Edit tour

Windows Analysis Report
https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378

Overview

General Information

Sample URL:	https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378
Analysis ID:	1458473

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,18163005666374092623,5294162176304068956,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Other important privacy information
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://privacy.microsoft.com/en-us/privacystatement	HTTP Parser: Invalid link: Get Help

Source: https://privacy.microsoft.com/en-us/privacystatement

HTTP Parser: No <meta name="author".. found

Source: https://privacy.microsoft.com/en-us/privacystatement

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49733 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.150
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	DNS traffic detected: DNS query: f7fkx5zs.r.us-east-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: i.s-microsoft.com

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49733 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/21@14/175

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,18163005666374092623,5294162176304068956,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,18163005666374092623,5294162176304068956,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.186.164	true	false	unknown
baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com	54.146.166.145	true	false	unknown
c.s-microsoft.com	unknown	unknown	false	unknown
f7fkx5zs.r.us-east-1.awstrack.me	unknown	unknown	false	unknown
assets.onestore.ms	unknown	unknown	false	unknown
i.s-microsoft.com	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
104.102.37.192	unknown	United States	16625	AKAMAI-ASUS	false
95.101.149.131	unknown	European Union	20940	AKAMAI-ASN1EU	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
2.19.245.219	unknown	European Union	16625	AKAMAI-ASUS	false
2.16.164.113	unknown	European Union	20940	AKAMAI-ASN1EU	false
184.28.89.167	unknown	United States	16625	AKAMAI-ASUS	false
184.28.89.233	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
2.19.105.47	unknown	European Union	16625	AKAMAI-ASUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
23.32.97.216	unknown	United States	16625	AKAMAI-ASUS	false
54.146.166.145	baconredirects-elb-1w79jy7i6g0wf-1154668140.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1458473
Start date and time:	2024-06-17 17:46:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@15/21@14/175

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.78, 74.125.133.84, 184.28.89.167, 34.104.35.123, 95.101.149.131, 93.184.221.240, 152.199.19.160, 104.102.37.192, 2.16.164.113, 2.16.164.83, 2.19.245.219
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378

LLM Input / Output

Input	Output
URL: https://privacy.microsoft.com Model: gpt-4o	```json { "phishing_score": 0, "brands": "Microsoft", "phishing": false, "suspicious_domain": false, "has_loginform": false, "has_captcha": false, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "microsoft.com", "reasons": "The URL 'https://privacy.microsoft.com' is a legitimate domain associated with Microsoft. The page content appears to be a privacy statement, which is consistent with the URL and the brand. There are no login forms, captchas, or suspicious links present. There are no social engineering techniques observed. Therefore, this site is determined to be legitimate." }

Input

Output

URL: https://privacy.microsoft.com Model: gpt-4o

```json
{
  "phishing_score": 0,
  "brands": "Microsoft",
  "phishing": false,
  "suspicious_domain": false,
  "has_loginform": false,
  "has_captcha": false,
  "setechniques": false,
  "has_suspicious_link": false,
  "legitmate_domain": "microsoft.com",
  "reasons": "The URL 'https://privacy.microsoft.com' is a legitimate domain associated with Microsoft. The page content appears to be a privacy statement, which is consistent with the URL and the brand. There are no login forms, captchas, or suspicious links present. There are no social engineering techniques observed. Therefore, this site is determined to be legitimate."
}

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:47:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.993449678183058
Encrypted:	false
SSDEEP:
MD5:	98470617F549D976E7BA08E23A817D99
SHA1:	DA66614315E9E8A0DD1AB13F5431799C0E4182AE
SHA-256:	F8A9829B0E886484899DA09278F078C98A1DDDB615435FFB396E54A0AE57AEAC
SHA-512:	823932C5F9FD9491B79A6044017F74FBB780B0DACB7361738CD1E6BDDA6D261B8AF0F27DFFC3A09E87C86CE196625C1E0CD71FC4FE30B5EF01BC7FC961A49478
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......p.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:47:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.011053451016739
Encrypted:	false
SSDEEP:
MD5:	D4E1092D2108E1C2ED1B659B3D4B7A9F
SHA1:	6E58CF6C499DDF4F4A6AA4320A02CC56DD38977D
SHA-256:	7FC4E521C6931115847462FB8379A99F6AFAAF6245D7CCFED3CC2607DF6771E6
SHA-512:	2FF7D7C9FBB722CBEC2B4D39C648261A7F836DFEBE986BB0F8D709E8D3DEB3A480B195FB8956D9E02253B975E62214E5075D8C66FD680126DBA8EB3BB537C11A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....!.d.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.016577639792081
Encrypted:	false
SSDEEP:
MD5:	87198965092BF59CB38FE621426E7DFB
SHA1:	664EA6DCEA4885AE1F5FB02C99122B052E02917E
SHA-256:	A4B07086DC540142FDDF5FF15DEA592D19419663EFC836CD3FF0B4C27DDD333F
SHA-512:	7B55F015932BE676F6BC9A7FF5C595064F2E9C610E49CC8B8CFCF718D1879D531777D6DC2AF597FCD86B19E7E40BC728AB0EED776FE9C18F8031144D31EAD656
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:47:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.006756353084948
Encrypted:	false
SSDEEP:
MD5:	9A60E881A94A6435BDBC43AA32043E88
SHA1:	9CA07FC460C00CC4D3013835BF0EEB24763927B6
SHA-256:	66ABDFA5B37D18F6122C62A6D006FDD1D86C238F168DABF016AB77AEEB21D835
SHA-512:	3F031988DC11E6149A6A58DB770C28EE70E2EBE41380399721D1DB5077FB8F9AE20BD73E5FE581A2924E6F47A45994D028EF0A920AF5495C2FFC6E2C70E2ACE4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....}_.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:47:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9942176443815742
Encrypted:	false
SSDEEP:
MD5:	D2D3FB85F89E9F5A8A32A5D475D488BB
SHA1:	21B6A79471D9A8EC8E1EF3598E6A63BD64FDB75C
SHA-256:	2D8DE18A0F9ACC2932293104A128A098869849CFDAC9ECB774F733A566BB3CAE
SHA-512:	42D558DF2E28B6411408857DE9B09BC3C399DA5285E817614EEDF5C54E0F711576BA8CB86FD52C3A39F33C2E675D11D0C2E4E0357E69D8BE9FAE70DD66B4C91B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....l.j.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:47:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006908116284032
Encrypted:	false
SSDEEP:
MD5:	B7D0165BD5BA2EE2C3DA0628FDA11095
SHA1:	934B6ED2AB1708BBE0C4F6CB64842E47E8CCADB3
SHA-256:	A5DC755BC3555835FE0086E9726C56B57D7721F43EE11BC38BEFD210BE14438C
SHA-512:	2BBA42EB08B0CF9ECFB2BA90596F1D77F9BBC1F4311A6A7AB6305B07778B86A76F76EDBF42590F9AC59515A97E3A73632240417FAB124D1A870F8899101114EF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......V.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32047)
Category:	downloaded
Size (bytes):	95931
Entropy (8bit):	5.394232486761965
Encrypted:	false
SSDEEP:
MD5:	5790EAD7AD3BA27397AEDFA3D263B867
SHA1:	8130544C215FE5D1EC081D83461BF4A711E74882
SHA-256:	2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
SHA-512:	781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A
Malicious:	false
Reputation:	unknown
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Preview:	/! jQuery v1.11.2 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1245), with no line terminators
Category:	downloaded
Size (bytes):	1245
Entropy (8bit):	5.037356170002841
Encrypted:	false
SSDEEP:
MD5:	108A4DAFB6208F11604033C769DD54DE
SHA1:	C636880762B6EF08C858AADF0B0423B3375C4D18
SHA-256:	B45282310AA60BE4271B36993FF203791B9FD961F1C59B6D59E02E8A2082EE38
SHA-512:	2284518E03CD266F7F4CC0FCF78EE86ABED4D7B118296A258807176697E0336E7287840406A64B067DFA0BE1F61FCC175E43906621AA51290DB174F7DAE2B906
Malicious:	false
Reputation:	unknown
URL:	https://c.s-microsoft.com/en-us/CMSStyles/style.csx?k=b38e7b38-f2bd-90bd-16b5-45a457a50550
Preview:	.div_heading_OnePSTemplete h2{font-size:26px;margin-top:0}.psp-expand-all{border:1px solid transparent}body{min-width:280px !important}a:not(.c-uhf-nav-link):not(.c-uhff-link):not(.c-cat-logo){word-wrap:break-word;color:#006fc9 !important;font-weight:400 !important}body .grid,.body-open .grid,.grid h3,.grid .h3,.grid .header-small,.grid strong,.grid .body-tight-2,.grid h1,.grid .h1,.grid .header-large,.grid .caption{font-family:"Segoe UI"}.grid .row h1,.grid .row h2,.grid .row h3,.header-small label{font-family:wf_segoe-ui_light,wf_segoe-ui_normal,Tahoma,Verdana,Arial,sans-serif}.grid{max-width:1600px !important}.c-uhfh-actions,.c-uhfh-gcontainer-st .all-ms-nav,.glyph-global-nav-button{display:none !important}.shell-header-wrapper,.shell-footer-wrapper,.shell-category-nav,.shell-notification .shell-notification-grid-row{max-width:1180px !important}.PsTitle{font-family:Segoe UI,sans-serif;margin-right:.3em !important;font-size:2em;display:inline-block;vertical-align:top;margin-left:-.02

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31463), with no line terminators
Category:	downloaded
Size (bytes):	31463
Entropy (8bit):	5.335245781249028
Encrypted:	false
SSDEEP:
MD5:	7148585ECACB77E3EC38A7423D557F0A
SHA1:	3F4428AB18D492318AEC5AD51D4BD22B67BC3955
SHA-256:	9AF3C8E1B582FEBECEF2A475989DC02902A772CEFAC1896C9BAAAFD218D2CA04
SHA-512:	82E8B4FF7B55C9D7F4AE010ED2FBCA757547A88D2BB52C8C2E01AC416594B5CFD608260844FEA93501BD3C4B289A5EBA69412B2643A2C6BF01602163FF6F5B46
Malicious:	false
Reputation:	unknown
URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=08e9f1ba-f4e7-80f5-d4c5-f75b4dc5cf51
Preview:	function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".div_content").css("min-height",$(".div_side_comp").height()-27)}function ShowSelectedComponent(n,t){var i=$("#"+t).attr("data-parentModule");return i!=undefined&&i!=null&&($("[data-parentmodule="+i+"]").show(),$("#"+i+" [id$=_LongDescription]").length>0?(document.getElementById(i+"_LongDescription").style.display="block",document.getElementById(i+"_ShortDescription").style.display="none",ShowText($("#"+i+".learnMoreLabel"),"long",t)):ShowText($("#"+i+".learnMoreLabel"),"long",t),DisplayTopNavigation(i)),$("html, body").animate({scrollTop:$("#"+t).offset().top-1},800),!1}function ShowToolTip(){var n,i

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 41280, version 0.0
Category:	downloaded
Size (bytes):	41280
Entropy (8bit):	7.99148680813376
Encrypted:	true
SSDEEP:
MD5:	E8EA6DC81AB52C7D6124E89EBCAC926A
SHA1:	B7BF79D3D738B06DFE9E567FEEE25D9B983135BB
SHA-256:	1EE846986FBF0BFC9F0996F563D748589A32B29AF6A6E444312C5A4DA27504C1
SHA-512:	B25A7582B9FB6A146AA927BEBC91D4F34B1820017C75DCC3DAFA8ACE22547579E3AAD82788C89C2F373330F71F970500BCDEE7C520C1A791F374A4E8DD5E3396
Malicious:	false
Reputation:	unknown
URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff
Preview:	wOFF.......@.......H........................OS/2...D...Z...`J..\|cmap............."<.cvt ..........."..].fpgm...........\ID.ggasp...L...........#glyf...\...O.....k.head.......6...6..T2hhea.......!...$.z.8hmtx............c!.Dloca...............Pmaxp....... ... .6.fname..............>.post........... .Q.wprep.......h...@....x.c`f.g......:....Q.B3_dHc..`e.feb.B&....e...'.(..VP`p`......@F^.ELL....Ar,.......3.9f....x.e.}L.U..?.."i.\4.5..(.....6..--.Z[[j)) ... . jR....F.VF..7....a.VTj.....[......ta..}.9;....~.~....^......I$.j.>...a...5^...'...)_..D.S.....Lqf8...g.S..r.8..3.@`H`{`_........&..~&.&.d..f..2.M.t.7.Mr{.)n?7...Nts...-.......o..0..KwM..j.Fk....<..5]E.PU.'...N.....O..1..ncb<c,O...d...'/.Ct..<.u.....&....!..~.].v....~..Gx7.V.w.k..{...I{9....h~.....'.Y.....H....T.7....@.]..pi87...u...Up.....f..AA.{.Y.."v^aU.uj..5......Q..is.M.ns.....6.y.Uz...F-u.......yUb%.4O..6.2.8.R6...h.:o.>.9...d....a...C\|...r.....w\|........H!...+..<..e.%..G).Y.B.XD9..H./P...X.v.d..

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/favicon.ico?v2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65520), with no line terminators
Category:	downloaded
Size (bytes):	82190
Entropy (8bit):	5.036904170769404
Encrypted:	false
SSDEEP:
MD5:	1F9995AB937AC429A73364B4390FF6E8
SHA1:	81998DCC6407CEB5CEF236AD52B9F2A3A9528D3B
SHA-256:	49E5166F40D8586714F86E08AB76A977199DF979357147A0E81980A804151C2A
SHA-512:	6669AE352FF46DB734BB8F973D1C0527C3A5EC4119D534AAE4C33F29EFF970168ED5FE200A05D4E1B6A2EC0E090E2207549B926317D489DC7664B0D9C2085465
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/onestorerolling-1510-19009/shell/v3/scss/shell.min.css
Preview:	@charset "UTF-8";@font-face{font-family:'wf_segoe-ui_normal';src:local("Segoe UI");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");font-weight:normal;font-style:normal}@font-face{font-family:'wf_segoe-ui_semilight';src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.ttf")

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 33556, version 0.0
Category:	downloaded
Size (bytes):	33556
Entropy (8bit):	7.986987433752767
Encrypted:	false
SSDEEP:
MD5:	637B1F43DE4B96B9446ADCC107C5F688
SHA1:	3FAD425F0C1CFE8711888CD877E122E5F8D2C15A
SHA-256:	0ED2DC761DDF650B9AAB0C366F43DDEA0DB81E13BBE603A21F2BFEF519387CE9
SHA-512:	9B48ED55813F9A372F1E1BE5FEF737B0583E8990B9B0D57A7810EEC5F55D5C9CC55739D3DC3A2851009964C34C82F1D0D9B58EC05A212779667A023DB8804BF5
Malicious:	false
Reputation:	unknown
URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff
Preview:	wOFF........................................OS/2...D...X...`J..%cmap..............<.cvt ...........L/.+}fpgm............".[.gasp...\|.........<..glyf......m....,....head..x$...6...6.X.hhea..x\...!...$.<.Jhmtx..x............loca..\|..........{.maxp....... ... ....name...0........ DE.post........... .Q.wprep...0.......ibMktx.c`f.`8.....:....Q.B3_dHc..`e.feb.B&....e...'.(..VP.R....^........(0.$...:.H)00..<W..x.e.{L.U..?..E../..7<<..-.?.M...K6...M%.4@..E.DMs1.S....f.]t..4L..t3//o.R7..}.N/.....9g...o./ .V....._..x.I.Z..O.5DC5B.5V...\M.czJ.Z...V......g.S.,r.:..G...s&........V..;1{p.$..3....d.,3.L6......In_7...#..7.-..q.-.......+.CH}t...j.Fj......t=..R..b<.]x.8M....x...I5....<..x.-O.N........7.s....$zBl....&......?.S.>..z...^.w.k..N....G..m..J[G..BgEj#.#."..R.<...$......e.pVx....W.9..l...v....UdU...y.U.6....H.RC...n.V5(...7.........vv....([..Z.....f'.yIb-..@......8.2....i....&G9.[.f....+...c\|......PH3..=o3.....?.#....H..R.\|J(%...X.".S......T....J......._.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 35900, version 0.0
Category:	downloaded
Size (bytes):	35900
Entropy (8bit):	7.989413276112553
Encrypted:	false
SSDEEP:
MD5:	70C1D43A35B7A48D088D830EA07FCF77
SHA1:	025E0E281139C70C5538E09BFA7927141AF0CC0B
SHA-256:	942E5DD201200674506B0DF50C1AFEF021FFF6D5BD7BB7F600DED8617DBCB386
SHA-512:	E40B2CEAA1F672891BFF21F7C22A8B473DCF998FDC0A74B3DD1999190BA281C330C871D4BC82F89561E2AD7D97FE3169F33748AD368184BD1B4850941822D921
Malicious:	false
Reputation:	unknown
URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/semibold/latest.woff
Preview:	wOFF.......<................................OS/2...D...W...`K..rcmap..............<.cvt .......y....c.e0fpgm...,.......5.KV.gasp................glyf......sH.......$head...0...6...6....hhea...h...!...$...Jhmtx................loca...L.........z.@maxp...H... ... .N.?name...h........!MG$post...X....... .Q.wprep...l........[...x.c`fie.``e.`..j...(.../2.1.q.2q.3..!.s...2........+(.)..X/..d..X.......ca`.......1..e.x.e.}L.U..?.."e.\4.4..(8_R.#....MM.Z[[.%*....(& .Q...:G.ZF..2..{....i^n.ee..Vx...1...=...vv>....D........:..'...t.z......k....MP...S..\|-.RU.VuNog..3.)r.;+.:.C.s.........w....'h.M..e.k2M..e.C.nz...n...Mq{.i.`w....g..8......}..!..Gir5HC5B#.H..I=..U.rU.xR;..t.-....MO.j.7&.3..n.I.<.u...x......_&V..$..b3...o.....l...b...M...]..^=xv.^.7(....z...e..tT.&.1.:R..E.K....k!..UY.4......P}.:8g..m?.......JT.;.....5....T.oS...z....&t[..M.y..~x..b.&...........d..J.d..j.u.f^.8.U.V..OZ....)N..3..z...\|>.4.s..\|.U.h....=fq.:..+.f6..+.P...1.bJ.1.R.1.....E,.g.y.%,......eTY./.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 2576, version 1.0
Category:	downloaded
Size (bytes):	2576
Entropy (8bit):	7.719832273595377
Encrypted:	false
SSDEEP:
MD5:	3352BC83EC12D2F2E46E66EB0FC20A0E
SHA1:	2C128CC55FD417D778E5213E5BFC836EB1D46A8B
SHA-256:	93FABDCFD57B85E0401518F827759AC29C7833D3E25E358E70232F86D41C643D
SHA-512:	74C4FCCC4D61E57F80E70243DF8536B72BEBBC9E6F3C3A3800E5D8715585D5581858A7B01C564D2BF3E855A18614E05DB654775879C65E5B702B098CAA2664AC
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/fonts/icons/icons.woff
Preview:	wOFF........................................OS/2.......C...V@.Mncmap...8...:...J.1..glyf...t.......d...head...$...,...6.9..hhea...P.......$.$..hmtx...p........@...loca.......B...B". hmaxp........... .3.`name................post............{NK.x.c`db`...............2H2.1001.23`..i.)....?.3..........f....~u...x.c```f.`..F..p....\|... ........>....R..D.3@...#..........x.uVoh[U..........K..I..KS....YS.h...}p..0:6.s. m........t.v.[.!.06Bu..thW..c...d0.((<<..&...q..q~..s.9.wC.........RD.R....R~.[KKK.....2.@?..9...7... ..=..w......8`a.'C'.jw!X..R..f..2....^m\zB.M....0....WC.....6.A...$K....\B.y.+.H.r(......EE.......O..aB..U6[...s.9{U.....-)'<.........i............y..7...u..}........Rc......[.(.E..B.U..= .".C.q....3.\|...q/...O.=...\|......\|..P..9......2f..u^.AE./..W....9ggM^...0...W.....aeL...1l).Dw.V...3O..\|...aV.0[j...X..&.B.$L.0.`.H[...Z.<W'q.4..r4.r+I .TTnp8..hj.i.[{c.........B..N.(6.sc.).....m.D.h..4.h.'.Q..;..e/........0..g..[,.....nO.K{.....2......%

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	338
Entropy (8bit):	7.004897375379158
Encrypted:	false
SSDEEP:
MD5:	290AFB4165DD808A850D8920AEB5DBF4
SHA1:	0B4BF844AED3A740A99B7415F6BD803E84DDDA4D
SHA-256:	882FDB8A4BF176D2A09427D6A5BDBA3051307F2605090DA848085B0D78B6FD99
SHA-512:	197AD95E98C04B26AAD845DF7FF5C3C2CC6020E5273526970261F30A8EEAAB30A1C0DDC2BAE1D654095E8D47D399CCB526B32AD7CBE84CB1140E2D5F5142A7DB
Malicious:	false
Reputation:	unknown
URL:	https://c.s-microsoft.com/en-us/CMSImages/Print-new-2.png?version=4eafce11-a3df-e971-f481-fed76428ffa1
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..=..0...\.+....{......A.qQ..*.....&.l.....4i.7MM$u..:b&5..F.2.q....%3L.K..,..2C....c?+.{....B7i~R..0;.r..C.c....$....Jx.^8.O.l.!E).#l...e..#.k/...y.D..%<.<......4\.2H..0.>...WY9giK,la/....p<...4%...N..-I..._%...s1....P.......IEND.B`.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32089)
Category:	downloaded
Size (bytes):	92629
Entropy (8bit):	5.303443527492463
Encrypted:	false
SSDEEP:
MD5:	397754BA49E9E0CF4E7C190DA78DDA05
SHA1:	AE49E56999D82802727455F0BA83B63ACD90A22B
SHA-256:	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
SHA-512:	8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42133)
Category:	downloaded
Size (bytes):	138067
Entropy (8bit):	5.225028044529473
Encrypted:	false
SSDEEP:
MD5:	B9C3E4320DB870036919F1EE117BDA6E
SHA1:	29B5A9066B5B1F1FE5AFE7EE986E80A49E86606A
SHA-256:	A1FE019388875B696EDB373B51A51C0A8E3BAD52CD489617D042C0722BDB1E48
SHA-512:	A878B55E8C65D880CDF14850BAEE1F82254C797C3284485498368F9128E42DCA46F54D9D92750EEEB547C42CAB9A9823AA9AFAB7D881090EBBFA1135CDD410B6
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/d4-fb1f57/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/f9-a5b2ce/db-bc0148/dc-7e9864/6d-c07ea1/6f-dafe8c/f6-aa5278/73-a24d00/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/d0-e64f3e/92-10345d/79-499886/7e-cda2d3/58-ab4971/ca-108466/e0-3c9860/de-884374/1f-100dea/33-abe4df/2b-8e0ae6?ver=2.0&_cf=02242021_3231&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64241)
Category:	downloaded
Size (bytes):	171486
Entropy (8bit):	5.043877429718187
Encrypted:	false
SSDEEP:
MD5:	B7AF9FB8EB3F12D3BAA37641537BEDC2
SHA1:	A3FBB622FD4D19CDB371F0B71146DD9F2605D8A4
SHA-256:	928ACFBA36CCD911340D2753DB52423F0C7F6FEAA72824E2A1EF6F5667ED4A71
SHA-512:	1023C4D81F68C73E247850F17BF048615DDABB69ACF2429644BDAF8DC2A95930F7A29CEAE6FBD985E1162897483A860C8248557CDA2F1F3D3FF0589158625A49
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/1b-9d8ed9/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/43-5a5ab8/ca-ae3ce4?ver=2.0&_cf=02242021_3231
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (402)
Category:	downloaded
Size (bytes):	262641
Entropy (8bit):	4.9463902181496096
Encrypted:	false
SSDEEP:
MD5:	7C593B06759DB6D01614729D206738D6
SHA1:	0D4F76D10944933B8DDECFFE9691081439A77A3C
SHA-256:	F7D9FB0479DE843CF3FB0B78FC56BBB9E30BF0A238C6F79D9209FA8B22EFB574
SHA-512:	EF91B610CF17A17AAFB48984B4403EF175EB86096E3F12E23AE8D4C7C96EF60ED14DA3F69721E095CD2ACE3F0A06190186D000992823814BB906F7FB3576C2C1
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/css/app.css
Preview:	@font-face {. font-family: "wf_segoe-ui_normal";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");. font-weight: normal;. font-style: normal; }..@font-face {. font-family: "wf_segoe-ui_light";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.ttf") format("truetype

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

Windows Analysis Report
https://f7fkx5zs.r.us-east-1.awstrack.me/L0/https:%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkID=138500/1/0100019017f906ad-de17b566-7356-45aa-9830-ffd1c5cf2ad7-000000/TrP54ioxgkw1VZ531yrmOAC66OI=378