B18A67BB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C7074CD6434211E3B13EFA65B18A67BB" stRef:documentID="xmp.did:C7074CD7434211E3B13EFA65B18A67BB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>uF......IDATx..[.UU...Q.R.u....\|0%H.S. .)z....2%......:...R4..AtT.1...>.A...M..>.(>.M#.......I..Z..g........>.....

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 29496, version 3.0
Category:	downloaded
Size (bytes):	29496
Entropy (8bit):	7.990916060862368
Encrypted:	true
SSDEEP:
MD5:	0FB1ACB9CECCFF4D6F268D9F250AD869
SHA1:	336CC8BA85028400CE05755721F804D880BF0376
SHA-256:	AB6BBCB407D72C0CD61ED9443258CA444218F51F6888AC5B4A348BA1A47A636F
SHA-512:	87878C133D8AFD2AA972F4F8C2809261FCCC27645F254BAD286237F162246BE7326BD68A146C22CBB3AFA8066598B0F25C3DAFCA210D996DD973F610E3F341B4
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/assets/fonts/raleway-bold..woff2
Preview:	wOF2......s8.......(..r.........................?FFTM..6........`.....L........t..h.6.$..l..8.. ..F.....3?webf.[.mq........\|.[S.Q........:......._.....Ie.m.~."..VZ..).J.c...i,....f../.+.y.H;...'=.\|.[UT.u.wn....C.;.F&(..99,...!..'..UK'.J.c.t..4.c..7.5..\|.&.T<{...L..]...Q1MF...........j....-g(;+..t!}f..I\.BI.8.E...4l...S........$.......x.4...,.6...W..%....G.J.L6..W......n.......G}yx.....yZ.9.q.3.LD.B..!.Io...mT..e..1..F....mH..L...#.1".#..F......f.;...D...."k.....kZj.[A...\|Pgi).Q....e..pw...n..]..v]..m.. .'...e..~..,Hv....' .lOS..]..4....'.{.H.v.Gu...'J........o.?.:.$K..DNK...9Wt..~>...'..7.\|h.@..H..s..N;...f4..(6.Z..5d\.Q&.l!]...D.~..n6....)..&.NZ...-.F...-`...{....$ ...j...@....0t.S.%.Z]J..... V...L.Vm4B!L..,J"T.w..@.dn...[u...e.:.L@....]....h.t...r..!.....o:..LmM.U..X.&!d.2...7..F.... ......`.....<.R.#..h`g........A9../.;.-.o.ky.......r7..)?<G...i(.]...PQ...UW.+ln.x-R..b`....... ..k...7..?.......R.....c,Zw............`...A..+.@J.B......

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18520, version 1.6619
Category:	downloaded
Size (bytes):	18520
Entropy (8bit):	7.986422080209832
Encrypted:	false
SSDEEP:
MD5:	D7E772D9CED800743BAF55C89775FE36
SHA1:	D9C4E30B48DEB99F4D1729D708A6B8B9CBEC2ACD
SHA-256:	FDD0E0F871A88EDAE3D5354B5DF7963F2E1DE8220F488B486599EEBA9C3375AF
SHA-512:	83FB048A1A5AAC489AF65BECD45724C3DC7B2DF6F021355CA6AD1AF39D0A6A7238335BCAAFD841332B408DC86743BE6A62F3C67231DF26571FD2C2FEFC29E7B6
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/assets/fonts/opensans-bold..woff2
Preview:	wOF2......HX..........G.........................?FFTM..... ....`........`.....4..h.6.$..l..x.. ..l..?..x?webf...~5l.F.n.....DQ.VG....."..g....d....Y....ld..,d\#Q.{`...".5.q".bn0.......'.}..".....qT4.....X..I....CK....[q..Iw....(.2......g.#.u.S...N.....gzv...tPJ!.3...K..EL..\|3@s.FT..Q....%#z0.G.dI.R)R"..T.....6)F.z=5M......uT..Nm.7).).j.#O.."~..v......Y..6OiN...S.K.;..WW..,.L2....]..s.>.6/U.mq..w.R%..y......K..}.....y.......}.SC.9H>...3....}...KB.Yq?..D........K..`...o&..c.....K~Rd7.,9.f..N.Up...E.Hd..\ . .u..<X..D.9.G\3/.k......1..15tS7.#..v'V.i.U...1.t.oD...j._..{......w..A...uDH...\.....9.+.J..z.B...A.....-..*.m:f:../.27..j...w..c.....y<..NK^ .%.:k....<LN.s...d...,.D..u!..!W!..sE.qu...4..Y.e...OL.....e.Vr{...Fs.cL#..B(......u8....D{. ......M..........p.C.......z..\|..pK.\|D;l......L..EL..K.w.._....!.b.$F....D...:W.....K..u_....E..,.U...%......y...Q..S.m......).....<....Z....;U."..H@.8..T.B..a2.3&..j.o)...k....G.}...5T.N.i..i.s...:i...)H.d

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	47094
Entropy (8bit):	5.084813736273501
Encrypted:	false
SSDEEP:
MD5:	D1EC2AD747082FCA617EECD4E566AF30
SHA1:	E9DC23258086D4320D0A16C3FD96794A8C468B6F
SHA-256:	55FE0CA09C9529BCDC4DD2D69548C9FE3C47DBB1421A7AF192AC0B5949A7A8F8
SHA-512:	59A1F96EF2FCC9559CCDB477D683EEBC8ECA81A852D36360B8814F53041CC1B6E27E3A836996343254FBB7E7FA629AF6569C190C5470D8C34DDCB51099A4D061
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><symbol viewBox="0 0 24 24" id="add-24"><title>add-24</title><g data-name="Layer 2"><g fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" data-name="Layer 1"><path d="M7 12h10M12 17V7"/><circle cx="12" cy="12" r="11"/></g></g></symbol><symbol viewBox="0 0 24 24" id="add-filled-in-24"><title>add-filled-in-24</title><g data-name="Layer 2"><path d="M12 0a12 12 0 1 0 12 12A12 12 0 0 0 12 0zm5 13h-4v4a1 1 0 0 1-2 0v-4H7a1 1 0 0 1 0-2h4V7a1 1 0 0 1 2 0v4h4a1 1 0 0 1 0 2z" data-name="Layer 1"/></g></symbol><symbol viewBox="0 0 24 24" id="arrow-down-24"><title>arrow-down-24</title><g data-name="Layer 2"><path fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" d="M1 7l11 10L23 7" data-name="Layer 1"/></g></symbol><symbol viewBox="0 0 24 24" id="arrow-down-filled-in-24"><title>arrow-down-filled-in-24</title><g data-na

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (507)
Category:	downloaded
Size (bytes):	689
Entropy (8bit):	5.867641499724233
Encrypted:	false
SSDEEP:
MD5:	F565AF8EC9641F9456FD4205B0B4E96B
SHA1:	BD93EDFE68E062EDBBAF7176EA6378E527511E24
SHA-256:	FE7E0E7467E8632B55B775142FE136580FA68F97C5993624E63A5FB1045BE997
SHA-512:	95C15BC6F7209ED684AA97303C291C0BEDA97250F0FB82FB7D141A28A9A7E9C31ECF746E909043BC69ED7BE11D24F1B81281239951E14082D48168E9BA92655A
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/styles/whitelabel/whitelabel.css
Preview:	.powered-by-virtru-logo {. display: block !important;.}...footer-component.content-enableNewUX2019 {. height: 110px;.} ../# sourceURL=/app/src/styles/whitelabel/whitelabel.css /./# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi9hcHAvc3JjL3N0eWxlcy93aGl0ZWxhYmVsL3doaXRlbGFiZWwuY3NzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBO0VBQ0UseUJBQXlCO0FBQzNCOztBQUVBO0VBQ0UsYUFBYTtBQUNmIiwiZmlsZSI6IndoaXRlbGFiZWwuY3NzIiwic291cmNlc0NvbnRlbnQiOlsiLnBvd2VyZWQtYnktdmlydHJ1LWxvZ28ge1xuICBkaXNwbGF5OiBibG9jayAhaW1wb3J0YW50O1xufVxuXG4uZm9vdGVyLWNvbXBvbmVudC5jb250ZW50LWVuYWJsZU5ld1VYMjAxOSB7XG4gIGhlaWdodDogMTEwcHg7XG59IFxuIl0sInNvdXJjZVJvb3QiOiIifQ== /

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2773
Entropy (8bit):	7.927987335634262
Encrypted:	false
SSDEEP:
MD5:	DBB91F33C54A06B06235190964E71805
SHA1:	3A4F461B21F2D90513AEBD8925B09AB355A9CA66
SHA-256:	D6AB0072E95F055A818D8F7851E5A2A8E6DF3E96A43D5BE6A8DDEE8731E3CDDA
SHA-512:	2AEE90D2B846266B2F6410BF829F67CD211A304FAAEEC2B74EF0091280DBDA2B5130832AD989C8D69AFA4A0896EDDB37A3760C3CB10050691ADC8A2D3E55669F
Malicious:	false
Reputation:	unknown
Preview:	k.l......2.Nuz....'.;.....&V.f....R.r.#'.K..:..M.H.Y."....e..R.>.v"..p.....\|P...G..#YUZB_.C.wDm.VE(._..\|.....$L5..k.F...-...G.......f.I.......G.F\|~.....A.....0.^@_.z...z...@).PEm.o.Xp.=S....<..f.o.jg.........V.(...Zu.;.P.m.u...)e....J8S...@.....{.u.p....b.+..Kt...Jd... ..(c.a.....'%o3..(.~u;WPf...m.!\|..mR...:..KL.y...z.....y.."1..fJ.I..Z..e}G.Te:..`..0.K..+..zfX/'o..i...e...Sx>d.a1\. ..u......H.%~.p.9..I /.....o:lk.....Z.D\|..u.4.Kx....)^.,H.. WG,R .~.ww...:..I..)7..K..p{.a.X. F.T.&...7!Ml`..g.....s./..va..F...@.v.j..w.p.:UY:..Rv..........CI....iNy?..-1zR...w.WkG...r?.O;.i+...{.3......GgP.(.iy=JG7....4wr[......G.V..D.+....A...y.....wc%..J}...yY..J...4/#.!...L\.]{dmY,..qN..b}.F.^..d.d....67.}D.....Dk...tG?;/.ep.G.R^.W..3v.D..x...jB..#.*....5.....;...ff.1vF.0..V....7.hq...9O.......<+.UX.@t.A...}....5].<'...U...v.......$....)h....}......2.....X.=....5..I.Md.HM.....fZ.....=Y.B`..@....d....(.k.w.....^..r....W.,.../....]].`g..r;;Y.!i.S....ZA.+

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 17780, version 1.0
Category:	downloaded
Size (bytes):	17780
Entropy (8bit):	7.990077561816256
Encrypted:	true
SSDEEP:
MD5:	84E180D228A5B965D875DFBDC927585D
SHA1:	BB019E6460C5B982ECDB77FB5D2D1474078AB889
SHA-256:	D094038EC1D1EFDC963CA50983AECD020850172AC5A1788DE0109A97C3EA4B8B
SHA-512:	C663BDDB03D89E518A5DC8DBD895A7703E4505386F00D4F6B86A5269DD9370E2CE68B8594535293E6C4CC96E814DDB07406B3065226505E825A36EB9D0D18B9B
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/assets/fonts/opensans-regular..woff2
Preview:	wOF2......Et..........E.........................?FFTM..... ....`.....&..4.....$.....z..6.$..p. ..-..A.....y.o.y......F".........6..b\Y.....d.a+.j..I..ZPF....y.....l..-wS...P...../<..9m.R(T<...u ...U...l..:.Z...D.......E.H.!........+~.J.~...;.^.....IN^....SI....B...-...(....<..?..B..5y[..p..T.`.`...fg3ua.(D0.Mj&"F..3.3.. b4F!..97...tQ.?......4SK.......H..i.l.[..ZR.....v.......g.8....OU...Ig.\|..R.O:...\IW*....6<:}.e.k...^.}..'...M.....u...A..u.DU..9U..F......\|5......GagQ..........b......i.....{...(..L....@E.P.....'...@&...HK..e...I.....r..E.!......_S....!.{...g].....;...F:....r..6.h-+."?...+.b..D...Gv.>...^..@......{....c.....t:.".".)S....}.....>....".. m6..T.)...p....@)Mv..)..%. .......K-S.).,o.e.e.]&...).9.C..f....V..9_N..[..I9.j......y..A.........~..'.P..\..R...}....W..4...V.\|.0...aU.......F......wf.Y.#..\|>l..K..>...e.n.......q.E./.\|. ...0.8`!...._..rg.).P;_....k.L..o-g.Y7.>W....ah3$..!.;.;Q..../..x...qy..U<.k..ss7..rU.../.n...#.x..A..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1327
Entropy (8bit):	7.787526275485961
Encrypted:	false
SSDEEP:
MD5:	BAC74ED9FEA111B59DAD625F896D45FB
SHA1:	92E271374B61DF20E9ADC7F16A3ADE55AEE84EC2
SHA-256:	E03C98224E2F2A54FEDBC1BB893CEB5D74813DD4A5059691717C853D966C4885
SHA-512:	93D155FA3FE60DB6E9B66FD4182B0CABC1D3868561628990944EDA394282E6B8FA66453D1E704B81B7E2D2F4A5CA4C0FDBA61F1EF0D6D7EB359176D9CFA7226D
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/img/favicon-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....pHYs.........K.@F....tEXtSoftware.www.inkscape.org..<.....IDATX...}L.U..?...W....$.e..M.tMs..\.l..\[.-g.K...v7.K...r..4.pm..5.iN+....4l.. .......+........{.=.9.(..RG.2.f.bL...d.~.:.?.....L..jw2mU...\|\|R....LN.........TO.48...+...A........ccrsO..:?.x.7y..O`..0u@...qD...../JzP..3././.i..+..42k.T....U1.3.........rM.(.......N.ls...sg.x5+3.ES.....;.[@..X,'.q..Wxd1m.......F.DoC.BS...0.m.=?.]D.Tn...3P....r\.[S.....;>.a.......T5..@.+.z6.............B...<kBN@...)...a..W...C..&...t.....1....//..$-Xp...............Q../.wt^..z-....x.k@F.T....;.....+u......z.9..1?....{..J.;..;.y..TEQZ..i[.vgE.6.N.....H/.h...P.%.rS.y.J.J,jD8^\.......J.......^E.Q.E&./q..L.Hc...u..+..c.....P..g..1......5.v8ucP.2.p.%a...u.Z...eh...Kz...f.~.n`l..A.Yw%f.......dxJp.....`...7.?.o.6y.4p9.gRJ..9../.......q.h5..k..L..).......%....3%...U.j3%g...`...(..~k.G.%....A(.........#0.L.....q.t..(...K[M....~..i.......h{.nD....h.8\..........jT0.)..%

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 29500, version 1.0
Category:	downloaded
Size (bytes):	29500
Entropy (8bit):	7.992985247779619
Encrypted:	true
SSDEEP:
MD5:	E401CA1A904C9D6106463C9D1C6504CB
SHA1:	C310F6CC3E71105966A88B94BD4712949071FF23
SHA-256:	AE4062D312ECC61F8304F4F54B6B5086478DA465FCBBEBA7BDB7CCF1D43A3DC5
SHA-512:	66FEF2A121E12FD785EE7A761213F75A0440C04F5ED50D37956903484C829C6A2320E3B78E13BC117865F260076F618327AC5ED024EDF7662C60ED7F2FA7BE45
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/assets/fonts/raleway-semibold..woff2
Preview:	wOF2......s<.......4..r.........................?FFTM..6........`.....L........P.....8..6.$..l. ........3[.qq...&y#r..(.....6.Q....R.`.......:.Z.........t.....@.U...9"P...CiB..C.1..mY..&.0.r.....-h<..(...Z.....v-N..)c}.V..G.dj....86..^/G....~p..ShV@.<.....Ny....g...........Hp.....y.o.......S?..Qh...zX..j.A:..2<e.....u.Q%....sv.........'UK.."g..\....:...2.......%.........(...HVN.\|.....:.G..@.<.+p......w..-...,....m0bo.02...?g`^...~.1..>..:.6KZ..J...._o.i.f.9..U...0)D]$J"T.z.v?....{O3.d.....E...N>(/...(..B.....7.........f.....f%..t.n.!1....rf.~...!.hA..'..A... ..R..2]......_!.D.........r...............!......,.Y.) ..2.m..........P...og?.}..w?..VW...N..`<.V.....r.(.....N....C.B.4Ai.....U_..U.t.fJ..V.\|..+JJ.D[..O.,>Y...,+..d.E..`.6..K$.....L...Z..U.-;f.:."C...<.%..Pz.n.8..q.....$.._..$..V..Wn6...........;.Z=J.....(zK...F......pP..t....F4.!..b..!..2.,C.....9.j...W....k.....YN`.p.M".E.J.@.?.s..1....IAS...p.^..........W.S.B..4...G..^..m.1.P........W.oJ.t.

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410), with no line terminators
Category:	downloaded
Size (bytes):	2410
Entropy (8bit):	5.067212506176829
Encrypted:	false
SSDEEP:
MD5:	6309C5370D0A08498FFDC6D0075A9C88
SHA1:	5AA61DE4001E772244835735A8879B9D97117BFB
SHA-256:	F9E722CBF849616CD0CFF51DC6659A338179F2BEB6BBE31357FA1AE598FAD1B3
SHA-512:	A12E57D9EB07C48EFE65D6BEAB008C7FE79737EFC8F6FF3885B997A63E749A5AC5C914A29125BE21CED6A104E335B24DDE1397184B596F29DF1273D1E06FA62F
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/textlayerbuilder.js?v=7.31.0
Preview:	var CustomStyle=function(){var t=["ms","Moz","Webkit","O"],e={};function n(){}return n.getProp=function(n,i){if(1==arguments.length&&"string"==typeof e[n])return e[n];var s,r,o=(i=i\|\|document.documentElement).style;if("string"==typeof o[n])return e[n]=n;r=n.charAt(0).toUpperCase()+n.slice(1);for(var a=0,h=t.length;a<h;a++)if("string"==typeof o[s=t[a]+r])return e[n]=s;return e[n]="undefined"},n.setProp=function(t,e,n){var i=this.getProp(t);"undefined"!=i&&(e.style[i]=n)},n}(),TextLayerBuilder=function(t,e){var n=document.createDocumentFragment();this.textLayerDiv=t,this.layoutDone=!1,this.divContentDone=!1,this.pageIdx=e,this.matches=[],this.beginLayout=function(){this.textDivs=[],this.renderingDone=!1},this.endLayout=function(){this.layoutDone=!0,this.insertDivContent()},this.renderLayer=function(){var t=this.textDivs,e=this.textContent.bidiTexts,i=this.textLayerDiv,s=document.createElement("canvas").getContext("2d");if(!(t.length>1e5)){for(var r=0,o=t.length;r<o;r++){var a=t[r];if(!("

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19783)
Category:	downloaded
Size (bytes):	19850
Entropy (8bit):	5.422044524083745
Encrypted:	false
SSDEEP:
MD5:	E3F60FD31BB1CC4A7DF1AFF7608B8535
SHA1:	4C604099EFC7A46D39A7DDE49FF2BAC52EDBAB03
SHA-256:	F3129CA7ACC922F43FC3B273961BDD2DD0434F94B0E6C6C0678EE062B5FB06B6
SHA-512:	2DBE77099C4EC34D0DA7E4A7E916144F5B806B43C408A61949070AC145AD7BFF306EA88D37C79D673B1ED8CD8E28F956F8609D07F9D3B8461DD305F94701FC47
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/945-chunk.js?v=7.31.0
Preview:	/! For license information please see 945-chunk.js.LICENSE.txt /."use strict";(self.webpackChunksecureReader=self.webpackChunksecureReader\|\|[]).push([[945],{98947:function(e,t,r){var n=r(79930),o=r(34336);function i(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,r=1;r<arguments.length;r++)t+="&args[]="+encodeURIComponent(arguments[r]);return"Minified React error #"+e+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var a="function"==typeof Symbol&&Symbol.for,l=a?Symbol.for("react.portal"):60106,u=a?Symbol.for("react.fragment"):60107,s=a?Symbol.for("react.strict_mode"):60108,c=a?Symbol.for("react.profiler"):60114,f=a?Symbol.for("react.provider"):60109,h=a?Symbol.for("react.context"):60110,p=a?Symbol.for("react.concurrent_mode"):60111,d=a?Symbol.for("react.forward_ref"):60112,y=a?Symbol.for("react.suspense"):60113,m=a?Symbol.for("react.suspense_list"):60120,v=a?Symbol.for("react.memo")

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	50087
Entropy (8bit):	5.642240609528055
Encrypted:	false
SSDEEP:
MD5:	9EF91386798C6ABB4602C619F5EDA683
SHA1:	7C230774B15881473A05EB12C792723FAE6F9301
SHA-256:	15BB1D6258B54F62DB530F3593AF554DC144EC781C13FBCA041CBF033F2E8C6B
SHA-512:	356836A1F685978412D768376048CC5C5658FB11D58DF5AF406EA852CCF428D1E807B7427F184DE31BCB308D570F58599D89BFA052AF119A047FAD38BD936320
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/assets/img/equifax.svg
Preview:	<svg width="200" height="41" viewBox="0 0 200 41" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.<path d="M0 3C0 1.34315 1.34315 0 3 0H197C198.657 0 200 1.34315 200 3V37.6571C200 39.3139 198.657 40.6571 197 40.6571H3C1.34314 40.6571 0 39.3139 0 37.6571V3Z" fill="url(#pattern0)"/>.<defs>.<pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">.<use xlink:href="#image0" transform="translate(-0.112423 -0.558081) scale(0.000513347 0.00252525)"/>.</pattern>.<image id="image0" width="2400" height="854" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACWAAAANWCAYAAAB6HreQAAAACXBIWXMAAC4jAAAuIwF4pT92AAAFIGlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS42LWMxNDAgNzkuMTYwNDUxLCAyMDE3LzA1LzA2LTAxOjA4OjIxICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIv

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65470)
Category:	downloaded
Size (bytes):	15401112
Entropy (8bit):	5.789257466238073
Encrypted:	false
SSDEEP:
MD5:	A7066401D0A02EB97B43C5B3E8E9CF46
SHA1:	7E465471ED4DD0B056358483573FED5B11291D34
SHA-256:	1FF8AE21FB33FF55C33C930E9C9604624E020F17DB0ACCD31473603DFF1EEC94
SHA-512:	8055421457C1BC0DDBBF91702E1E18C8936DE0C96A2BB5A5CD313C2890EC97DA209ED10230AFADC051C4F59715FCCA99E2CD7346F3AB90F263F7721232601562
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/app.js?v=7.31.0
Preview:	/! For license information please see app.js.LICENSE.txt /.var secureReader;(function(){var __webpack_modules__={20016:function(e,t,n){var r,i,o,a,l=(r="/app/locales/index.js",i=new Function("return this")(),(a=i[o="__coverage__"]\|\|(i[o]={}))[r]&&"707d7ae2933e6aa9d0d6a402fb3767e7f35adb24"===a[r].hash?a[r]:a[r]={path:"/app/locales/index.js",statementMap:{0:{start:{line:2,column:14},end:{line:2,column:44}},1:{start:{line:3,column:14},end:{line:3,column:44}},2:{start:{line:4,column:14},end:{line:4,column:44}},3:{start:{line:6,column:16},end:{line:28,column:1}},4:{start:{line:30,column:0},end:{line:30,column:25}}},fnMap:{},branchMap:{},s:{0:0,1:0,2:0,3:0,4:0},f:{},b:{},_coverageSchema:"43e27e138ebf9cfc5966b082cf9a028302ed4184",hash:"707d7ae2933e6aa9d0d6a402fb3767e7f35adb24"}),s=(l.s[0]++,n(58397)),u=(l.s[1]++,n(22060)),c=(l.s[2]++,n(25612)),d=(l.s[3]++,{"en-US":{translation:s,label:"English (USA)",mobileLabel:"EN",momentLocale:"en",published:!0},"fr-FR":{translation:u,label:"Fran.ais (F

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	2.7607576447372977
Encrypted:	false
SSDEEP:
MD5:	2CFA2C928C0659D098B57E7E4FE8CF41
SHA1:	4E2D4440AE5B7843172BBF646AFEDEDDD69A8F0E
SHA-256:	4E6D777AF1F5B3BEB973A4CEC2E1DAC00BC1DFFB7F797AAA71B3B4BC5E5164C3
SHA-512:	CA2BD0238834646952DA37FE96F612E7E14F8D5D5D2A7A1C208DC5EA80F2023F34922C24A0C7EB43422E91DAFCF66F2F94882DAFB111B6FE58EDA6FB0D0ECBBA
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/img/favicon.ico?1714074575761
Preview:	...... .... .........(... ...@..... ..................................................................F...J.V.J...I..I..I...I...I..I..I...H.U.N...........................................................................I.#.J...I...I...I...I...I...I...I...I...I...I...I...I..I...F.!.........................................................@...I...I...I...I...I...I...I...I...I...I...I...I...I...I...I...I...I...I...@...............................................M...I..I...I...I...I...I...I...I.{.H.N.G.6.G.D.I.I.H.\|.I...I...I...I...I...I...I..K.".....................................I.#.I...I...I...I...I..J.r.M...................................C...H.\|.I..I...I...I...I..K.".............................F.!.I..I...I...I...J...M...................................................M...I...I...I...I...J..I.......................@...I..I...I...I...I.t.................................................................H.u.I...I...I...I..@...................I.~.I...I...I...H.n..............

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (28162), with no line terminators
Category:	downloaded
Size (bytes):	28176
Entropy (8bit):	5.539695737028399
Encrypted:	false
SSDEEP:
MD5:	0CF82A0336D612CDDA6B71C44F03D069
SHA1:	490E13BA49AE932D29B3218766B32C23CFF2ED18
SHA-256:	9C67BF758CF68B031501F76051E074B6A7B3466B978D92037F12F9A10AA195E3
SHA-512:	D769FEF2EFB48911B4DB8D35EF70163009ACB71EFB94AC5E702A3F010E2F4986500F882C4FE6EA28B531CCE4437BA832D2FF45A8B1AD7AAE69B2716B5964B48D
Malicious:	false
Reputation:	unknown
URL:	https://equifax.secure.virtru.com/secure-reader/static/js/jwo4onu.js
Preview:	window.Typekit\|\|(window.Typekit={}),window.Typekit.config={a:"764598",c:[".tk-proxima-nova",'"proxima-nova",sans-serif',".tk-proxima-nova-condensed",'"proxima-nova-condensed",sans-serif',".tk-effra",'"effra",sans-serif'],dl:"AAAA2AAAAAooJc3sUL3q47TGC37/BOnNT28UC/F4GogAG+qG",f:"//use.typekit.net/c/641466/1w;effra,2,gdQ:W:i3,gdS:W:i4,gdV:W:i5,gdP:W:n3,gdR:W:n4,gdT:W:n5,gdW:W:n7,gdY:W:n9;proxima-nova,2,2clzCG:W:i4,2clzC6:W:i7,2clzCF:W:n4,2clzC5:W:n7;proxima-nova-condensed,7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191,2clzDV:W:i4,2clzDL:W:i7,2clzDT:W:n4,2clzDK:W:n7/{format}{/extras*}",fc:[{id:139,family:"proxima-nova",src:"{scheme}://{hostname}/af/03034e/00000000000000003b9ad1b1/27/{format}{?primer,subset_id,fvd}",descriptors:{weight:"700",style:"normal",subset_id:2}},{id:140,family:"proxima-nova",src:"{scheme}://{hostname}/af/5a684a/00000000000000003b9ad1b2/27/{format}{?primer,subset_id,fvd}",descriptors:{weight:"700",style:"italic",subset_id:2}},{id:175,family:"proxima

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 90

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Static File Info