Edit tour

Windows Analysis Report
https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify

Overview

General Information

Sample URL:	https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify
Analysis ID:	1458475

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains low number of good links

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1936,i,18119825853207217932,8912933197601168885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: Iframe src: https://login.okta.com/discovery/iframe.html
Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: Iframe src: https://login.okta.com/discovery/iframe.html

Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM

HTTP Parser: Number of links: 1

Source: https://login.okta.com/discovery/iframe.html

HTTP Parser: No favicon

Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: No <meta name="author".. found
Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: No <meta name="author".. found

Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: No <meta name="copyright".. found
Source: https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49735 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 92.123.104.45
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	DNS traffic detected: DNS query: dallascounty.okta.com
Source: global traffic	DNS traffic detected: DNS query: ok3static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.okta.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49735 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/22@12/130

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1936,i,18119825853207217932,8912933197601168885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1936,i,18119825853207217932,8912933197601168885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a1aa626c4e9a25e01.awsglobalaccelerator.com	13.248.168.94	true	false	unknown
d1jxv8lrmer55s.cloudfront.net	18.239.83.113	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
d37qf8t9pe6csu.cloudfront.net	108.138.7.85	true	false	unknown
ok3static.oktacdn.com	unknown	unknown	false	unknown
dallascounty.okta.com	unknown	unknown	false	unknown
login.okta.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.okta.com/discovery/iframe.html	false		unknown
https://dallascounty.okta.com/app/dallascounty_oraclesupplierportal_1/exk1q8yf2lgj3GuOL1d8/sso/saml?LoginHint=SERVICE%40JPPLUS.COM	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.248.168.94	a1aa626c4e9a25e01.awsglobalaccelerator.com	United States	16509	AMAZON-02US	false
18.239.83.113	d1jxv8lrmer55s.cloudfront.net	United States	16509	AMAZON-02US	false
108.138.7.85	d37qf8t9pe6csu.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
142.251.168.84	unknown	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
99.84.9.120	unknown	United States	16509	AMAZON-02US	false
172.217.18.110	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1458475
Start date and time:	2024-06-17 17:50:48 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/22@12/130

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 216.58.206.78, 142.251.168.84, 34.104.35.123, 199.232.214.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify

LLM Input / Output

Input	Output
URL: https://dallascounty.okta.com Model: gpt-4o	```json { "phishing_score": 1, "brands": "Okta", "phishing": false, "suspicious_domain": false, "has_loginform": true, "has_captcha": false, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "okta.com", "reasons": "The URL 'https://dallascounty.okta.com' appears to be legitimate. The domain 'okta.com' is a known and trusted domain associated with Okta, a popular identity and access management service. The subdomain 'dallascounty' is likely used for a specific organizational purpose, which is common practice. The web page image shows a login form, which is typical for Okta services. There are no signs of social engineering techniques or suspicious links. Therefore, based on the available evidence, this site does not appear to be a phishing site." }

URL: https://dallascounty.okta.com Model: gpt-4o	```json { "phishing_score": 3, "brands": "Okta", "phishing": false, "suspicious_domain": false, "has_loginform": true, "has_captcha": false, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "okta.com", "reasons": "The URL 'https://dallascounty.okta.com' appears to be legitimate as it uses the 'okta.com' domain, which is a known and trusted domain for Okta services. The page includes a login form, which is typical for Okta authentication pages. There are no obvious social engineering techniques or suspicious links present. The email address 'SERVICE@UPPLUS.COM' could be a concern, but without more context, it is not enough to classify this as a phishing site. Therefore, based on the available evidence, the site appears to be legitimate." }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:51:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9830123042854346
Encrypted:	false
SSDEEP:
MD5:	6C6E4630375F08FE7488364FE7D2DD14
SHA1:	FB89F08F0344F5ADF3AD97B037D6E809F2E9FE4F
SHA-256:	A90EB8561040F4ABCD534A0453EBB9317794C1BCA3094D9AC4355B42A544AFBE
SHA-512:	0E3853610C26EE096518F0E3226B66DA475EB62002CDA233400F1C6274F4F4E40871D1E18BFDF81381E519C424A558ECC6C0866CF9F333FCC0CD28CBDDEC3F7B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:51:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.996444231073233
Encrypted:	false
SSDEEP:
MD5:	CCAB2475538D9C63C594B0DFC15AEF44
SHA1:	BBF0B724DD493D902195307502963948C545A111
SHA-256:	1262CE04E292565221B1DDC0C9D1955C9D7DC9BA0F354BF8BD455FA516811D54
SHA-512:	6F9E92CE74C73FCEC920ACF4AFDD4446A844091100BDEA90CDBFB7BA7618A8D975D2087F368ED92A260BE6809CFDE62554F4EDC963B7A90D383B8AFF81A9C688
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....\|t.1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.005565564959868
Encrypted:	false
SSDEEP:
MD5:	01AD6660BC7E90F9C3A1E061906EDCCF
SHA1:	4D8B90FA6BF45EB2529453EC3A1B11E3D5AF15C6
SHA-256:	AE8919F9E87147F8888E1F734F2171D1D79E0D766807014AB5405A33B77B0E73
SHA-512:	6D0E0D12390C703CE864C55F65FA6C5DB51B090B8B0FC4A83164E382FC722373AF60C0F7B5E068C0F14E37EC36640219E4FE571FBD1264DAD708DC406E960049
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:51:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992186439284678
Encrypted:	false
SSDEEP:
MD5:	F40261F450875D74829615BC80B50990
SHA1:	BDE0999D5FC750D1E395F3F79D21BA24C5B1D08F
SHA-256:	EDA255168EF7424E50C417FBF56A2C213A8B408BF16077828ECE66235726670D
SHA-512:	77485EA0AE6C22711B364422EA9A6FA21E60CA6759C715EA103A73D77CD626F8B026E380B09C0E5FE21D30AD5FAF84442FEC3ABE1AAFFDAC49042ECEAD254D30
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....HU.1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:51:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9856896742342838
Encrypted:	false
SSDEEP:
MD5:	6D8DBF32C091A5EE949772EE97F5D16C
SHA1:	390E03244A38BAA4DFBB988FB17FE89BF81E2215
SHA-256:	A087901E5DBE84EA3924B61C2C6453F0D34A0F92D7B73B06F11FF4CD1F0627F6
SHA-512:	AB906C3ADB8C3B72AC8623DD8F0825F8A224C8A33BA38F7CB0106EC0E32AB09F1EAF2F46E9C9BB98DBCCB0A42F55EDBC573CB9CDDD20B1B8934ACFAAD90065BD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jun 17 14:51:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.992856465331522
Encrypted:	false
SSDEEP:
MD5:	74A9B64373F8366F9C44B3D4F9AFA7F8
SHA1:	03C512EEC81E9C535C0C660F9E2A26119D45A8EE
SHA-256:	21C906F8E5965EBAA73A7FB93E941AFC79FE8B0838450F981762D6BB288BC746
SHA-512:	CD1146EE4706C7B92701CB458F004A4AC7012D4088A2AFBA51B7C163F5CAC493CB88334376EDF6495D550A90A147DBE2F4E91352FC4F3DD891EC43A7F46155C9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....M..1....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X]~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........-.YC.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 109 x 110, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	34125
Entropy (8bit):	7.991281385134577
Encrypted:	true
SSDEEP:
MD5:	4E11FA63139D0BFA0EF6258095E44719
SHA1:	BF5A04EE175C9FB4CCBCC67C3DBE29D7EF62E9C9
SHA-256:	832DC3E2C59CA0134EAC5FC7485C7D8670B43CA3374D46625DED325683FD5C52
SHA-512:	36997DA5E7E44F4834BE4DE7B6DCB43AE643D4EA32AEA68AE55AE76746614AB2639164333D8381CE18FBC1FA5EE4D619D50A4B9354DCC64A9ED24A7D65CCD10D
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/fs/bco/1/fs01q2oz88iZv5g8x1d8
Preview:	.PNG........IHDR...m...n.....-l......IDATx^.w\U..O..WP..5....k...".... ....4E..**..{7F.....X..X.='..........g...{.5.3.3.g....x....w.>..-.l...y..[...VM..W.....R#..9^..<.y..y.5.y......<~....r..[.<.]..L..\.Q....x.A.B.\.?....K^}%._P....[.z.o.....x..Z}\|......^.>y...k.~....+g.^j.o.......w.T...#.[.....I.^u.z....?6...N)M.9.'>.M\|....^..k.>.....=..z\|.;T.G..OMy.....A:...r.ok.@.S....z........x..&.P..........7.we.................E5............\...........m..v.'..R..55.].dT?..V.}.....oy.w..g.8...R...7j.j...^.......1W T..N.9.^...1QN.....C.X.^.?=...)w.<..+...{....Wfc....J'.......w..j.De..>.p.._.l..)...F.....C.=....8w.....#/3...\.3.H....@.....R.0.7.v.=9......h...L.R..v.@%.......L.;.=....F.P...../...G?.6Q..u...d2.g>....dB(,.F...O@}j.....4...w.7..2..V......B.y..k.e..\|PXF.D.M....2....e.%.......C.]8...d2R..\X...}fN.KTH.S&..VO..}pv..^.V,_j..g2..`h.9$.lf..e\|......Xc...C.2p!.7....cc....T...3.~..5..Jgj....t.[..M...s5.$...PhS..+y\|. J{.R.V..c8).....P.....z.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 20328, version 2.197
Category:	downloaded
Size (bytes):	20328
Entropy (8bit):	7.9892944190370025
Encrypted:	false
SSDEEP:
MD5:	27429B092C0595AA8803B611BD7508F3
SHA1:	DD4BEDA27E8057403B27D1276CA9D68902692615
SHA-256:	9B5D2290B34CD718E1E97E894D6790F92387EE50DE0B3364DA291E7112F412BE
SHA-512:	FADCFBA214FDE02B18DE1E0E61C530FE79BB87D0A717460E38E30AFBEA110D5527FDB742C8848E7DFD29C8E3704282DA856FA8C57763DE56B2DFB2C1D0FF5EA5
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/loginpage/font/assets/proximanova-sbold-webfont.41acb8650115f83780fc.woff2
Preview:	wOF2......Oh.......\|..N.........................?FFTM..0..,....`..b.D..e.....\|..[.6.$....X.. ..D..f...?webf..7.%.....Pb..6. ..Go$...-......cl{.=`.U.(......Y\..vk.a].....V..Q...G.~.....{.M...V3.M..h.0.B...!.....Q.......l<.g#.-J...=...o...8.#......h\...6.;..F..-.....VO.].E.lYt........+.O....9.Vg.....P...!iZ...}.\|{....f.o.SB...w.k.s.L..\|.q2i....A.m.>.\|jy]..):Ua...]D..%..y.....x.Z..@....l......^y.........K.f.KUa.=@.m.4.F......K...5..5..1&....h.R.....WT..l>J........7..\.\.\/.......p8{\....cPg.d..4..q..#(......./...j...Xr...X....#....[...q.~?.JV.&.7._b...^..$a.m.."%[. ?.S.........A...<J....'n....X..#.=...N.VNf_<.Y8(.\...pY..}....cH2#+.p.......GVd..<>`..d..d..:...Cow.m.Ey..%.......e...@}pC...sQ.B....R.$.....\|$71(..i....#/E:..D]..s..M..........3+c...e.u7..K2.>.=K.\9."..."A.H..}.7.5...w....R...P\|..{:..p....p..e]._LP....7.....p..g.pr.17......[......@A.....0.3.s....,..^y....<...........{...s..."...i..v.....F{.S.$.L..'.6_{..<D.K.`...ZJ.>..........

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	2.7209270279774733
Encrypted:	false
SSDEEP:
MD5:	449C9DD651DB589388B721EB2496F5B0
SHA1:	64F3B213A89A00F7B0940271576ECC72280236F7
SHA-256:	F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
SHA-512:	410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC
Malicious:	false
Reputation:	unknown
URL:	https://dallascounty.okta.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... .................................y)..y)..y).Lz)..z)..z)..z)..z)..z)..y(.Vx)..x)..........z+..y)..y)..y)..z)..z)..z)..z)..z)..z)..z)..z)..y)..y)..y)..z+..z..z..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y)..{..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y(..y).Vz)..z)..z)..z)..z)..z(.Py)..x(..y).Pz)..z)..z)..z)..z)..z).Lz)..z)..z)..z)..z)..y)..v+..\|'..s'..\|..y). z)..z)..z)..z)..z)..z)..z)..z)..z)..y).Pz)..s'..........z'..z..z).Qz)..z)..z)..z)..z)..z)..z)..z)..y(..y)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z(.Lz)..y'..........s&..{)..y).Pz)..z)..z)..z)..z)..z)..z)..z)..z)..y)..\|..s'..w'..},..y)..z)..z)..z)..z)..z)..y).Lz)..z)..z)..z)..z)..y(.Px(..y)..y).Lz)..z)..z)..z)..z)..y).Vx)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..w)..{*..y)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..x(..y(..z+..z)..z)..z)..z)..z)..z)

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1810
Entropy (8bit):	3.956536941089639
Encrypted:	false
SSDEEP:
MD5:	ACDC10AE212DAA45F1FF34152FCF5C37
SHA1:	D15FAFF9A15A05E605BC9CFADACDFB4F16FF2C9D
SHA-256:	23A9DF86EE18E2FC361D955215F2179CE4CA539DBF29F8E8AE9586C810616457
SHA-512:	4D65F4E2843333533C9CC26191767F9F79B0D58E2F5F9FC3AF247580514319A83878093E352187D53158695DF92F86198651B5E83BE701EEA702840868797147
Malicious:	false
Reputation:	unknown
Preview:	<svg width="16" height="16" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M16 7.992C16 3.58 12.416 0 8 0S0 3.58 0 7.992c0 2.43 1.104 4.62 2.832 6.09.016.016.032.016.032.032.144.112.288.224.448.336.08.048.144.111.224.175a7.98 7.98 0 0 0 8.96 0c.08-.048.144-.111.224-.16.144-.111.304-.223.448-.335.016-.016.032-.016.032-.032 1.696-1.487 2.8-3.676 2.8-6.106Zm-8 7.001c-1.504 0-2.88-.48-4.016-1.279.016-.128.048-.255.08-.383a4.17 4.17 0 0 1 .416-.991c.176-.304.384-.576.64-.816.24-.24.528-.463.816-.639.304-.176.624-.304.976-.4A4.15 4.15 0 0 1 8 10.342a4.185 4.185 0 0 1 2.928 1.166c.368.368.656.8.864 1.295.112.288.192.592.24.911A7.03 7.03 0 0 1 8 14.993Zm-2.448-7.4a2.49 2.49 0 0 1-.208-1.024c0-.351.064-.703.208-1.023.144-.32.336-.607.576-.847.24-.24.528-.431.848-.575.32-.144.672-.208 1.024-.208.368 0 .704.064 1.024.208.32.144.608.336.848.575.24.24.432.528.576.847.144.32.208.672.208 1.023 0 .368-.064.704-.208 1.023a2.841 2.841 0 0 1-.576.848 2.84 2.84 0 0 1-.848.575 2.715 2.715 0 0 1-2.

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Category:	downloaded
Size (bytes):	20416
Entropy (8bit):	7.99050164976329
Encrypted:	true
SSDEEP:
MD5:	D99A7377DABB55772CA9F986B0A04B57
SHA1:	2B5FCD8431953C44E410D0489899E74F6D2CFECC
SHA-256:	AFFDBA1620552B12A1A8A04467136AEB408C03FA337D20E9C38374D682D4D149
SHA-512:	CB80EBC6424029C45E86DDF6C18EB43284605678EDE88119301CC6493C21E282CACE48FD849FC14E5D73C6AECF83645CC3A58051D5D8E22197E09912A41E3130
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
Preview:	wOF2......O..........OS........................?FFTM..2..,....`..b.@..e.....\|..h.6.$....X.. .....n..p?webf....5x.(-....O.)G......G"............!c...toeA0......H.h....rM...I....h.k........^F6F#.f.._....P.E..mz..`p..\|4...eG..:c ........e.\|...:?.......I.$.N{VR.....wP........N.h.IA,k.!D..Y.p..8.B.eH..~...W.>.%.`.FK..e...[..?L4S]X.L...T`a....ff],.+...;..1.......`......D.V...4.T9t...U.A6).......?.....b.T........+...w..8....y ..7eT.....]{....'P..`.bn.......FR..(H.H.(...`507..\..[.........L.Y....)3HK..Bi.r_.+...T....w.M...=.0C...ev._..E.}F.01..Q..(....9......a.H3.8j...u.(..X.-p,.9..B.s..n..}oY.d.+{\........}.c...X.....,.,s.+.O......V.D.....}......$'....S6.V.c.4.s..]..v...juo..=.r@...........l.....d..( ;@d..j..E....K..e..l.4e.OU...@X...Y..u)....u..j......H...2..^Q.......(i.".]J....1V...X....1...r@...\.%....mQCSLQ.(..C.1.........[...(o+oJ..%.#...1...o...4.......e..~^}~....K....t.2.2t..8.q....<=G.{......:...{....Q1v..Q.\...#.N.......o.e..\].1)Q

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1103
Entropy (8bit):	7.657045450984537
Encrypted:	false
SSDEEP:
MD5:	50BF4201A7D86F72E5EB86A69D373298
SHA1:	8E0B839662EDD1E2D272820DE3907131824F7DC4
SHA-256:	5A0C343624F04405E6FC1463B942B3007A5715FFC4E39D6275BD79CBA79370C2
SHA-512:	6132D8F0561E4F3CF26CF94D38D8792C8A902B63AD06068455B9B0E0865F8B08D9499469C2FDB1DBF8BF3EA1D8CF0C4B756D1A93DDE8A0B3BF059DBFA563474A
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.19.3/img/icons/mfa/password_70x70.png
Preview:	.PNG........IHDR...F...F.....q......pHYs.................sRGB.........gAMA......a.....IDATx..MHTQ.....hT~._..d..AB.A."w.".."..ZD.......M..... VF..fjJ.JQ.......7=.wf..mq~ o..{........^.. a..HpD.a.c....1.A.a.c....1.A.a.c....1.A.a.c....1.A.a.c.b.0}..........e9)TS.A.%.d...bx......q..\.KM.s...B...J....Dzx...^.........."S...N.>.Fx.J)9a.R.B..G..F/&~..:D&06b.+kz{B.......K.....[...O.0".{..c.....q.#.>.L`...?..1.Ta.Q}...#9.O%U...~....A.a.c....1.A.a0bLfJ.kmr\|......f.V.%.x.3....':#9.A.a.c....L........+.../..)q....!jc...Z.#.......8.I.Jk....+...0.>...Q.s.w...l.P..z...(.......L....pZ....]ou-'Xk.}0..Lu....3F...\|.... 51N_P...y<.u.%U....YW.o]......$}.7{?i........aNZl[..(..A.^..C...\|.-QB..}lVr.5..#"a..1X0k......"........+.n.u..z..Z.D=b.B.../..zi..:.&..%.\\Qz.6..'W..]k.#......:j.b.=....Ci#!..sE.p..9j8..{.x.N...uS.t.{l..m5.....L@.e..#.X`...S.o}.n.186X.\|.....\|.....$.2.1n%\.^zTU.........q...."[47..(...P.'`,..H..5.;.k.u.FJ..T....s.J....C8.\|9..fa......H.U......b<

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65460)
Category:	downloaded
Size (bytes):	209381
Entropy (8bit):	5.423351490681362
Encrypted:	false
SSDEEP:
MD5:	58DE3BE0C9B511A0FDFD7EA4F69B56FC
SHA1:	91ECA02ABF11239EC4AF7A30B1DA6E2610F1B9A6
SHA-256:	6A6C595FCF3A6C74BF3509F160BA34B78A8A3EB92ECAF290412C46679576D3ED
SHA-512:	5C245A32BA199D4FC7314B870BFF6FF4EF322B0A44A171E6D440BD82E42A689B3ABA3545B61CF26A75AAF283C7F38ED07A9DD815E279077B15C6A04B27A20718
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Preview:	/! For license information please see initLoginPage.pack.js.LICENSE.txt /.var OktaLogin;!function(){var e={954:function(e,t,n){"use strict";var r,i,o;function a(e){return a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},a(e)}e=n.nmd(e),i="undefined"!=typeof window?window:void 0,o=function(n,i){var o=[],s=n.document,u=o.slice,l=o.concat,c=o.push,p=o.indexOf,f={},h=f.toString,d=f.hasOwnProperty,m={},g="1.12.4",v=function e(t,n){return new e.fn.init(t,n)},y=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,b=/^-ms-/,x=/-([\da-z])/gi,w=function(e,t){return t.toUpperCase()};function k(e){var t=!!e&&"length"in e&&e.length,n=v.type(e);return"function"!==n&&!v.isWindow(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}v.fn=v.prototype={jquery:g,constructor:v,selector:"",length:0,toArray:function(){return u.call(this)},get:function(e){return n

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	174
Entropy (8bit):	4.79718395996757
Encrypted:	false
SSDEEP:
MD5:	2DE39909A9323219C7306823B47EA42E
SHA1:	D83758EE293BFFA79D4BD78E06C672853E075436
SHA-256:	781C77B8DC49DD9D3A565B736A333635599615DEB3F76390EF434798B62992ED
SHA-512:	60FDF5A036CF6B7E1D7C98C549C303E11BB9361F4F35E7A1EC639F4B79E407EC4EBA2F5AAC7604101CC2917C28042145C68AB2F4EB207B99189C6C0F0F9724A7
Malicious:	false
Reputation:	unknown
Preview:	{"errorCode":"E0000022","errorSummary":"The endpoint does not support the provided HTTP method","errorLink":"E0000022","errorId":"oae-mESN7opSWGqkywC9DutyQ","errorCauses":[]}

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (451), with no line terminators
Category:	downloaded
Size (bytes):	451
Entropy (8bit):	4.965097632187821
Encrypted:	false
SSDEEP:
MD5:	B84C759C61E4500DEC73D24345856B08
SHA1:	D551A8D24409CD014CA960EA84A9E8C774D0CF37
SHA-256:	9647BED331C4194D81A8AA79817697B94CAC79E89600E044897AD0330E489B9E
SHA-512:	ED493A6D6987EA34AE13280EF25FEF259967F0107DF38DBCCF26AED873BCCFD7D4CF2E508D029D7206B4116E879EEA63D0501A6805A6920AE3D804A2C40D606C
Malicious:	false
Reputation:	unknown
URL:	https://login.okta.com/discovery/iframe.html
Preview:	<!doctype html><html class="no-js" lang=""><head><meta charset="utf-8"><meta http-equiv="x-ua-compatible" content="ie=edge"><meta name="x-my-okta-version" content="version: 1.63.0"/><title></title><meta name="description" content=""><meta name="viewport" content="width=device-width,initial-scale=1"><script src="/lib/discoveryIframe-f98a9db6985a9d6db326.min.js"></script></head><body><script>new MyOkta.discoveryIframe(window);</script></body></html>

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 36 x 36, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	1632
Entropy (8bit):	7.7880794484080145
Encrypted:	false
SSDEEP:
MD5:	6770228FB0DAB49A1695EF440A5279BB
SHA1:	DF92C3428A4EAED4BA26067E1E86D1D8A7EBC200
SHA-256:	9CE729DF778FBEE5E9BB0B6CDE926B2E5C19C87EBD301E10EEAABAB0D3D89C66
SHA-512:	E95E8C11D9D68A32EDFB8A70B455500025AA44DCC2A9BE2BFEE6065A3E38ED54F346CF17B74C7CBC99163FB63DEDE5987D9D3D807063E5227ADF30B741EB3DBF
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...$...$.....K.P.....tEXtSoftware.Adobe ImageReadyq.e<....IDAT....y..u.......w...r......"j&bN:. .h.MSS9..J3.:Y.h.....N..if.WT$3.....%.\..B+.,.....=O.#r.z........S...@..`....X#..1.p..V....d.\f..m.if.M.\.i..k...p..<...="g=.....;...N.............`...1.c.0.....u..." .,..$@..&T...a......3.@.@:9.e....0..5...wC~.f....6..Q .n...<...d.._!.o..EyA..ja.......Ht.....[_.$.d......Xd.'!\|...^.R@I..v.k..}....\|'....,..r....~...I...[$...A.H....Mz...5[..5nL....d.k?7.../..!A..l.%Y)....G...EV.j..._...j......t.....}..2....2"i..%......_.^.q....4fb.....Cs.......7..2km.h..#............G.'....u.e&.....l......`P.:D...5.....^ul...O.-.Q..z.MY1)&...?.`$...tc..K..h...Bk.[;.!..8}..=I.s..[.o+++G....0.@[y.z{..\.C.d..9..e.k.U.~9.....-.@".&O...e......v.2.~.<W....H..%u.....!.J]b....ReuQ.v0.OM.. ...Y.2..... ////..Cz..E..&U.U.N.Ad..X.!...U..)..z.y.L....:.M..*J.v.Q.L.K...M.FEbG5k_~P.X{.jRTo..<...D#.e+.....L_.....eA...J?.7..HV..1.T...+...>..^.-."..9.zbyXlt.............$.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	556
Entropy (8bit):	4.81705343903535
Encrypted:	false
SSDEEP:
MD5:	28D025743B8FC0765A7CFE4C08FDF2A9
SHA1:	80737E656DC7DBA19F122504A3A1D53A6A1C9FF2
SHA-256:	9AF30B5E4695010F9BE253F861784E638C81274CA0390214629886029CA9B509
SHA-512:	D9F693858B1AAFA379940B122382EC1CA0008A7A6405ADF674C729EB3577254AEEEABB29FB66BC88BFAAA8FF812E53399185CB4D5DDCB7D18F46D8332D93819B
Malicious:	false
Reputation:	unknown
URL:	https://dallascounty.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=abc4780733b2999dc5536ea4bf18a7237d32beafe91e2f7611b8af3ecb8ae0d0dfb208992a3b1ecefd0c0f9333f4b59d
Preview:	.tb--background {. background-color: #ebebed !important;.}..tb--button,..button-primary {. background: #1662dd !important;. border-color: #1662dd !important;. color: #ffffff !important;.}..tb--button:hover,..button-primary:hover {. background-image: linear-gradient(hsla(0, 0%, 100%, 0.04) 0 0) !important;. }..tb--link {. color: #1662dd !important;.}..link-button-disabled,..link-button-disabled:hover {. background-image: linear-gradient(hsla(0, 0%, 100%, 0.5) 0 0) !important;. border-color: #ffffff !important;.}.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40099)
Category:	downloaded
Size (bytes):	1806441
Entropy (8bit):	5.328660434573877
Encrypted:	false
SSDEEP:
MD5:	6C3FA94BBDD3F1309BEBC91174041BDB
SHA1:	CB466C429C7FF1C19C03FF284E528FC9B8FE0C5E
SHA-256:	6FC2524106B00A3E6C4F39D80A4E8064E1DBCBBBF763E3A8984638CC4C06FEBF
SHA-512:	18AD8500C66B920D4F180FAA13E586F7884BC59AF03EBFB2204BF0E0D17440DBD73CCCFFA8672FFC76B103BDBF696042A5301389A626636E06489788F72E6B42
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.19.3/js/okta-sign-in.min.js
Preview:	/! Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved..The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")..You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS, WITHOUT.WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...See the License for the specific language governing permissions and limitations under the License.. /.!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.OktaSignIn=t():e.OktaSignIn=t()}(self,(function(){return function(){var e={72284:function(e,t,n){"use strict";var r=n(12990),o=n(66583),i={days:function(e){return 864e5e},hours:function(e){return 36e5e},minutes:function(e){return

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (51734)
Category:	downloaded
Size (bytes):	223118
Entropy (8bit):	5.021302690313178
Encrypted:	false
SSDEEP:
MD5:	66ACE45FA05073E480DAE5CC5E7C73D5
SHA1:	72DA30851A5C886598ED973F64414909EE8F3339
SHA-256:	14DE5DD5998B33BF4A423B9C8F15F1E1EB99582E24D7E6ADBCB0EEE3BCB7E145
SHA-512:	F9FE1836FC4B3FA3F2ACB0BADC4F84068FABA3ECF3AE36A9188CE091E249339583FDB7A2FB1C41E5C72138462C70659BA2DAD067E2FE748535C4441ED0EF65A6
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.19.3/css/okta-sign-in.min.css
Preview:	@charset "UTF-8";.qtip{box-shadow:none;direction:ltr;display:none;font-size:10.5px;left:-28000px;line-height:12px;max-width:280px;min-width:50px;padding:0;position:absolute;top:-28000px}.qtip-content{word-wrap:break-word;padding:5px 9px;text-align:left}.qtip-content,.qtip-titlebar{overflow:hidden;position:relative}.qtip-titlebar{border-width:0 0 1px;font-weight:700;padding:5px 35px 5px 10px}.qtip-titlebar+.qtip-content{border-top-width:0!important}.qtip-close{border:1px solid transparent;cursor:pointer;outline:medium none;position:absolute;right:-9px;top:-9px;z-index:11}.qtip-titlebar .qtip-close{margin-top:-9px;right:4px;top:50%}* html .qtip-titlebar .qtip-close{top:16px}.qtip-icon .ui-icon,.qtip-titlebar .ui-icon{direction:ltr;display:block;text-indent:-1000em}.qtip-icon,.qtip-icon .ui-icon{-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;text-decoration:none}.qtip-icon .ui-icon{background:transparent none no-repeat -100em -100em;color:inherit;height:14px;line-heigh

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10450)
Category:	downloaded
Size (bytes):	10498
Entropy (8bit):	5.327380141461276
Encrypted:	false
SSDEEP:
MD5:	E0D37A504604EF874BAD26435D62011F
SHA1:	4301F0D2B729AE22ADECE657D79ECCAA25F429B1
SHA-256:	C39FF65E2A102E644EB0BF2E31D2BAD3D18F7AFB25B3B9BA7A4D46263A711179
SHA-512:	EF838FD58E0D12596726894AB9418C1FBE31833C187C3323EBFD432970EB1593363513F12114E78E008012CDEF15B504D603AFE4BB10AE5C47674045ACC5221E
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
Preview:	a,abbr,acronym,address,applet,b,big,blockquote,body,caption,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var{background:transparent;border:0;font-size:100%;font:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}:focus{outline:0}ins{text-decoration:none}del{text-decoration:line-through}table{border-collapse:collapse;border-spacing:0}input[type=hidden]{display:none!important}input[type=checkbox],input[type=radio]{border:0!important;margin:0;padding:0}@font-face{font-family:Proxima Nova;font-style:normal;font-weight:400;src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot);src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot?#iefix) fo

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (48877), with LF, NEL line terminators
Category:	downloaded
Size (bytes):	98194
Entropy (8bit):	5.280625134550565
Encrypted:	false
SSDEEP:
MD5:	02F802813B968720296344B13B3A395A
SHA1:	0D2D73E0B1671423923978FA201B65C66EB42327
SHA-256:	1D3C326CDDF350F019AF567BC3729D180231F0B90C3FC522DCCED3741CF692B0
SHA-512:	F017C9E28F6F3310B46C1425E49AE99C79AB3FEEFAF852CB87B77C4011AD3696DA7EF504619D4FB8B1F8245FA74E9E22FFA3EB103513BC98F4114B010D1A589C
Malicious:	false
Reputation:	unknown
URL:	https://login.okta.com/lib/discoveryIframe-f98a9db6985a9d6db326.min.js
Preview:	/! For license information please see discoveryIframe-f98a9db6985a9d6db326.min.js.LICENSE.txt /.var MyOkta="object"==typeof MyOkta?MyOkta:{};MyOkta.discoveryIframe=function(t){var n={};function r(e){if(n[e])return n[e].exports;var i=n[e]={i:e,l:!1,exports:{}};return t[e].call(i.exports,i,i.exports,r),i.l=!0,i.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var i in t)r.d(e,i,function(n){return t[n]}.bind(null,i));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 20052, version 2.197
Category:	downloaded
Size (bytes):	20052
Entropy (8bit):	7.987190378203376
Encrypted:	false
SSDEEP:
MD5:	3BF194F33D52C87EA38F13E04FD41950
SHA1:	28B8B4BD234DDE07B7EE63A6D32C6F275F03ECA1
SHA-256:	018930498A4B01E598099A6E45D7316D54C7B1411CE2B741A3B1F1B0ED4E578B
SHA-512:	704E1BBDC896EF6D9C0A39E540A8D543215C40F8B9B5EBB98049A2E376168DED4FDB1BBB784EDA5C0DA22ACF57E54E00747C0236C66642DD8BBC3ECD3DA8035C
Malicious:	false
Reputation:	unknown
URL:	https://ok3static.oktacdn.com/assets/loginpage/font/assets/proximanova-light-webfont.aba797dabec6686294a9.woff2
Preview:	wOF2......NT..........M.........................?FFTM..2..,....`..b.:..e.....l..B.6.$....X.. ..z..n.._?webf..)..oC..t..z2.9"...hl..:..l.0..o2.....C.....W.,....@$.aD.!.gE....4..+...EB.8}......./[4...._..a.5iEAWA.._.n.&..9.CN...&.........9d3y......h....L....M..<NW.F...e.n...O.#.s:.....}>....w.G.N...y.7m%..`. .D..x.~.....o...tBa~.P.$Qm. ...hx.$.Dw...@...[..tl.U.K6..k.%..5.#z..T.R.+e}....O..}...pI..m.6......../....>0..H..x.n...B.]..F.ODi. .........D....4..~....d...UUI....@.4....b...... .`T../.H./.A....C.".(.....q.#. .5......;-...m.^.Z.....6...P.........r.....a.....8.(K.y.zFr.....D^.tL5..B...P......FZ..=....L&.6..E.....)...g..].....w~...v....7.Q...5..M...1..z..R......f..:'.k.....;...:..+._M.......O+.^.G~L'.s..lgN.5...9,0.R....[LJ`.L...],5K.Q...7..&. .D..}.%.].......v....u.@.Y@. u.:..Q.').x..3..l.~...g....i.P:E.Q....w...K..~.....8#+33$$B..9........b+...4&.@.ww.-k'..fZ...E.bw..&..p.....N..+..S7..7...".....o . ........3{w".'...1....GJ\.......oFe..+..

Static File Info

⊘No static file info

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 78

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Static File Info

Windows Analysis Report
https://dallascounty.okta.com/tokens/NeVUAB-iI2cKWtW7tOCf/verify