Edit tour

Windows Analysis Report
https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNH

Overview

General Information

Sample URL:	https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdW
Analysis ID:	1611316
Infos:

Detection

KnowBe4

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected KnowBe4 simulated phishing

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2044,i,6871698712985736363,4680079741213650170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match

File source: 1.0.pages.csv, type: HTML

Source: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896 HTTP/1.1Host: 2fa.com-token-auth.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ== HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /helpimg/landing_pages/css/dd.css HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /helpimg/landing_pages/css/flags.css HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /managed_services/CrateandBarrelLogo.png HTTP/1.1Host: static.knowbe4.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /QRF01zv.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /helpimg/landing_pages/images/stoplookthink.jpg HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: account.secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /helpimg/landing_pages/images/stoplookthink.jpg HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /managed_services/CrateandBarrelLogo.png HTTP/1.1Host: static.knowbe4.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: account.secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: account.secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png HTTP/1.1Host: account.secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 2fa.com-token-auth.com
Source: global traffic	DNS traffic detected: DNS query: account.secured-login.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: static.knowbe4.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com

Source: chromecache_70.1.dr	String found in binary or memory: http://preview.training.knowbe4.com/XeHp0ZHREbkpPUUo5OFlhb0JEajBQSFFMVU8yK3hBUmhBM0FKamZlVnhsdkFEQll
Source: chromecache_72.1.dr	String found in binary or memory: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQU
Source: chromecache_70.1.dr	String found in binary or memory: https://i.imgur.com/QRF01zv.png
Source: chromecache_70.1.dr	String found in binary or memory: https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
Source: chromecache_70.1.dr	String found in binary or memory: https://s3.amazonaws.com/helpimg/landing_pages/css/flags.css
Source: chromecache_70.1.dr	String found in binary or memory: https://s3.amazonaws.com/helpimg/landing_pages/images/stoplookthink.jpg
Source: chromecache_70.1.dr	String found in binary or memory: https://static.knowbe4.com/managed_services/CrateandBarrelLogo.png
Source: chromecache_70.1.dr	String found in binary or memory: https://www.crateanbarrel.com/personnel/Jasen

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: classification engine

Classification label: mal48.phis.win@17/33@20/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2044,i,6871698712985736363,4680079741213650170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2044,i,6871698712985736363,4680079741213650170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://account.secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css	0%	Avira URL Cloud	safe
https://s3.amazonaws.com/helpimg/landing_pages/images/stoplookthink.jpg	0%	Avira URL Cloud	safe
https://static.knowbe4.com/managed_services/CrateandBarrelLogo.png	0%	Avira URL Cloud	safe
https://account.secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	0%	Avira URL Cloud	safe
https://account.secured-login.net/favicon.ico	0%	Avira URL Cloud	safe
https://www.crateanbarrel.com/personnel/Jasen	0%	Avira URL Cloud	safe
https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQU	0%	Avira URL Cloud	safe
http://preview.training.knowbe4.com/XeHp0ZHREbkpPUUo5OFlhb0JEajBQSFFMVU8yK3hBUmhBM0FKamZlVnhsdkFEQll	0%	Avira URL Cloud	safe
https://account.secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png	0%	Avira URL Cloud	safe
https://account.secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	0%	Avira URL Cloud	safe
https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css	0%	Avira URL Cloud	safe
https://s3.amazonaws.com/helpimg/landing_pages/css/flags.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3.amazonaws.com	16.182.38.208	true	false	high
static.knowbe4.com	18.66.147.27	true	false	high
www.google.com	142.250.186.164	true	false	high
landing.training.knowbe4.com	3.208.157.62	true	false	high
ipv4.imgur.map.fastly.net	199.232.192.193	true	false	high
2fa.com-token-auth.com	unknown	unknown	false	high
account.secured-login.net	unknown	unknown	false	high
i.imgur.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://account.secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false	Avira URL Cloud: safe	unknown
https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896	false		high
https://account.secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css	false	Avira URL Cloud: safe	unknown
https://account.secured-login.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==	false		unknown
https://static.knowbe4.com/managed_services/CrateandBarrelLogo.png	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/helpimg/landing_pages/images/stoplookthink.jpg	false	Avira URL Cloud: safe	unknown
https://account.secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png	false	Avira URL Cloud: safe	unknown
https://account.secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/helpimg/landing_pages/css/flags.css	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/QRF01zv.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQU	chromecache_72.1.dr	false	Avira URL Cloud: safe	unknown
http://preview.training.knowbe4.com/XeHp0ZHREbkpPUUo5OFlhb0JEajBQSFFMVU8yK3hBUmhBM0FKamZlVnhsdkFEQll	chromecache_70.1.dr	false	Avira URL Cloud: safe	unknown
https://www.crateanbarrel.com/personnel/Jasen	chromecache_70.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.232.192.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
54.231.170.152	unknown	United States	16509	AMAZON-02US	false
16.182.38.208	s3.amazonaws.com	United States	unknown	unknown	false
3.208.157.62	landing.training.knowbe4.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
18.66.147.27	static.knowbe4.com	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1611316
Start date and time:	2025-02-10 19:22:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@17/33@20/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.14, 172.217.16.195, 142.250.110.84, 142.250.74.206, 216.58.206.78, 142.250.186.142, 2.23.77.188, 217.20.57.19, 142.250.181.238, 172.217.16.206, 216.58.206.35, 142.250.184.238, 142.250.186.110, 4.175.87.197, 184.28.90.27, 13.107.246.44, 13.107.5.88, 40.126.31.3, 2.21.65.132
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://2fa.com-token-auth.com Model: Joe Sandbox AI	```json{ "brand": "Comtoken", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 3, "spoofed": 2, "reasoning": "The URL 'https://2fa.com-token-auth.com' does not closely resemble any well-known brand. The use of '2fa' suggests a focus on two-factor authentication, which is a common security feature, but it does not directly imply a connection to a specific brand. The domain 'com-token-auth.com' could be interpreted as a service related to authentication tokens, which is a legitimate use case. The structure of the URL does not strongly mimic any known brand's URL, and the use of 'com' as part of the domain name is not unusual enough to suggest typosquatting. The similarity score is low due to the lack of direct visual or structural resemblance to a specific brand, and the likelihood of it being a typosquatting attempt is also low, as the URL does not appear to be crafted to deceive users into thinking it is associated with a well-known brand."}
URL: https://2fa.com-token-auth.com
URL: https://account.secured-login.net/assets/applicati... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. The script is likely used for legitimate web development purposes and poses a low risk." }
/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[i.call(e)]\|\|"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|v(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==i.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i\|\|11===i?e.textContent:9===i?e.documentElement.textContent:3===i\|\|4===i?e.nodeValue:n},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|\|e).documentElement;return!l.test(t\|\|n&&n.nodeName\|\|"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va
URL: https://account.secured-login.net/pages/f2a999cc02... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that handles the behavior of a web page template preview. It performs common DOM manipulation tasks, such as appending elements, adding CSS classes, and managing tooltips. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical web development practices and does not exhibit any high-risk indicators. The script seems to be focused on enhancing the user experience and does not demonstrate any malicious intent." }
//<![CDATA[ $(document).ready(function() { $("#template_preview").appendTo("#template_sei"); $("#template_sei #template_preview").show(); $("x-sei").addClass('sei-flag'); $("x-sei").tooltip(); $("x-sei:not(#sei-footer)").attr('tabindex', 0); $("x-sei[generic='true']").tooltip('destroy'); $("#template_sei a").click(function( event ) { event.preventDefault(); }); $("#template_sei a:has(x-sei)").attr('tabindex', -1); $(".toggle-red-flags").on('click', () => { if (document.querySelectorAll('.tooltip').length > 0) { $("x-sei").tooltip('hide'); } else { let delay = 0; Array.from($("x-sei")).forEach(el => { setTimeout(() => { $(el).tooltip('show'); }, delay+=150); }); } }); }); //
URL: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwN Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Oops! You clicked on a simulated phishing test! You will be sent a Welcome email from KnowBe4 for phishing training. It is mandatory that you complete that training.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://account.secured-login.net Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 2, "spoofed": 3, "reasoning": "The URL 'https://account.secured-login.net' does not directly mimic a well-known brand. The use of 'account' and 'secured-login' could suggest a generic login service, but there is no clear indication of a specific brand being targeted. The domain 'secured-login.net' is generic and could be used for legitimate purposes, such as a security-focused service or tool. The structure does not closely resemble any specific brand's URL, and there are no obvious character substitutions or visual similarities to a known brand. The likelihood of this being a typosquatting attempt is low, as it does not closely mimic a specific brand's URL, but the generic nature of the terms used could potentially confuse users if they are expecting a specific service."}
URL: https://account.secured-login.net
URL: https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwN Model: Joe Sandbox AI	{ "brands": [ "Crate&Barrel" ] }
	{ "brands": [ "Crate&Barrel" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 10 17:23:03 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.99610404857946
Encrypted:	false
SSDEEP:	48:8SSdCTX78HHQcidAKZdA1JehwiZUklqehRy+3:8Srsr+y
MD5:	BD192AB63960EDFB10D314F279CDEB1B
SHA1:	AED5688C262BBF59728FD8BA25490ACBC88D3D30
SHA-256:	16055A683F3C66735BDFCBDD0EF55F65E7A99D967CD8575E0DDC2644DA6204DF
SHA-512:	B97B5F45870A4CB8967C68184E85A64B689226EDC099547AA2A0DBE2B9C06DB27E8FA303D48BC0E5E18AB4CE0A68F1A2DF924FC40A332106F4FB4F6A8A00B835
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....>...{......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VJZ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 10 17:23:03 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.011053590483634
Encrypted:	false
SSDEEP:	48:84SdCTX78HHQcidAKZdA10eh/iZUkAQkqehuy+2:84rsJ9Qzy
MD5:	71756E5C36F177F1A4B26EAEF719F2EC
SHA1:	E8297C0F5986F8918AFBC0C35889B8716C441EB7
SHA-256:	371303B2BE849628481B31935F164BEE1EDE6B90B29D5E3E08147011A5D8806A
SHA-512:	DB4AA75E441448D784F4708375A045B76221D5BC0B1F55DC5968A246CF4C61573EF875D4065DE9AF11B25F2A11BE46A4A0988F4FDF7345DD9EBD4CF5C89B849A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....d....{......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VJZ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.018991681077779
Encrypted:	false
SSDEEP:	48:8eSdCTX78jHQcidAKZdA14tIeh7sFiZUkmgqeh7sYy+BX:8ersFnqy
MD5:	17E0534166CCE7E32214A1B104A365D8
SHA1:	E4E928AF0E1A47AC946CFA3FF53B0B9F1A547767
SHA-256:	617AF03EE527DA6135106B62EDE18FBE1810C11A250CC8337764BAF8E1249F00
SHA-512:	D9B2F28CD41E0AAF62603AD18F7E18196C5654C11DFB3C3F042FEF0B4D48EF8715DB326958E300CE5A9EE65346E99B8AA0D243BBE984773CF267ACF461068CA2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 10 17:23:03 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.010592530063729
Encrypted:	false
SSDEEP:	48:8hSdCTX78HHQcidAKZdA1behDiZUkwqehCy+R:8hrs6Qy
MD5:	B9D06C499C0C3F4D79BA6C3B2F2AF39D
SHA1:	8F6E6FC1889BB5BE242B65AA2DA468141426B76C
SHA-256:	11F36EB9A3A1980194CE22422EE86987A38210722056210FFCF8B45B28FE2424
SHA-512:	195B547AA7C89F02CCA52D8C1587BF31DAEAF640B431A08D110905F051A87A8029D8D069516838852C7069A7A876221D4E19D94E54D6D32307F3896F01556E31
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....=...{......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VJZ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 10 17:23:03 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000649726072077
Encrypted:	false
SSDEEP:	48:8iSdCTX78HHQcidAKZdA1VehBiZUk1W1qehEy+C:8irsa9ky
MD5:	31593164248708B70A65D058E498A651
SHA1:	D911BD66FEE9EA43DB32AA0A1BBEC0297EA77A54
SHA-256:	9F52CAE89F43B2EFF85FBD966BEFA298E7870A78A51146857C0AA7449241E2BC
SHA-512:	FC3B91F8AEB3DE61EA3B26F10A95F7D72D21B420905D1905691D68E91A57FC955BA8A9C383BB4B5345CD702FE1A20621AAAA42EE13BEC361D28E2D59AC0EC2B1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....q...{......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VJZ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 10 17:23:03 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.012669894926756
Encrypted:	false
SSDEEP:	48:8wSdCTX78HHQcidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbqy+yT+:8wrsITTTbxWOvTbqy7T
MD5:	BC5B0E1EBFA3D2166D9584DA40B1860D
SHA1:	E8E2CEBA46228BB48FFA799CAD344221B470A01E
SHA-256:	D15390EA8D5CD797DABAECEA9D6AFAA8B1B1D2843994D4F5280C9743B52B9B88
SHA-512:	92F316B0A7248B44680DC5132051072DBBAA3C4AED483227FC50DAA7CC125FF5678F04EFE98288EB843B1B6A97AB46DEB7F40AF2C481E93AD22B1948C523D1F9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<...{......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IJZ.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJZ.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VJZ.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VJZ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VJZ............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........).D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 334x406, components 3
Category:	downloaded
Size (bytes):	26215
Entropy (8bit):	7.9453849905719185
Encrypted:	false
SSDEEP:	768:HUac4ouUhUGBgwj/VrMXV8BYmbydDCAdx:04XUhVxNMXKBYjdndx
MD5:	F8AC39EA88DB7F7B824BA6703458CB8E
SHA1:	5CA66C9C9941A149B4394C90AF81AB82110B14DE
SHA-256:	92A8C576146BC93A8C34BD32348CADEC152B3FE1DF030A358EC88C4F2FD07A34
SHA-512:	80DBEFAAF01EA5B59344ABB2C54C03E933BD4F237539E9E19EFD342725C47788BF08F0831D8D2FC7AE367BB13F34F1B42E8B6A09D362397BCB0EAFB981D4193A
Malicious:	false
Reputation:	low
URL:	https://s3.amazonaws.com/helpimg/landing_pages/images/stoplookthink.jpg
Preview:	......Exif..II.................Ducky.......P......Adobe.d...................................................................................................................................................N..............................................................................................!1Q..A..aq..."2...BRb#r...3...Ss$Cc....4T.t%....5&.7........................!.1AQaq......."2R...Bbr..#......3..CSc.%5.............?...].P(.....@.P(.....@...q.mg...i?a;..#y..O.3......S...3....SK...k.c.8..8g.....T.s......}....m;p...Vf..y).Oo......G1rf.......j..v?.k..e..Oy@.........-..r....:....Z&oyu,...b..c..#....8.jQ.I5...4.DC.]..j.g.\..PqC.A...W...z...Uo1v..j.....w..up{..+W8.+.X....{.i....3..S+...b....vU..XY.[d&\|dHGk....m..Z..plW...g..j;xc...Y.s....q.O.Wg.?.m.}.8.\|)`b...>t..EG........8...._t.)WF.L..N9z...\uw.1..+.......@.P(.....@.P(.....@.P(.....@.P(<...D5Hps..v;=.W....hz=.S1...Lm.y#.&....kE.....;(.........:M.B..t..pH...r.d,.mE.4.Lv.<....S.3.......T.DrDq

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (2162)
Category:	downloaded
Size (bytes):	94885
Entropy (8bit):	6.056735943303183
Encrypted:	false
SSDEEP:	1536:2YbYUgk3oG3RyFqBsRm/i6GkFc5FIF+pyjhG4lNi1U7+knYHp31lPSeq:gkRRyymPm
MD5:	CBA32DEB5BB05C46AB84E88AD40569CA
SHA1:	12D7FF5E2ACF145B45CD19540BD785E41AAE1C20
SHA-256:	BDE8F382E42AB45926D55B59856C648F61E74DB8B282868591594C14F203EF54
SHA-512:	C2AE9A0E0608025A81CD064A0C52CFFD0858FB9AAC96D828D94D263FF3D729C8D0B2C0F3569409110D55A56B285205E08138518DD10F5860466FF81D03059989
Malicious:	false
Reputation:	low
URL:	https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />. <link rel="stylesheet" href="/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css" media="all" />.. <script>.//<![CDATA[.. $(document).ready(function() {.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (483)
Category:	downloaded
Size (bytes):	537
Entropy (8bit):	5.846043145489213
Encrypted:	false
SSDEEP:	12:3R+xSKtic2fQM7hSdd6xWDRt+Pash+Au3KMm3w5CxWd4AEdeIQL:33KE3rGgWrIaw+PKHmDNEkj
MD5:	4DE7EECE261F227FC75F98D0AECAFDDA
SHA1:	A7D661322A9DF52F0ADCEE648A7472C348713ACE
SHA-256:	EE1059881621B15018719CD700C0ABCDE015871F93BA12B246828FD6D40F970F
SHA-512:	2A36DD03307E1FEEDB8E314FE96664805E86BE14F0C2D991243E18E120B4103A7D4FD39B49015CA8AAB6AE6C0E8C76E001F061A26C22B6316FA20106BD864953
Malicious:	false
Reputation:	low
URL:	https://2fa.com-token-auth.com/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==?cid=2399161896
Preview:	<html>. <head>. <script>window.location.href = 'https://account.secured-login.net/pages/f2a999cc0255ed490aca07e96810a28b/XaDg2clM2YnpKT1lnV2s1NzFwQUphUGNLajE5WkFsWG1aYVVxamhmckZlM3VwMkZkQktJNlMxazRhenRTMFdNdEdybll5UExNM0F1ODd5NU4rblJ3V1hKRVhTZDZDZGhUSHhiY2Z6RERJYjVHMVpKbHRuVnJQdjdTN0x5UFdWTVBDUi9jdEFwNlU1YnExRXJlK2FVeHRqZWx3TFU2WStPd0lMQnNvR2tzYjBLcXQ3cDJveUFabEYxUmk1dTFlYTRPZFN1aHdEMjNHZXUxaHRMOVdaeTBISklEMUpZME9nPT0tLWR0bHdLN3lqZUJPVVI5YnAtLXRpa1lsc2hYNnVaUkF4TVhXMTl2M1E9PQ==';</script>. </head>. <body>. </body>.</html>.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3168
Entropy (8bit):	7.704911325185365
Encrypted:	false
SSDEEP:	48:37TcgUFv95NwPpK+adjaoVaqzGfYdIO+bExaLM2uO+xVwvpoP:ftUFvdy8dXVaGNdIb1Lz8PwvpY
MD5:	A907E6E737788176B026FA71DFE8AFFE
SHA1:	6844236F638CEDCD652EB0A805476A1A13376CF5
SHA-256:	FC5E7621BA0E98C5C6728E3B2BDF802311C0A0953A05E60A7551CB0C7BED00A9
SHA-512:	3A17E66931A15B5C6553DAE241C5A7BB40240699F0608F92ED940CB203CBEA3031CB0FAC23F9C962F50D573F56DB27A3369F1A38ED1AEA0168D7E707803CA27A
Malicious:	false
Reputation:	low
URL:	https://account.secured-login.net/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png
Preview:	.PNG........IHDR.............>U....'IDATx..].\...e.!.H..B/J."""R..R....E)"../..".H..3s......&.O....d.QJ.L......P.m.U..u.Q..$.....}.5..M.....{.y.!A...\|.\|...3{.-M....m..~~....0.a...0..`...0........C...!`...0.a...0..<.z......w.tt<X.f..f.O.f./.(QK&s.t.{..z+.T..J..r.....3.....<r..../..Z.}.`..^.gGF6....p%.y^.,.R.....dr.c6/....w_[^........#G.j.7x...?.N.l..k.}...0< a..'.M...XO&g.....to......B..q~.......{....:...^H*QT..m..x.'..K}}.eu.&a........a..{...o..8.".-`Yi.p..zs........l........X-..tt<..=N&...H....&^...eE^M.9...U..gd..D;....gw.xL{.E.1..}}.+Q..U.......x.rO....V.8.,.n.p{...+............m...V.8.\|~``.\.........[.......>s...r......v$.+ctq...B{.A....L...j..T..K...b.V.y.M.Z....7T..8...e-.>...u...&`)..\|...... .....2...d....=:.N.~.....g%..x..5...7..-.l.e.........Y.u..=..l-...s.&.......r.vx.....{..e....).<1S(.\{>j.....+5.....kO...\|"Q-.r.k.I..........]i..!...W..._...=7[.[uo....sk....t[..B.a....\...X......7..\.96...F..]..]...M{.6..!..lv...V..C..p5..q.f

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 158, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	20217
Entropy (8bit):	7.976064268012866
Encrypted:	false
SSDEEP:	384:xNlMKDW14cJB4Ri7iDmTvN0BOlU6L9fDN47BmFyeestGw3jIZz:blTDwQiZtlU6LtDNO4XXq
MD5:	7DAB8570684D6575F34F508645B9953F
SHA1:	DA06B1764C8452D9BF2CE15F44D976D2A3B5A4EB
SHA-256:	0ECFBE99C21DFA73D727E51A4D9F7EA1CAF418E05BB941864108FB3542CF90CF
SHA-512:	D62671D3F2D7A3885E64C905A7FA527575297669FBD9AA41156085C6A88329122D29C507C79505ABA748241878D7F0A084EF561B6B33D72FFD9A1D97B021B60D
Malicious:	false
Reputation:	low
URL:	https://static.knowbe4.com/managed_services/CrateandBarrelLogo.png
Preview:	.PNG........IHDR... ..........4.1....iCCPICC Profile..H....P......}.$..........z(.t.....%.@P.+.+...HS.p...Z.Y+.X.T.. .....lX.....7.yg.~.7.;...s....Bf......i.LQ..;=:....0 .9..+6'C..........w}...o.Mi....j.\^...(..xn.'....x...2.@Q..L...CY^.&..)N...).....1a!..`..d6[...Y...8...y....._..T..ii.\...l...Q..g.....7.x.&..(.Z........W....--U<...:.I"..t.F..nJ.......f.....$.o.,s2<bf......M].0..\|o.D'..6....Y...H.J.y0g.-..W....'.X....Y..G,..P....._$..........-.=-.z.,...0_I...y..fF.$7...k.&\./.t..%L....R}$...P..L.B....a2./x.....6....h.f.VfN...\%.'&e.....Y...<......Sou....~...9_.~...C..9_\|1.-..(........@s;G,..a.>X@.T .T.&..F.....8.7...@..C3].8 ....X... ...`.(..@.....Q..N.......A/x...0x...;0.A...@4H...!S..b@......@.P.... 1.....CEP9T..A.B'.........Bc.k....dX.....0.f..p...N....p.......Cp3\|.......sx......h#f...@...$..!.<...F..6..... /.......c.0N._L8..Y.Y.)..cj1...m. f...K..cM..X.6...]...`.`O`/b{...w8.N.g.....q.....\.....7.....*xS.3>...g.s.e.C...[.a....A.`E.&....M..B=..

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1471
Entropy (8bit):	4.754611179426391
Encrypted:	false
SSDEEP:	24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
MD5:	15E89F9684B18EC43EE51F8D62A787C3
SHA1:	9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256:	16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512:	79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious:	false
Reputation:	low
URL:	https://account.secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Preview:	/* line 1, app/assets/stylesheets/landing-watermark.scss /..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../ line 4, app/assets/stylesheets/landing-watermark.scss /..watermark.left {. left: 0;.}../ line 7, app/assets/stylesheets/landing-watermark.scss /..watermark.right {. right: 0;.}../ line 10, app/assets/stylesheets/landing-watermark.scss /..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../ line 15, app/assets/stylesheets/landing-watermark.scss /..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../ line 24, app/assets/stylesheets/landing-watermark.scss /.#template_sei .watermark.left {. margin-left: -10px;.}../ li

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5934
Entropy (8bit):	4.931906350831601
Encrypted:	false
SSDEEP:	96:fiIg+VsCy59sZUAcYLoX9U0JePXOBaxAzi80JeaOV7Fzu/B3qn6dk/nGgje/mPFd:fiP+VbyPsZxcYLot7SXsaCQuu/Nq66/v
MD5:	134D934420B13974981A9634B7380865
SHA1:	18C01D3711CF8C21C1CD0CF544002358C1C929C6
SHA-256:	B3C447F15FCE33DFA869B9D2190364509EDE3937AE05B51BA394A78E28C244BA
SHA-512:	7FAE93AD1895DCF7CC58FC2C477BA51D3EB7D7B2884FE117E21C0A7E0160981EB53D23A6ACDA07DA594AF6984F52E1B57B6F157F84220729C7EEBF9AE062C092
Malicious:	false
Reputation:	low
URL:	https://account.secured-login.net/assets/sei-styles-1837e0b6e1baaf1af90438028a176241b70a365a8a09ff4bf668cf3bf9e3c759.css
Preview:	/* line 2, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag {. border-bottom: 2px solid tomato;. padding-left: 3px;.}../ line 6, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag::before {. content: ' ';. display: inline-block;. background: url(/assets/sei-flag-90af55d793544fe1893f26677661a4252761afbe811fab0eced85c67bc82f984.png) no-repeat;. background-size: contain;. height: 12px;. width: 12px;. margin: 0 .1rem;.}../ line 16, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag[generic='true'] {. display: block;. border-bottom: 0px;.}../ line 21, app/assets/stylesheets/sei-styles.scss /.x-sei.sei-flag[generic='true']::after {. font-family: "Courier New", Courier, monospace;. line-height: 1.8;. color: #b65555;. font-weight: bold;. content: attr(data-original-title);.}../ line 29, app/assets/stylesheets/sei-styles.scss */.x-sei.sei-flag[generic='true']::before {. content: ' ';. display: inline-block;. background: url(/assets/dark-flag-2846d82c5

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10295)
Category:	downloaded
Size (bytes):	10296
Entropy (8bit):	4.876678690742844
Encrypted:	false
SSDEEP:	192:WLgclXZtCZYjLHgQksZzRBc3quP4ydxioPB1ePvQnR9cT98jCKnhmb/y0UmWp2Nd:6NPf
MD5:	0893E60889D2172A6361B919D8C203DC
SHA1:	EF83F5E4F31BE018DCD0B236FCAA28EF7F3FF8C8
SHA-256:	23714601639230B9AD2BC2728040A5E760FA5B0500DFB76E552BCB29FCBB7A62
SHA-512:	D62DC11EC26C495F9AE8FBF91913CD924D9973A47CD73E147047059142C92F49EABF702C673237AD48A6E63BE68D27150DB4425D03B9BE13332C811A760C47F3
Malicious:	false
Reputation:	low
URL:	https://s3.amazonaws.com/helpimg/landing_pages/css/flags.css
Preview:	.flag{float:left;padding:0 !important;margin:0 5px 0 0;width:16px;height:11px;background:url(https://s3.amazonaws.com/helpimg/landing_pages/images/flagssprite_small.png) no-repeat;}.flag.ad{background-position:0 0}.flag.ae{background-position:0 -11px}.flag.af{background-position:0 -22px}.flag.ag{background-position:0 -33px}.flag.ai{background-position:0 -44px}.flag.al{background-position:0 -55px}.flag.am{background-position:0 -66px}.flag.an{background-position:0 -77px}.flag.ao{background-position:0 -88px}.flag.ar{background-position:0 -99px}.flag.as{background-position:0 -110px}.flag.at{background-position:0 -121px}.flag.au{background-position:0 -132px}.flag.aw{background-position:0 -143px}.flag.ax{background-position:0 -154px}.flag.az{background-position:0 -165px}.flag.ba{background-position:0 -176px}.flag.bb{background-position:0 -187px}.flag.bd{background-position:0 -198px}.flag.be{background-position:0 -209px}.flag.bf{background-position:0 -220px}.flag.bg{background-position:0 -231

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
URL:	https://account.secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 334x406, components 3
Category:	dropped
Size (bytes):	26215
Entropy (8bit):	7.9453849905719185
Encrypted:	false
SSDEEP:	768:HUac4ouUhUGBgwj/VrMXV8BYmbydDCAdx:04XUhVxNMXKBYjdndx
MD5:	F8AC39EA88DB7F7B824BA6703458CB8E
SHA1:	5CA66C9C9941A149B4394C90AF81AB82110B14DE
SHA-256:	92A8C576146BC93A8C34BD32348CADEC152B3FE1DF030A358EC88C4F2FD07A34
SHA-512:	80DBEFAAF01EA5B59344ABB2C54C03E933BD4F237539E9E19EFD342725C47788BF08F0831D8D2FC7AE367BB13F34F1B42E8B6A09D362397BCB0EAFB981D4193A
Malicious:	false
Reputation:	low
Preview:	......Exif..II.................Ducky.......P......Adobe.d...................................................................................................................................................N..............................................................................................!1Q..A..aq..."2...BRb#r...3...Ss$Cc....4T.t%....5&.7........................!.1AQaq......."2R...Bbr..#......3..CSc.%5.............?...].P(.....@.P(.....@...q.mg...i?a;..#y..O.3......S...3....SK...k.c.8..8g.....T.s......}....m;p...Vf..y).Oo......G1rf.......j..v?.k..e..Oy@.........-..r....:....Z&oyu,...b..c..#....8.jQ.I5...4.DC.]..j.g.\..PqC.A...W...z...Uo1v..j.....w..up{..+W8.+.X....{.i....3..S+...b....vU..XY.[d&\|dHGk....m..Z..plW...g..j;xc...Y.s....q.O.Wg.?.m.}.8.\|)`b...>t..EG........8...._t.)WF.L..N9z...\uw.1..+.......@.P(.....@.P(.....@.P(.....@.P(<...D5Hps..v;=.W....hz=.S1...Lm.y#.&....kE.....;(.........:M.B..t..pH...r.d,.mE.4.Lv.<....S.3.......T.DrDq

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1666
Entropy (8bit):	7.843362903299294
Encrypted:	false
SSDEEP:	48:1E3hTvNbvJkGGv0nnr5I2rk5boP0gD6EaTMN:1ERb+cr5Z1P0gD6/a
MD5:	29D583007FCD677AA31CA849478BC17A
SHA1:	F354E323218A450060852C344927C3E79D8E7B66
SHA-256:	120EE096F38C1E21083054C15F0F8CFBB02B6740A01D98068E3BE9581E83D453
SHA-512:	4AFC2641D96D1C372D091FD795D39C1AF12149B5EB30DA7BEE6FBFEA0650841067B7D259473BF65706CDD42D1EDF1CC5673B5F5556D1E91F8AE32976490A7E4D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...<...<.....:..r...IIDATh..{.VE.....Y.E.......Uv.B....=. {....ee....G.%....H/).UR1[.G...d...._m......~:.\|.13..~.e.;s...;g......&g.@..w.G..K......{.u+..^...k.....s+...e..R.z...."..............l.z......C.......V.#.}.5(..f5.N`.......e&3".x..g..w..C.......T\|...v"w..Q>-(/2.x.A.L..!....r..noB..g\|...\|.\....U.T...<3.N-...rU.bp%.<.CE........k....0C..\|.Sw~.g....!....uf+y.KG.O+Y.h&.....F.......sB...7.\|;.r\|..\o......;.$...i.wC.ICO.n.h....AJ.N.+.T).........)9..y..?.hs%.".B..k....#.S.....:..!o..Z...\|.w2....a..+y.e;..A...x.p+2G/!..1..jTr.S...S.....D.<.G.z.+2..E..>.Z6L.......e.2..R..3...~..%.C.!..f..s.'.;.M...5..k.1..L._B.vA_\|.c{......{.......d...Y.'Q.TS:.7.......\|...,.:..-...#.V.*NA..&...iO.....SEE.kW!.y.p.y.m..6b..@=.,.n..i,....q..W...w.f..bg.`\|......3.:.K.<..I.[....a..}..%_....{...~..j...)......n}m[...u...._....{....,.t.[ ..g.....&.v.j..2.r5.r5.B..jp..v-.j./.....c.s..$q@..z...oo..g?.z...%..gW.......}.6h....U....o.u.])]..@B);.o.V

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3168
Entropy (8bit):	7.704911325185365
Encrypted:	false
SSDEEP:	48:37TcgUFv95NwPpK+adjaoVaqzGfYdIO+bExaLM2uO+xVwvpoP:ftUFvdy8dXVaGNdIb1Lz8PwvpY
MD5:	A907E6E737788176B026FA71DFE8AFFE
SHA1:	6844236F638CEDCD652EB0A805476A1A13376CF5
SHA-256:	FC5E7621BA0E98C5C6728E3B2BDF802311C0A0953A05E60A7551CB0C7BED00A9
SHA-512:	3A17E66931A15B5C6553DAE241C5A7BB40240699F0608F92ED940CB203CBEA3031CB0FAC23F9C962F50D573F56DB27A3369F1A38ED1AEA0168D7E707803CA27A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............>U....'IDATx..].\...e.!.H..B/J."""R..R....E)"../..".H..3s......&.O....d.QJ.L......P.m.U..u.Q..$.....}.5..M.....{.y.!A...\|.\|...3{.-M....m..~~....0.a...0..`...0........C...!`...0.a...0..<.z......w.tt<X.f..f.O.f./.(QK&s.t.{..z+.T..J..r.....3.....<r..../..Z.}.`..^.gGF6....p%.y^.,.R.....dr.c6/....w_[^........#G.j.7x...?.N.l..k.}...0< a..'.M...XO&g.....to......B..q~.......{....:...^H*QT..m..x.'..K}}.eu.&a........a..{...o..8.".-`Yi.p..zs........l........X-..tt<..=N&...H....&^...eE^M.9...U..gd..D;....gw.xL{.E.1..}}.+Q..U.......x.rO....V.8.,.n.p{...+............m...V.8.\|~``.\.........[.......>s...r......v$.+ctq...B{.A....L...j..T..K...b.V.y.M.Z....7T..8...e-.>...u...&`)..\|...... .....2...d....=:.N.~.....g%..x..5...7..-.l.e.........Y.u..=..l-...s.&.......r.vx.....{..e....).<1S(.\{>j.....+5.....kO...\|"Q-.r.k.I..........]i..!...W..._...=7[.[uo....sk....t[..B.a....\...X......7..\.96...F..]..]...M{.6..!..lv...V..C..p5..q.f

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 158, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20217
Entropy (8bit):	7.976064268012866
Encrypted:	false
SSDEEP:	384:xNlMKDW14cJB4Ri7iDmTvN0BOlU6L9fDN47BmFyeestGw3jIZz:blTDwQiZtlU6LtDNO4XXq
MD5:	7DAB8570684D6575F34F508645B9953F
SHA1:	DA06B1764C8452D9BF2CE15F44D976D2A3B5A4EB
SHA-256:	0ECFBE99C21DFA73D727E51A4D9F7EA1CAF418E05BB941864108FB3542CF90CF
SHA-512:	D62671D3F2D7A3885E64C905A7FA527575297669FBD9AA41156085C6A88329122D29C507C79505ABA748241878D7F0A084EF561B6B33D72FFD9A1D97B021B60D
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ..........4.1....iCCPICC Profile..H....P......}.$..........z(.t.....%.@P.+.+...HS.p...Z.Y+.X.T.. .....lX.....7.yg.~.7.;...s....Bf......i.LQ..;=:....0 .9..+6'C..........w}...o.Mi....j.\^...(..xn.'....x...2.@Q..L...CY^.&..)N...).....1a!..`..d6[...Y...8...y....._..T..ii.\...l...Q..g.....7.x.&..(.Z........W....--U<...:.I"..t.F..nJ.......f.....$.o.,s2<bf......M].0..\|o.D'..6....Y...H.J.y0g.-..W....'.X....Y..G,..P....._$..........-.=-.z.,...0_I...y..fF.$7...k.&\./.t..%L....R}$...P..L.B....a2./x.....6....h.f.VfN...\%.'&e.....Y...<......Sou....~...9_.~...C..9_\|1.-..(........@s;G,..a.>X@.T .T.&..F.....8.7...@..C3].8 ....X... ...`.(..@.....Q..N.......A/x...0x...;0.A...@4H...!S..b@......@.P.... 1.....CEP9T..A.B'.........Bc.k....dX.....0.f..p...N....p.......Cp3\|.......sx......h#f...@...$..!.<...F..6..... /.......c.0N._L8..Y.Y.)..cj1...m. f...K..cM..X.6...]...`.`O`/b{...w8.N.g.....q.....\.....7.....*xS.3>...g.s.e.C...[.a....A.`E.&....M..B=..

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4524
Entropy (8bit):	5.108931295370594
Encrypted:	false
SSDEEP:	96:AG5XS7vBkRVkhmRaM44/HLPRaByA+zBRNI:AG5XABkAhmRaM44/H1CyrBRNI
MD5:	DD05B711E15EF201B07E20CB5C87F5D8
SHA1:	41B818B243140D90DA4CA917D454335B603A6BDA
SHA-256:	617F793D125F780AB7BB7C9E92AB427D9E757083E7368E241E8E8FA69F013E4F
SHA-512:	243C149BB8AAF5376EEBAC49833A59F75BA26BEC098AFD8A167D12BDACD3E80D98EE1DA1D82915CC7E4C7FAC747FBFF5D2D687D97F20BDF5C81D67CFA0620F39
Malicious:	false
Reputation:	low
URL:	https://s3.amazonaws.com/helpimg/landing_pages/css/dd.css
Preview:	.borderRadius{-moz-border-radius:5px; border-radius:5px; }...borderRadiusTp{-moz-border-radius:5px 5px 0 0; border-radius:5px 5px 5px 5px;}...borderRadiusBtm{-moz-border-radius:0 0 5px 5px ; border-radius:5px 5px 5px 5px;}.....ddcommon {position:relative;display:-moz-inline-stack; zoom:1; display:inline-block; display:inline; cursor:default;}...ddcommon ul{padding:0;margin:0;}...ddcommon ul li{list-style-type:none;}...borderRadiusTp ul li:last-child{-moz-border-radius:0 0 5px 5px ; border-radius:0 0 5px 5px;border-bottom:0 none #c3c3c3; }...borderRadiusBtm ul li:first-child{-moz-border-radius:5px 5px 0 0; border-radius:5px 5px 0 0 ;border-bottom:1 solid #c3c3c3; }.....ddcommon .disabled img, .ddcommon .disabled span, .ddcommon.disabledAll{..opacity: .5; / standard: ff gt 1.5, opera, safari /..-ms-filter:"alpha(opacity=50)"; / ie 8 /..filter:alpha(opacity=50); / ie lt 7 /..-khtml-opacity:.5; / safari 1.x /..-moz-opacity:.5; / ff lt 1.5, netscape */..color:#999999;..}...ddcommo

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84