Loading ...

Play interactive tourEdit tour

Analysis Report COVID-19 SAFETY CLEANING TRAINING.pptx

Overview

General Information

Sample Name:COVID-19 SAFETY CLEANING TRAINING.pptx
MD5:271c10bb3a837215416c84fa9d9cb15f
SHA1:765f0c30b07270a3257ec2e367425d2d4a7e01c9
SHA256:dfca096115050070d637b32f94da53576668392eeed0476e37c8abc3e1a07890

Most interesting Screenshot:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Domain name seen in connection with other malware
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Sample searches for specific file, try point organization specific fake files to the analysis machine
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Startup

  • System is w7
  • POWERPNT.EXE (PID: 3816 cmdline: 'C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE' /AUTOMATION -Embedding MD5: 0F144ECA8CFEC8882A3809D176886255)
  • iexplore.exe (PID: 3944 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: CA1F703CD665867E8132D2946FB55750)
    • ie4uinit.exe (PID: 3956 cmdline: 'C:\Windows\System32\ie4uinit.exe' -ShowQLIcon MD5: 184C8F06D073803490CDA3954C489A36)
    • iexplore.exe (PID: 4040 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3944 CREDAT:275457 /prefetch:2 MD5: CA1F703CD665867E8132D2946FB55750)
      • ssvagent.exe (PID: 2056 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new MD5: 0953A0264879FD1E655B75B63B9083B7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior

Source: Joe Sandbox ViewDomain Name: mboxedge37.tt.omtrdc.net mboxedge37.tt.omtrdc.net
Source: Joe Sandbox ViewIP Address: 104.244.42.2 104.244.42.2
Source: Joe Sandbox ViewIP Address: 93.184.220.66 93.184.220.66
Source: Joe Sandbox ViewIP Address: 93.184.220.66 93.184.220.66
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F8A8965.pngJump to behavior
Source: twitter-cookies[1].htm.4.drString found in binary or memory: and the <a href="https://www.periscope.tv/content" target="_blank" rel="nofollow noopener noreferrer">Periscope Community Guidelines</a>.</li><li>For example, these technologies help authenticate your access to Twitter and Periscope and prevent unauthorized parties from accessing your account. They also let us show you appropriate content through our services.</li></ul> equals www.twitter.com (Twitter)
Source: unknownDNS traffic detected: queries for: twitter.com
Source: vendors~main.805584a4[1].js.4.drString found in binary or memory: http://git.io/TrdQbw
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: http://ogp.me/ns#
Source: twitter-cookies[1].htm.4.drString found in binary or memory: http://optout.aboutads.info/#/
Source: twitter-cookies[1].htm.4.drString found in binary or memory: http://optout.networkadvertising.org/#/
Source: satellite-5c7da9f964746d7044000593[1].js.4.drString found in binary or memory: http://pajhome.org.uk/crypt/md5
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: http://schema.org
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://about.twitter.com
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://about.twitter.com/en_us/advocacy.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://about.twitter.com/en_us/company.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://about.twitter.com/en_us/company/brand-resources.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://about.twitter.com/en_us/safety.html
Source: twitter-supported-browsers[1].htm.4.dr, imagestore.dat.4.drString found in binary or memory: https://abs.twimg.com/favicons/favicon.ico
Source: imagestore.dat.4.drString found in binary or memory: https://abs.twimg.com/favicons/twitter.ico
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/i18n-horizon/en.4754b204.js
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/i18n-rweb/en.0befc7f4.js
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/icon-ios.8ea219d4.png
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/icon-svg.9e211f64.svg
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/main.a7be8724.js
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/polyfills.675e3184.js
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://abs.twimg.com/responsive-web/web/vendors~main.805584a4.js
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://ads.twitter.com?ref=en-btc-gobal-footer
Source: google-analytics[1].js0.4.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://blog.twitter.com/developer
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://blog.twitter.com/en_us/tags.blog--marketing.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://blog.twitter.com/engineering
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://blog.twitter.com/official/en_us.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://blog.twitter.com/small-business
Source: satellite-5c7da9f964746d7044000593[1].js.4.drString found in binary or memory: https://blueimp.net
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://business.twitter.com
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://business.twitter.com/en/advertising.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://business.twitter.com/en/analytics.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://business.twitter.com/en/help.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://business.twitter.com/en/targeting.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://careers.twitter.com/en.html
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/common-twitter/clientlib-u12-data-protection-notice.
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/help-twitter/public/css/main.css.cdnversion.15927021
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/help-twitter/public/css/print.css.cdnversion.1592702
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://dev.twitter.com/
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://dev.twitter.com/community
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://dev.twitter.com/overview/documentation
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://dev.twitter.com/web/overview/privacy
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Source: satellite-5c7da9f964746d7044000593[1].js.4.drString found in binary or memory: https://github.com/blueimp/JavaScript-MD5
Source: clientlib-u12-data-protection-notice.min[1].js.4.drString found in binary or memory: https://github.com/js-cookie/js-cookie
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://help.twitter.c
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://help.twitter.cHA_DOL/status/1258118082758754304?s=20
Source: twitter-supported-browsers[1].htm.4.dr, print.css.cdnversion.1592702139[1].css.4.drString found in binary or memory: https://help.twitter.com
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/ar/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/ar/using-twitter/twitter-supported-browsers
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/contact-us
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/brand/logo.png
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/logos/card_small_orange.png
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/twitter-logo.png
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/de/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/de/using-twitter/twitter-supported-browsers
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/a-safer-twitter
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/contact-us
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/glossary
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#account-settings
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#deactivate-and-reactivate-accounts
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#login-and-password
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#notifications
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#suspended-accounts
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#username-email-and-phone
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/managing-your-account#verified-accounts
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/new-user-faq
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies#general-policies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies#law-enforcement-guildelines
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies#research-and-experiments
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies#twitter-rules
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies/twitter-cookies
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://help.twitter.com/en/rules-and-policies/twitter-cookiesVOur
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security#abuse
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security#ads-and-data-privacy
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security#hacked-account
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security#sensitive-content
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/safety-and-security#spam-and-fake-accounts
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/twitter-guide
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#adding-content-to-your-tweet
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#blocking-and-muting
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#direct-messages
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#following-people-and-groups
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#search-and-trends
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#tweets
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#twitter-on-your-device
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#using-periscope
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter#website-and-app-integrations
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/en/using-twitter/twitter-supported-browsers
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://help.twitter.com/en/using-twitter/twitter-supported-browsersHAbout
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/es/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/es/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/fr/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/fr/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/gu/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/gu/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/id/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/id/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/it/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/it/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/ja/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/ja/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/kn/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/kn/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/ko/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/ko/using-twitter/twitter-supported-browsers
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/managing-your-account
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/mr/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/mr/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/nl/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/nl/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/pt/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/pt/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/ru/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/ru/using-twitter/twitter-supported-browsers
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/rules-and-policies
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/safety-and-security
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/ta/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/ta/using-twitter/twitter-supported-browsers
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/tr/rules-and-policies/twitter-cookies
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://help.twitter.com/tr/using-twitter/twitter-supported-browsers
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://help.twitter.com/using-twitter
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://investor.twitterinc.com/
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://marketing.twitter.com
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://marketing.twitter.com/na/en/collections.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://marketing.twitter.com/na/en/insights.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://marketing.twitter.com/na/en/solutions.html
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://marketing.twitter.com/na/en/success-stories.html
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://mobile.twitter.com/i/nojs_router?path=%2FOSHA_DOL%2Fstatus%2F1258118082758754304%3Fs%3D20
Source: satellite-5c7da9f964746d7044000593[1].js.4.drString found in binary or memory: https://opensource.org/licenses/MIT
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://platform.twitter.com/widgets.js
Source: widgets[1].js.4.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: google-analytics[1].js0.4.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: google-analytics[1].js0.4.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://support.twitter.com/forms/get_help_now
Source: ondemand.Dropdown.990a8824[1].js.4.drString found in binary or memory: https://ton.smf1.twitter.com/responsive-web-internal/sourcemaps/web/ondemand.Dropdown.990a8824.js.ma
Source: bundle.NetworkInstrument.476bd334[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/bundle.NetworkInstrument.476bd334.js.
Source: en.0befc7f4[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/en.0befc7f4.js.map
Source: en.4754b204[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/en.4754b204.js.map
Source: loader.AppModules.fa5d30d4[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/loader.AppModules.fa5d30d4.js.map
Source: main.a7be8724[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/main.a7be8724.js.map
Source: ondemand.BranchSdk.3e285644[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/ondemand.BranchSdk.3e285644.js.map
Source: ondemand.EmojiPicker.1b2bf5a4[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/ondemand.EmojiPicker.1b2bf5a4.js.map
Source: ondemand.emoji.en.07097c44[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/ondemand.emoji.en.07097c44.js.map
Source: polyfills.675e3184[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/polyfills.675e3184.js.map
Source: sharedCore.bef92fd4[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/sharedCore.bef92fd4.js.map
Source: vendors~main.805584a4[1].js.4.drString found in binary or memory: https://ton.twitter.com/responsive-web-internal/sourcemaps/web/vendors~main.805584a4.js.map
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.c.com/OSHA_DOL/status/1258118082758754304?s=20
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.cRoot
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.com/OSHA_DOL/status/1258118082758754304?s=20
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.com/OSHA_DOL/status/1258118082758754304?s=20Root
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.com/en/rules-and-policies/twitter-cookiesRoot
Source: {4133B393-BA35-11EA-B813-B2C276BF9C88}.dat.2.drString found in binary or memory: https://twitter.com/en/using-twitter/twitter-supported-browsersRoot
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com/login?redirect_after_login=https://help.twitter.com/en/rules-and-policies/twitte
Source: twitter-supported-browsers[1].htm.4.drString found in binary or memory: https://twitter.com/login?redirect_after_login=https://help.twitter.com/en/using-twitter/twitter-sup
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com/logout
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ar
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;bg
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;bn
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ca
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;cs
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;da
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;de
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;el
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;en
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;en-GB
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;es
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;eu
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;fa
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;fi
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;fr
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ga
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;gl
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;gu
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;he
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;hi
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;hr
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;hu
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;id
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;it
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ja
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;kn
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ko
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;mr
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ms
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;nb
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;nl
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;pl
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;pt
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ro
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ru
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;sk
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;sr
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;sv
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ta
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;th
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;tl
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;tr
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;uk
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;ur
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;vi
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;zh
Source: 1258118082758754304[1].htm.4.drString found in binary or memory: https://twitter.com/osha_dol/status/1258118082758754304?lang&#x3D;zh-Hant
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com/privacy
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com/tos
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://twitter.com/your_twitter_data
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://twittercommunity.com/
Source: google-analytics[1].js0.4.drString found in binary or memory: https://www.google-analytics.com/analytics
Source: google-analytics[1].js0.4.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: google-analytics[1].js0.4.drString found in binary or memory: https://www.google-analytics.com/u/d
Source: google-analytics[1].js0.4.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: google-analytics[1].js0.4.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://www.google.com/settings/u/0/ads/authenticated
Source: twitter-cookies[1].htm.4.drString found in binary or memory: https://www.periscope.tv/content
Source: twitter-supported-browsers[1].htm.4.dr, twitter-cookies[1].htm.4.drString found in binary or memory: https://www.twitterflightschool.com/sl/382652bc
Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
Source: unknownNetwork traffic detected: HTTP traffic on port 49195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
Source: unknownNetwork traffic detected: HTTP traffic on port 49190 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
Source: unknownNetwork traffic detected: HTTP traffic on port 49194 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49160 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
Source: unknownNetwork traffic detected: HTTP traffic on port 49187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49160
Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49193 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49159 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49159
Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49194
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49190
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443

Source: classification engineClassification label: clean2.winPPTX@8/172@11/9
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEFile created: C:\Users\user\Desktop\~$COVID-19 SAFETY CLEANING TRAINING.pptxJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD6DD.tmpJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\ie4uinit.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE 'C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE' /AUTOMATION -Embedding
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Windows\System32\ie4uinit.exe 'C:\Windows\System32\ie4uinit.exe' -ShowQLIcon
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3944 CREDAT:275457 /prefetch:2
Source: unknownProcess created: C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Windows\System32\ie4uinit.exe 'C:\Windows\System32\ie4uinit.exe' -ShowQLIconJump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3944 CREDAT:275457 /prefetch:2Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -newJump to behavior
Source: C:\Windows\System32\ie4uinit.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32Jump to behavior
Source: C:\Windows\System32\ie4uinit.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide5.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide6.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide7.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide8.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide9.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide10.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide11.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide12.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide13.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide14.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide15.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide16.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide17.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide18.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide19.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide20.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide21.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide22.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide23.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide24.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide25.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide26.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide27.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide28.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide29.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide30.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide31.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide32.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide33.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide34.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide35.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide36.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide37.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide38.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide39.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide40.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide41.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide42.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide43.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide44.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide45.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide46.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide47.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide48.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide49.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide50.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide51.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide52.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide53.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/slide54.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/data1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/layout1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/quickStyle1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/colors1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/drawing1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/data2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/layout2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/quickStyle2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/colors2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/drawing2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/data3.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/layout3.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/quickStyle3.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/colors3.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/diagrams/drawing3.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image1.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/notesSlides/notesSlide1.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/notesSlides/notesSlide2.xml
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image3.jpg
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image4.emf
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image5.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image7.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image9.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image11.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image13.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image15.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image17.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image19.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image21.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image23.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image25.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image27.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image29.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/media/image39.png
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide5.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide6.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide7.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide8.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide9.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide10.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide11.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide12.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide13.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide14.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide15.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide16.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide17.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide18.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide19.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide20.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide21.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide22.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide23.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide24.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide25.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide26.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide27.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide28.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide29.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide30.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide31.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide32.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide33.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide34.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide35.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide36.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide37.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide38.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide39.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide40.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide41.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide42.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide43.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide44.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide45.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide46.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide47.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide48.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide49.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide50.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide51.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide52.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide53.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/slides/_rels/slide54.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/notesSlides/_rels/notesSlide1.xml.rels
Source: COVID-19 SAFETY CLEANING TRAINING.pptxInitial sample: OLE zip file path = ppt/notesSlides/_rels/notesSlide2.xml.rels
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\PowerPoint\Resiliency\StartupItemsJump to behavior
Source: COVID-19 SAFETY CLEANING TRAINING.pptxStatic file information: File size 3519830 > 1048576
Source: C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dllJump to behavior