Play interactive tour

Edit tour

Analysis Report https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST

Overview

General Information

Sample URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST
Analysis ID:	331978
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML title does not match URL

Classification

Startup

System is w10x64

iexplore.exe (PID: 4116 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5764 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4116 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: Iframe src: javascript:''
Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: Iframe src: javascript:''

Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: Title: Log In does not match URL
Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: Title: Log In does not match URL

Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: No <meta name="author".. found
Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: No <meta name="author".. found

Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: No <meta name="copyright".. found
Source: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	HTTP Parser: No <meta name="copyright".. found

Source: unknown

DNS traffic detected: queries for: webadv-prod.cloud.rsccd.edu

Source: WBMAIN[1].htm0.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN
Source: WBMAIN[1].htm0.3.dr, WBMAIN[1].htm1.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&TYPE=M&PID=CORE-WB
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&type=M&constituenc
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&type=P&pid=UT-LGRQ
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN&TOKENIDX=8766656380
Source: WBMAIN[1].htm0.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN
Source: WBMAIN[1].htm1.3.dr	String found in binary or memory: HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN&TOKENIDX=876665
Source: WebAdvisor_scripts[1].js.3.dr	String found in binary or memory: http://dtelwasql.rsccd.org/WATEST2/WATEST2?
Source: WebAdvisor_scripts[1].js.3.dr	String found in binary or memory: http://dtelwasql.rsccd.org/WATEST2/WATEST2?TOKENIDX=410501587&TYPE=M&constituency=WBST&pid=CORE-WBST
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: http://registertovote.ca.gov/?t=s
Source: contactus[1].htm.3.dr	String found in binary or memory: http://www.sac.edu/StudentServices/AdmissionsRecords/Pages/default.aspx
Source: contactus[1].htm.3.dr	String found in binary or memory: http://www.sccollege.edu/StudentServices/Admissions/Pages/ContactUsinAdmissionsRecords.aspx
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: https://accountmanager.rsccd.edu/LDAPAccountManager/changePasswor
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cl
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/E8014BF080CFA94EA18582742F9D483D.cache.html
Source: ~DF0D2D0FC300E0E516.TMP.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=C
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF0D2D0FC300E0E516.TMP.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBSTR
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBSTo
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF0D2D0FC300E0E516.TMP.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fweba
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html
Source: {5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html$Contact
Source: ~DF0D2D0FC300E0E516.TMP.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html56380&SS=2&APP=ST&CONSTITUENCY=WBST
Source: ~DF0D2D0FC300E0E516.TMP.2.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html56380&SS=2&APP=ST&CONSTITUENCY=WBST638
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/passchange.html
Source: imagestore.dat.3.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://webadv-prod.cloud.rsccd.edu/favicon.ico~
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: https://www.rsccd.edu/WBMAIN/Images/SAC-SCC-logos.gif
Source: WBMAIN[2].htm.3.dr	String found in binary or memory: https://www.rsccd.edu/WBMAIN/Images/voter_registration_button.
Source: contactus[1].htm.3.dr	String found in binary or memory: https://www.rsccd.edu/webadvisor

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: clean1.win@3/29@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF8348648A35F74BE0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4116 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4116 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://webadv-prod.cl	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
webadv-prod.cloud.rsccd.edu	35.160.239.228	true	false	high
www.rsccd.edu	204.75.250.153	true	false	high
favicon.ico	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html	false	high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=CORE-WBMAIN	false	high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fwebadv-prod.cloud.rsccd.edu%3A443%2FWBMAIN%2FWBMAIN%3FTYPE%3DM%26PID%3DCORE-WBMAIN%26TOKENIDX%3D8766656380&CONSTITUENCY=WBST	false	high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=CORE-WBST	false	high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://webadv-prod.cloud.rsccd.edu/favicon.ico~	imagestore.dat.3.dr	false		high
https://www.rsccd.edu/WBMAIN/Images/SAC-SCC-logos.gif	WBMAIN[2].htm.3.dr	false		high
https://www.rsccd.edu/webadvisor	contactus[1].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&TYPE=M&PID=CORE-WB	WBMAIN[2].htm.3.dr	false		high
http://registertovote.ca.gov/?t=s	WBMAIN[2].htm.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBSTo	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF0D2D0FC300E0E516.TMP.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/passchange.html	WBMAIN[2].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&type=P&pid=UT-LGRQ	WBMAIN[2].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/favicon.ico	imagestore.dat.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&	WBMAIN[1].htm0.3.dr, WBMAIN[1].htm1.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=C	~DF0D2D0FC300E0E516.TMP.2.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TOKENIDX=8766656380&type=M&constituenc	WBMAIN[2].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN&TOKENIDX=876665	WBMAIN[1].htm1.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html56380&SS=2&APP=ST&CONSTITUENCY=WBST638	~DF0D2D0FC300E0E516.TMP.2.dr	false		high
http://www.sac.edu/StudentServices/AdmissionsRecords/Pages/default.aspx	contactus[1].htm.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html$Contact	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://webadv-prod.cl	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://accountmanager.rsccd.edu/LDAPAccountManager/changePasswor	WBMAIN[2].htm.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/E8014BF080CFA94EA18582742F9D483D.cache.html	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN	WBMAIN[1].htm0.3.dr	false		high
http://www.sccollege.edu/StudentServices/Admissions/Pages/ContactUsinAdmissionsRecords.aspx	contactus[1].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN	WBMAIN[1].htm0.3.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=LGRQ&URL=HTTPS%3A%2F%2Fweba	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF0D2D0FC300E0E516.TMP.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBSTR	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
http://dtelwasql.rsccd.org/WATEST2/WATEST2?TOKENIDX=410501587&TYPE=M&constituency=WBST&pid=CORE-WBST	WebAdvisor_scripts[1].js.3.dr	false		high
https://www.rsccd.edu/WBMAIN/Images/voter_registration_button.	WBMAIN[2].htm.3.dr	false		high
HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN?TYPE=M&PID=CORE-WBMAIN&TOKENIDX=8766656380	{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html56380&SS=2&APP=ST&CONSTITUENCY=WBST	~DF0D2D0FC300E0E516.TMP.2.dr	false		high
http://dtelwasql.rsccd.org/WATEST2/WATEST2?	WebAdvisor_scripts[1].js.3.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
35.160.239.228	unknown	United States		16509	AMAZON-02US	false
204.75.250.153	unknown	United States		2152	CSUNET-NWUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	331978
Start date:	17.12.2020
Start time:	21:52:45
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 46s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@3/29@3/2
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html Browsing link: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=CORE-WBST Browsing link: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&TYPE=M&PID=CORE-WBMAIN Browsing link: https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&CONSTITUENCY=WBST&type=P&pid=UT-LGRQ&PROCESS=ST-
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 168.61.161.212, 88.221.62.148, 51.104.144.132, 23.210.248.85, 152.199.19.161, 92.122.213.247, 92.122.213.194 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs.microsoft.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5CD94E9B-40F5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.858315414135375
Encrypted:	false
SSDEEP:	48:Iw7Gcpr+7GwpLpG/ap8ZVrGIpcZeVGvnZpvZeRGo4Iqp9ZeUGo48BwpmZeGCGW4D:rhZCZN2v9WIStI0fIvVMIPIZIbfIOsX
MD5:	6A705A1227DED2915BF9FCF654067ADB
SHA1:	E34AB12BD145CB10F61BEDED7A4EA5FF08525EE7
SHA-256:	315C1C41DB7AEEAA356D10AFD103B73825576CA9442800E12B5093340A9A21D0
SHA-512:	19D3CC5A2A8E2D5A53B6F5C78314A3A86346042BDD622299F00B38DF5EC43DCBF4E9904044EE2508139B5BCC9FBC6B684F7459DA57694FFAEDE119D5C3512452
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CD94E9D-40F5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	88752
Entropy (8bit):	2.686858745251888
Encrypted:	false
SSDEEP:	384:rKrRhfhAlV3qwqsoXsCUkMWxadkAeeOgeS0+zO6FGACWrLWdZAAWHWWP7WNb97W1:XKpDhIdVKZ5mZ+ErFqi+2TDQ5lTo9CM
MD5:	7BFF5F70E9E8442AE5E8E74D67BC5235
SHA1:	E216736A4FC5F9E7B2BC1866C5870743BE2F21D6
SHA-256:	55E83586E9ED7F7D3AEF1FDC843E4162C0B4C23DF76F07A40BD7406672640866
SHA-512:	5B6DFBA2A5D5A64C8654B8A8B81578475B21F19580006C415C6C2357E0221AB1C142340BFA5FFFB8077171D3566C4F108C5E397483FE19C80980B80A8BC59F49
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62E4A3AC-40F5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.563921091340513
Encrypted:	false
SSDEEP:	48:IwSGcprPGwpaqG4pQbGrapbSUrGQpK2G7HpRysTGIpG:rmZ5QK6PBSUFAhTy4A
MD5:	32B916CB3744B93AC6EB532CD092CCE6
SHA1:	AC95A36056E9D8FCB9973C1FB77D7C232D015A9E
SHA-256:	D78A9E383F988F1099F3DAE86AAD6F12706B83541BF6BED19FE47FD0F9FDDA8C
SHA-512:	CF94BC0797E8B6E9261031F8651B0C029329F77AAA2967B1D40D09D6DBE01BCAD03B378382B4B6AC39382942CD642CAADD92FF31047289260170AD5FCA13F5CA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	11910
Entropy (8bit):	4.054929820550354
Encrypted:	false
SSDEEP:	96:ZqjP7JpdIAPpmh/wkFLRo8ypjhYX/Wxw+r+v7g:iP7JpVPpmRwEyOX/tzg
MD5:	7E41478077222F20161CBDE039A51149
SHA1:	C9682CB3B59F5E915F0091EF579BB95258E2770D
SHA-256:	2BBC3D59C2DDCDA57892DBF3FE8E7316A3510119F4BF7DFA37B45A743A53B53D
SHA-512:	3A8C26B45E904000CEF9DFFE7AF111A8466966612822CD1A40249F4C7A4A6A1AB7EF4C45C2313326B0CDB7CCBD47DE1C02FBBF3BCBF905150871FBEEFD67AD6D
Malicious:	false
Reputation:	low
Preview:	/.h.t.t.p.s.:././.w.e.b.a.d.v.-.p.r.o.d...c.l.o.u.d...r.s.c.c.d...e.d.u./.f.a.v.i.c.o.n...i.c.o.~.................h.......(....... ...........@........................................................................................................................................................................................................d..............i.........................W..N....................~..tz~ "$......n..D..,..X.......................\mw8..J..?..*.....7..]..y.............................I..4..4..A..]..q..e..............................ft~O..V..s..p..n..n................................m..l..p..q..n.........................YYY.........d..n..k..f..y................................u..j.....\|..q..n................................vy{............\|}~............................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ConstituencyStyle[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	19161
Entropy (8bit):	5.325074335891445
Encrypted:	false
SSDEEP:	192:NhAtDgOBvPYVVrjDLaoOPfe4lunqn5PkFP7xcdBf/bJDITZ5:KleKNWksdQmz
MD5:	5965E418554129DB5FE4CBB18D182368
SHA1:	F8032BFD6D8ACB2936E6FAB8FE24710D8A2CDB72
SHA-256:	3A7747FF8529CE64E06876CECA4FF87BCF7509CF4306802738BE42BDFF992A4F
SHA-512:	29E414C6387E5B1AA8AA8E51B194BFA6553DEDD0D1E24F0BCCC1549B0CB58B56475FCF1DE035C123F74A2FE3911B3338F9EBCB69207803A88F0CC3A3CD4E0272
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/ConstituencyStyle.css
Preview:	/* ConstituencyStyle for ORIGINAL theme /..../ The constituency look and feel is determined using the following rules: /../ 1) Background color should match lightest gradient in background image (sub-BGxxx) /../ 2) Three color hues (border, background, text color) are needed for submenu boxes and screen tables /../ 3) For the submenus, background color is the lightest. Color is the darkest /../ 4) Menu title box uses reverse of submenu fore/background colors /../ 5) Tables alternate between border and background (the 2 lightest colors) /....../ Continuing Education constituency (WBCE) */...WBCE {background-color:#F9D984; background-image:url(./images/sub-BGContinuing.jpg);}...WBCE #bodyConstituency {color:white}...WBCE #bodyForm {border-color:#60A0C2}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\MenuStyle_BARS[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	734
Entropy (8bit):	5.101233686243266
Encrypted:	false
SSDEEP:	12:UFu9M3J6W5J1+FDiodJRshGOSJg1//gYXZXmSXEnr1K4k8doSL67wX06ENkN5QTi:hm5z5JkFDvbKGLJgRgYJ2SOAAGSLQrex
MD5:	1C161D7282411A97E1C5549C6195BA64
SHA1:	BC4874D599FA04D24B7251E066EFBA9160A2BA8E
SHA-256:	8722F2E8732989C61B67810F462312DBF82E3F89FBC45632E18BC2478632EDBB
SHA-512:	EE123813A28582C9220E81286BF2B5E9BB8389127DD6FDE8CC957CC09FEF284D28B2B1C584EA9746DA0B5580DAC1CACC666879EDBE8BDAA32D13C8871CEE6A42
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/MenuStyle_BARS.css
Preview:	/* Presents main menu using a 'bars' style /..#mainBody {...height:351px;...background-image:url(./images/main-menubarsBG.jpg);...min-width: 950px}.. html #mainBody {height:380px;; min-width: 950px}....#mainForm {...float:right;...width:420px;...background-color:#F9D984} ..#mainMenu {...width:299px;...border-width:0px 20px;...border-style: solid;...border-color: #CCC;..}..#mainMenu UL {margin:0px; padding:0px; list-style:none;}..#mainMenu A {display:block; text-decoration:none; font-size:12px; font-weight:bold; color:white;.. padding:10px 10px 10px 010px; height:13px}..#mainBody .custom {...float:left;...width:300px;...padding-top:40px;...padding-left:30px;..}..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\SiteStyle[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	9938
Entropy (8bit):	5.115085161911728
Encrypted:	false
SSDEEP:	192:k8hPjhh+JXj4k4p7aR1aWaGyN4o0y3VETlXaDow+i2LM/:k8hD8am9oETBaMw+rw
MD5:	301FF77F3B03F5171BFB3EC5318E2534
SHA1:	C1B522C5DD885DFB0B3E396071A1F8BB34AAB4BA
SHA-256:	218F0F62021AD6ABEB9009CDC391991CC120B93AD2322213F48260DA2F190D96
SHA-512:	9219C8F7188D510A9CA2A5D5B04A501887D685E81C0738BEFD056E68B92D649DAB9176B7412C9E6EF5660A120FCCBAF9D6768AF92D9452EC734CEAFFEBFFFDCB
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/SiteStyle.css
Preview:	/----- Standard definition for existing HTML tags -----/....BODY {margin:0px;}..BODY, DIV, TABLE, TD, P {font-family: verdana,helvetica,sans-serif; font-size:8.5pt; line-height: 11pt } /* arial 11px/....pre {font-size:110%; font-family:courier,serif;}../ -----------------------------------------------------/..../ Should these be in the constituency files? /..a:link {color:#033899; text-decoration:none}..a:visited {color:#033899; text-decoration:none}..a:focus {color:#033899; text-decoration:none} / not supported yet on any browser /..a:hover {color:#CC0033; text-decoration:none} / font-weight:bold} MDM Remove bolding text /..a:active {color:#033899; text-decoration:none}..../----- Headings -----/....h1 { font: bold 1.5em Arial, Helvetica, sans-serif; color:#9A0000 }..h2 { font: bold 1.4em Arial, Helvetica, sans-serif; color:#444 }..h3 { font: bold 1.2em Arial, Helvetica, sans-serif }..../----- Definition of form layout

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\WBMAIN[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9025
Entropy (8bit):	5.5729773720202855
Encrypted:	false
SSDEEP:	192:7f577G7smdy+92YXsnDp9y+r2yJhfD7g7smdy+92Y0soy+r2yWx:7Fry92YXsNTr2yJhf9y92Y0scr2yWx
MD5:	5321E9694F53E1850F30EA981CFF7F51
SHA1:	211F52110B6E5EB73A99CA0C9ED99575651EA16D
SHA-256:	E0C78FC8CE99FEFA28CB63F99C81ED3B8EDA378515AD3765ECDD2EF5D2EB365A
SHA-512:	7DD075A04844E0E3409667D65943FD9CA1A13CA7119A72DCD691E1DE1C91BFBF7095CC4747FBAA097C219F7D1AD8364603B3FAA83498B75FD6CE2482EE19FBF3
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html lang="en">..<head>..<meta name="gwt:module" content="com.datatel.webadvisor.gwt.EnvisionTable">..<title>..</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/SiteStyle.css">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/ConstituencyStyle.css">..<script language="Javascript" type="text/javascript" src="./javascript/WebAdvisor_scripts.js"></script><script language="javascript">..........var __table_List = new Array();..........var __metadata = new Array();..........var __data = new Object();..........var __response_URL = 'HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN';..........var __sequence_Step = '2';..........var __misc = '87666563802089848238909609590019702*Y';..........var __log_Level = 0;..........var __tokenIdx = '8766656380';......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\WBMAIN[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6800
Entropy (8bit):	5.417799590964067
Encrypted:	false
SSDEEP:	96:7nb7FFVyxkTB06khB0gkZzNe9H2EOMCqJznOZEX9aFOkkESH1IJZB0FYBOBTiOy6:7nb73Vy+YoZzIpO0OYAhfSHTiOy+22x
MD5:	7A9744A77C1FE95196FB35BEE2A5186C
SHA1:	213BB6284F9931A7AD0CB1D0C529E2A491222600
SHA-256:	ADACC086789077EBB6FF953A6CA504D71E03569847BF0B64B52525736D3544DA
SHA-512:	F81ECC1502BC0EA6C69F1BE20EFC06D103925FA213328D31D9CF7EF06EC3068FDCEBF74FF137AA479309F6D000B0F4ADA16E6F01A84839DB057631BF4DD536E2
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html lang="en">..<head>..<title>WebAdvisor Main Menu</title>..<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/SiteStyle.css">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/ConstituencyStyle.css">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/MenuStyle_BARS.css">..<script language="Javascript" type="text/javascript" src="./javascript/WebAdvisor_scripts.js"></script>..<noscript>The Javascript provides Envision session management in a web context.</noscript>..</head>..<body onLoad="javascript:displayFormHTML();">..<div id="webPage">..<div id="pageHeader">..<div id="headerBanner">..<div id="acctToolbar">..<ul class="toolbar">..<li id="acctContact">..<a href="./html/contactus.html" onmouseover="window.status=''; return true;"><sp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\shell-footBlue[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1500 x 65
Category:	downloaded
Size (bytes):	2121
Entropy (8bit):	7.685298602930702
Encrypted:	false
SSDEEP:	48:XuBcmb+7fTL377fTLMmx78deLyFC8AdM4m5qIRuBLV3hFSY9U0/0J8:XuBcm6f33Pf3Td8dUMZqIUTvvcy
MD5:	79AA606C7EA23CFD647262AE062B88E8
SHA1:	BEA353EB55D02D810961C28F20E553019388A17C
SHA-256:	77DB2BCA19691B74F6EA3372CAF34D5E2D756F13422880EFA28942A2296F921A
SHA-512:	2234879A3C3DF6F513103FBA9C5891540FB104A8A7496774001D93E6C4F578B2AB759BA58768D9BADDFA622A7F12E84E1703AD769B8098160D37C399EB769B43
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/shell-footBlue.gif
Preview:	GIF89a..A........."..3......__i.-..8...??W...oor.{q..U....(..O..A.....l.....`.....88S...((J..f..<....00N.9GG\.D......J.>.3 EOO`WWe..[ggnwww......................................................!.......,......A......pH,...r.l:..tJ.Z..v..z..xL....z.n...\|N.....~........................................................................................................................................H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.......@...J...H.]...P.J.J...X.j....`..K...h.]...U...`....%...dC..O$...!0..$.P........P.H...D....I..&.d8.@....=8q..A..c.........}...e.N<...@u.....^..:.....~.D.......x...(.`.....A.....'...-....%..a.......v...!..kF ...#P..`... ..e.p....h.u......wX...1...t.`z,..%..1....@D.B@..f..._.l...E....-,.X...FZk.9H..C P`..-...ON..xO&g....v./...p.W}.1P.~..&.e.d7.d.....tM..`E 7.iVfX.`......ZaD..d..]:Z.B W...^.#.!Ar.X.....g..1.t.`6.z.aF....w....p.\Dl.....6.h.jxX...Plr..`..9..f^P.`.....k.......-....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BG-pageHeader[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 74
Category:	downloaded
Size (bytes):	59
Entropy (8bit):	4.043603585211935
Encrypted:	false
SSDEEP:	3:Cfu/ZkR/Hl7/lmqw5xUE:uGgl7MF
MD5:	30548E35620BAEB0B9D9454E238FA374
SHA1:	F9593BCC7CD06CF40D202BD67456D52A671483FE
SHA-256:	A9C8395EE75610B1B296A906025F80601C257D5B820080B10444BF9A6E2B09E9
SHA-512:	B55EF4CDB50FD29B4CEF3EA0C79D9ED4B3FACAB6D065B5A4A68F3C42AC37C6C022B5584270F8A6FB78192ED4FF7290205CF423CFFD0595FAF63A02205759AFD6
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/BG-pageHeader.gif
Preview:	GIF89a..J......".........!.......,......J........}....X[..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\WBMAIN[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	6597
Entropy (8bit):	5.550398815498284
Encrypted:	false
SSDEEP:	192:7BDSd7smdy+92YGtmauZj41DGsnJ9y+r2yox:7way92YGtmaoj4DTr2yox
MD5:	F51B90878ACD1040A43844EE7FB52648
SHA1:	E9CD8759C7DD655F29B1080146CFD7D9E8D2B14A
SHA-256:	551332520A48395801161182A805E0BD9A3D2F7A32C31CD0828D947274D0BCAA
SHA-512:	23C33D12CF5C0E43BD9464865B7DAD12CAE88C6357064D678072C1853A613D3515386EF3F23A4F2DF02837ECDFDEA49132EDFE78126CCA7B3DD903F44E04AF7F
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html lang="en">..<head>..<meta name="gwt:module" content="com.datatel.webadvisor.gwt.EnvisionTable">..<title>Log In</title>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/SiteStyle.css">..<link type="text/css" rel="stylesheet" href="./stylesheets/themes/ORIGINAL/ConstituencyStyle.css">..<script language="Javascript" type="text/javascript" src="./javascript/WebAdvisor_scripts.js"></script><script language="javascript">..........var __table_List = new Array();..........var __metadata = new Array();..........var __data = new Object();..........var __response_URL = 'HTTPS://webadv-prod.cloud.rsccd.edu:443/WBMAIN/WBMAIN';..........var __sequence_Step = '';..........var __misc = '87666563800038810295939609590019702*Y';..........var __log_Level = 0;..........var __tokenIdx = '8766656380';...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\contactus[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2123
Entropy (8bit):	5.242682993048781
Encrypted:	false
SSDEEP:	48:7qvAav2nut2n8iASrLuW+ATYgx0C0FCPLvk7N08UkA5:7O5hSrL7cgOCaCzvk7aVkg
MD5:	CD19D57FB7130A17258F936F6C1ABBBA
SHA1:	FAAA11C3748B83DDC0A18F8CF83949BD7BF70804
SHA-256:	2409A11A627826199DB0A30D4F9987D94048C399F6C0C1DEB58B4F2168257C95
SHA-512:	9909EE39ED9A236FC51E8AC59CF3E099ED09C5317D007430510DAD6C2835C3283F02AE5531D549AC4943B3F1CBAAF5C48DFBD214704582D3899AF434FA1CCEE9
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/html/contactus.html
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html lang="en">..<head>..<META http-equiv="Content-Type" content="text/html; charset=UTF-8">..<title>Contact WebAdvisor</title>..<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">..<link rel="stylesheet" type="text/css" href="../stylesheets/themes/ORIGINAL/SiteStyle.css">..<link rel="stylesheet" type="text/css" href="../stylesheets/themes/ORIGINAL/ConstituencyStyle.css">..</head>..<body ALINK="#0000FF" VLINK="#0000FF" LINK="#0000FF">..<div id="webPage">..<div id="pageFooter">..<div id="headerBanner">..<div id="acctToolbar">..<div id="acctWidget"></div>..</div>..</div>..</div>..<div id="pageBody" style="background-color:#82825D;">..<div id="bodyWelcome">..</div>..<div id="bodyConstituency">..</div>..<div id="bodyForm">..<div id="screenTitle">..<span></span>..</div>..<div class="screen">..<div class="panel vertical">..<span class="control">..<h1>Contact WebAdviso

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 9 icons, 16x16, 16 colors, 16x16
Category:	downloaded
Size (bytes):	21630
Entropy (8bit):	4.195918238980776
Encrypted:	false
SSDEEP:	192:yH0NZsp7JpVPpmcClKs+OzR16MwEyOX/tz7:K0K7J3PpCvR1VyQ/tX
MD5:	4644F2D45601037B8423D45E13194C93
SHA1:	DCFDC7B05CB629F3B91A7267C7F304306F461724
SHA-256:	64A3170A912786E9EECE7E347B58F36471CB9D0BC790697B216C61050E6B1F08
SHA-512:	1C300F2A8C71615AB8B4DF72801A3C77B245CA6199FEE3FF3775553E1418D895CA336326AE687A4584A8F68645F9938E4DE76511062D260A66818959C952DEEE
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/favicon.ico
Preview:	..............(...............h...............h...&... .............. ..........v... ..............00......h...."..00...........)..00...........7..(....... ............................................................................................................................................x....x.x....w.w.w........x....w.xx...x..wx...............x.........................................................................................(....... ...........@.......................................................................................................................q...e...l...n...f...s...n...n...y...p...q...n...y...u...n.......q...\|...n...k...d...]...W...]...X...C...J...N...V...O...<...5...*...,.......\|}~.uz}.ft~.\mw.YYY. "$...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\shell-headBlue[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1500 x 74
Category:	downloaded
Size (bytes):	8850
Entropy (8bit):	7.784869981319577
Encrypted:	false
SSDEEP:	192:VyD5X4GZnYdDsUoudpuylEzk2jTRgN/UzPwXi+/olcJ+02AoGxctuKdKPVFA6CCB:V45oTdYUmyO4ic/piWT+1FUVKdKPt
MD5:	D4DD6CB0AC432786D1004AB7BF4235A6
SHA1:	B59C0E8841EC7A8D7D02D15304645167AFA7287C
SHA-256:	D2496E05939DE24566F8F94AFD93EB11385AABB70FEB184E63FA5D14F8AC3B43
SHA-512:	36680251912D810E4FF484DB33521D5A981D24F7FC27C395125BCEF1087F55C0BCE925C1AC2D1386A8A9C1276F488B709F7AC2C1BE07B048C844D1BC65A98D98
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/shell-headBlue.gif
Preview:	GIF89a..J.....SS...........ZZ...EQ.....U`...+4d...++...cc..V..jt..{{....7....c.qqFP.+0O...FNw.........}..j...bl...t$3.4B......EKj........\Q]..DD.........I...........Ze.......r((........................php.<<...................ll..)............\|..........JJ.$x..+:.......DD...s..MY.y..S''..J...8..k...............wDDeDD.55....mm..B...aa...33=J..DD....!h........c.....r{......V.ww. w............NN...\|.....gm.EH[......^i.....11......-<.x~....7E.ep....u...ii.@@)...EE.!!.....................x..@M.........H.wwV[v......5@x..o.UU......""..QHT.j...33W_.I..5A.nx..vv.%%......UU..T.UU..VYj....0>....{.........33hr.7.....DDY..{....:..............""wUU...JV.w....,...ho....xz..UU(7.#(@FO. /.;H.........CC.88.'{..r.........z..........kk....."......!.......,......J........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....C..M....S.^....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\E8014BF080CFA94EA18582742F9D483D.cache[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86847
Entropy (8bit):	5.590087635248121
Encrypted:	false
SSDEEP:	1536:35bx0N1FZGQ3q69HHpm9Pdu6RHuhUaZM4DOu/Jlp:35qXGeq69HgLOxZ/Hp
MD5:	E8014BF080CFA94EA18582742F9D483D
SHA1:	34DDB3C8389DA46C2F48DC1E9C194AAAEF38D768
SHA-256:	974748B2EB6C6FAB0524D23EF2B9535A129E38FEB4E7A18F622698C41D27FC13
SHA-512:	D0F075EF78FCF6BF25B47DC80EF2930C0F17A296850ED8F3D7421EA887A3D574A5436807137102BEB924FD1DF957ED789300396374118FA5FAA1A5B2D2026B51
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/E8014BF080CFA94EA18582742F9D483D.cache.html
Preview:	<html><head><script>var $gwt_version = "1.6.4";var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;var $stats = $wnd.__gwtStatsEvent ? function(a) {return $wnd.__gwtStatsEvent(a);} : null;$stats && $stats({moduleName:'com.datatel.webadvisor.gwt.EnvisionTable',subSystem:'startup',evtGroup:'moduleStartup',millis:(new Date()).getTime(),type:'moduleEvalStart'});</script></head><body><script> .var pb='',mr='\n',Ef='\n ',rb=' ',ss=' ',ic=" '','toolbar=1,scrollbars=1,resizable=1,status=1,location=1,directories=1,toolbar=1,menubar=1');\">",di=' --> Bottom: ',nr=' : ',gs=' Created.',Dk=' GMT',zg=' cannot be empty',Ag=' cannot be null',wn=' cellBorder',wb=' cellBorder ',ms=' column=',ln=' gwtHeader',vg=' is invalid or violates the same-origin security restriction',yg=' ms',ki=' must be non-negative: ',xc=' of ',fc=' onclick="javascript:window.open(\'',ec=' onmouseover="window.status=\'\'; return true;"',nc=' onmouseover="window.status=\'\'; return true;">',Cj=' out of ran

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ST-BGBlue[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 20 x 20
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	5.430949714419671
Encrypted:	false
SSDEEP:	3:CSH3CsJdlsta0bTlLtj1PlE:3SsJst/v1dE
MD5:	915B4F9250CBD79F15A32DBCDCC49A4F
SHA1:	EBDCD8F7CEB763B2EEB625439BAC6F5B5E1F1F3E
SHA-256:	1E93980A2DAE3AA72A7911F2C3363DDDC91C21A540C13C63D1D3C30DE64C8E72
SHA-512:	6303582390CB63A57A1B63BA3B18C862D29059B14C51E7B1DD46B5646CC3AE5B544CC27BB376F05B3CFDDF47F27930A863BCE1BDA22106363DFAF593FB80F1F2
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/ST-BGBlue.gif
Preview:	GIF89a........."..P!.......,..........+........Q>j/.n.}V(:d...vl..^#.K].......;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gwt[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5013
Entropy (8bit):	5.512104021544073
Encrypted:	false
SSDEEP:	96:5d8+aY9CgZuQHwhGbzs4MYkQnrLtg2YnUHVe35NIJNNZTl/HLe2rboM9x/8:54YoMuQH0GPs4MYkQri2vc3vg/HLe2r4
MD5:	F83258E999FC7A32028887EA86E108B7
SHA1:	4DFFA14CDCD287AFB7D9744E2CEBDFED1652B843
SHA-256:	BD57957451EC0EEDB1223220405B34DF37815885ED7A6C877D881812A7A864FF
SHA-512:	D114385FEDDA22A12EE339A33150BEACB036670CB5FC463E5827DCFA41B2D5371DBF16BED7255E00BA77762BEA5109BE0B5319DBEA5606C4988E609FB2943AB0
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/gwt.js
Preview:	function com_datatel_webadvisor_gwt_EnvisionTable(){var l='',F='" for "gwt:onLoadErrorFn"',D='" for "gwt:onPropertyErrorFn"',n='"><\/script>',p='#',r='/',sb='0DD6E95BB5264D7E376FD9867CD9994D.cache.html',wb='48F292BF82B3C7016C374E0BE7BD12AD.cache.html',tb='97A0D1CADE85F4170922909E4CB0D8B3.cache.html',zb='<script defer="defer">com_datatel_webadvisor_gwt_EnvisionTable.onInjectionDone(\'com.datatel.webadvisor.gwt.EnvisionTable\')<\/script>',Db='<script id="',A='=',q='?',C='Bad handler "',vb='C502FDB5668454B03B5054F9A820E879.cache.html',xb='DOMContentLoaded',ub='E8014BF080CFA94EA18582742F9D483D.cache.html',o='SCRIPT',Cb='__gwt_marker_com.datatel.webadvisor.gwt.EnvisionTable',s='base',nb='begin',cb='bootstrap',u='clear.cache.gif',m='com.datatel.webadvisor.gwt.EnvisionTable',z='content',Bb='end',lb='gecko',mb='gecko1_8',yb='gwt.hybrid',E='gwt:onLoadErrorFn',B='gwt:onPropertyErrorFn',y='gwt:property',qb='hosted.html?com_datatel_webadvisor_gwt_EnvisionTable',kb='ie6',ab='iframe',t='img',bb="jav

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\main-menubarsBG[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1200x375, frames 3
Category:	downloaded
Size (bytes):	126912
Entropy (8bit):	7.961877968299554
Encrypted:	false
SSDEEP:	3072:mllLkv/F2z7ZdtjYpJBUa17DLn5HS7yZh+DlEjjh07vgxhYkTGux:mls/FMdepJBUa1nLs+PqmLT7
MD5:	FC4DC7AC1AC98F05D580FCC0E9A9C3EA
SHA1:	6753387E234A208A213A1B7EE7676CA77DA1BA03
SHA-256:	972636FC53F646BCB8398BD62CD764FE44BD149DE6731D583187A55C3080137B
SHA-512:	E8BC53C2125C6CE862F323787F0CD1928C43C6B4CB578E35740B98E7B53CA938F3079269505D4FAD67E76B8ACAD752DB50B0FFF997A917DEABCB2A313CE6BA80
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/main-menubarsBG.jpg
Preview:	......JFIF.....d.d......Ducky.......F......Adobe.d.................................................................................................................................................w.............................................................................................!..1AQ"..aq2..BR#..3.b$...rC..%.S4.D..5..d.......................!.1.A.Qa".q2.....B....#..Rr.b3..Cs$4............?....P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P.......^..P.z.v.hA....?....H.t.e..654.j. MU(..R@.. MV. L....Y.7..a.nXJU'.%.Um.^_0.m..Z..i...7%n(.e]......Qx,.#.,9.n;N..n[.X.D....Q....\..2Z.w.I*=G.t .Mo.....)..S.6#........Qm#.#...{e....>.k.b...............Z..2(.....J8V.f..S[N......Z7,.2Q.F..\....O...&................sU!..G........]...qr.X/,.d.7..b....9\Y.@....u.-_...64~J...^.X..Tu..G....n.......0...u......K).{....!).P......W.z.d'$..{^.....}.l....;.6E..........i}.7....Q...b2I..h..S...RH....Ea.Llm..PW.#.F$. ^{.J.....\|.I06[i(;..u..Bx8.B.[.......=.8.S58V$%..Z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\voter_registration_button[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 240 x 64
Category:	downloaded
Size (bytes):	7876
Entropy (8bit):	7.868675713064388
Encrypted:	false
SSDEEP:	192:0wXGB6yJbRgzbNxgnoD5Pw7wWfGOXE4OCte8FtGRqKh:0wXGUkVkxgIapfGWXZtGMI
MD5:	C10321F202F2165991E0560818026A57
SHA1:	EA8CEE26CEB48EF6615DF3934F62ED633B98883F
SHA-256:	83F71529A4FFFFDEA09F24021F26C80EF12975A6D8D45A48CC13798CD3908E58
SHA-512:	0BFDE930D181A41343FA17B16EDE543A355C565F86BDBD4C852C259CAF4818FA193BA7052EC7B45C06E2B49E6AE361E420E65B08D6503D1C32DF9519D025B012
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.rsccd.edu/WBMAIN/Images/voter_registration_button.gif
Preview:	GIF89a..@................kjk...! #...............{{}............34D\|}.........F(3.u\|.=@b..........................eft....Z[f.....................................%..(..'..'..).....Z.+..,..&..,. -...m!/..+."/..'..#y%2.%1.'4.'3."-.(4.(4.%0.)6.+7.+8.,8.+7./;..9.4.2>.-8.&/.6B.5?.<H.BM.FQ.>H.IS.7?.KV.!&QOZ.R\.IR.R\.U^.5;tYc.R[.^g.cl.hq.mv.qz.IN}s{.w..Z`.z..y..fm.\|..\|.......TY................z...............................................................jm..........................................................IJS.....................w..{.........................................................................stw...............m..<...((....DD.gg..ee...cOO....................................!.......,......@........H......*\....#J.H....3j.... .....A.v.B.\......( /^:t...x....... ...w...eo'.P...7..Qw.F0.T..`5....(.t.....5..p...G.......6..`.Z..]....+^.u_.X.k....2k.......+`.p.v...^....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AT-BGBlue[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 24 x 20
Category:	downloaded
Size (bytes):	83
Entropy (8bit):	5.335706148136202
Encrypted:	false
SSDEEP:	3:Cg+IH3CsJJnM5qzgLdp8gb7en:j+6SsJi9L3a
MD5:	AA55D706FBA16130660DA5E4D34F0E5A
SHA1:	DB3A83EF5A65D02EFAF1F8D99C3D2A402FAD0059
SHA-256:	0312837B8B33879FCCF87B5504159384E6DD4D57DE69E2D77494BC87E784B44F
SHA-512:	06FDC83A87E333D355139ACCF5DCC6AD8915C8EC6FF0026DBB36C483C32BBA011E121EACF46B0D9A4C21928138ECEBBC4C31ED466A0968B11DA3305492CF5514
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/AT-BGBlue.gif
Preview:	GIF89a........."..P!.......,..........*..i....s.NZ..9l^}.%6Y9j.I.L.>I<.......+..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BG-pagefooter[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 70
Category:	downloaded
Size (bytes):	823
Entropy (8bit):	2.0811704391812564
Encrypted:	false
SSDEEP:	3:CTaFlUfTa53RodraJI++iV1wxHycyPCFgqqITGv9IElXDzl7/lE8Dfvtoz4/:iCWcRcraJD+iVDcxgqq4ZElXHlJj1V
MD5:	250C6F51E84A0D0539644DD43FE1EEF4
SHA1:	9202769D786F75D479993622F4512D1019A089DE
SHA-256:	514595AFC2F71E3A63E4AD29555D0E01C38292CB73A1A0344305E8B05256D0DA
SHA-512:	D88858356FB8A9F42AE9B8C538DA3984EDA953BA63D4004C09F79B40E61D4CCF54FD059F9BF387F97FC3DFBC2BC1FD2F14397A80A38F797CA009E44A79584E4D
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/BG-pagefooter.gif
Preview:	GIF89a..F........."..3......__i.-..8...??W...oor.{q..U....(..O..A.....l.....`.....88S...((J..f..<....00N.9GG\.D......J.>.3 EOO`WWe..[ggnwww......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......F..............*\.!.....;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SAC-SCC-logos[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 115 x 56
Category:	downloaded
Size (bytes):	3345
Entropy (8bit):	7.817806191924214
Encrypted:	false
SSDEEP:	96:XyhLJMnB9RlW07gkCypgTrj0bL3nA0Ot6uAnayuxr6QsrKcIlhS6:XS2RlW0cTypurjeL3nA0OQDuxr6Qsr+t
MD5:	D41E2C56CDA7A4E5422820547525F66D
SHA1:	CE2EBB604F8244F9C2836AE1E64CA06AC90ABC22
SHA-256:	6526DF4D6F8CCD88C1F12CE47269E3431803B2BA27762E5A41A17853A89A186E
SHA-512:	52060498042374AF1210AFA72DB2AB61116C0407506F18FAE153CF9579C4BBFAFD0156CE3F092622F528C61C57625A1224308E3440EF85ECF49A6D9A164416FB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.rsccd.edu/WBMAIN/Images/SAC-SCC-logos.gif
Preview:	GIF89as.8......................Pb.3Ks.\|~......i{...K\k.XWY}..=Q....Cl....;Q}Ti..,W........";e...........l~....Ib.]q..........(S.dfL^......6...@T.hjl......as..0Z.........Qg.....6a.....CX~...D[.......du.Wi............DVf.......................QQS...Rd............q.....Yi..........-Ep.....B.ru.....................:N.J_.........Xm.Yl.gx....EY.......Ma....v...&)......#O...v.....Wk.........H}.................Ue....v..n.......>V\|I].9PvH[.1GoCW....q.....J].s........L_...=...x.......6OwQc..........y..Rc.Nd.!5_..L......Oa.#. ......B?A`_aN`.......N`....?B...wwy.XZM_.......^_a......Na.[o.Nb............F.......36.DG.........\m...K..........._n...I...v.................M`............. L......p....I..JNa....O`.Oc.............s..I[.x..Pa.Se........Kd.!.......,....s.8.....Q..H......\....#J.H....3b.....=Nl@...(S.\y.`.Y.b.I..M./)....I.!o..:3.H.H.......F%.d....R30 ..uS#.<.........X.1..A(..@.....]..J....o.:I....E...V......UC..@....0.....'1.z.{.n^.....Y..(..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\WBMAIN[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	450
Entropy (8bit):	5.386291992641382
Encrypted:	false
SSDEEP:	12:hnMQbwuOCvyglWTu7RRVML7KpVqGOL8AzuIp7KCbPfbPGu:hMavymRRVML7KpUwMKCH5
MD5:	E0ED67B97D9545899019F5C952BC2C69
SHA1:	844A6AAF9C6AE41160B86C50AE16DD54002516F5
SHA-256:	81252FCFBD77F09900B589E8807578EEAB80A372B9F906B0E2A34D624D8E1BE1
SHA-512:	C51871E727CAA37C853DF2F08FECE989A263CCF4EED1128D0292E3298CA6FB5F17E0816F00AC1D3F3D788EDF3A408A5B301ABB279638D40248C38DFCE4737D7F
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">..<html>..<head>..<script language="Javascript" src="./javascript/WebAdvisor_scripts.js"></script>..<noscript>..<h1>Javascript is currently disabled. Javascript is required for WebAdvisor functionality and must be enabled before proceeding.</h1>..</noscript>..</head>..<body onload="javascript:setWindowHTML('', '8766656380');">..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\WebAdvisor_scripts[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	18992
Entropy (8bit):	5.34352044210416
Encrypted:	false
SSDEEP:	384:KROkpVVfOZxB3hLUujCET9DKKz2oX4o6ilbbKBJY5ZfY7JsPqxWQNnk:SRLVf2xB3hzpD6oX4obbHXfY7JsPqEQS
MD5:	D130DCDF0508CE99B7F274655952C5ED
SHA1:	27AAA864CBA365B1D45FCDF17B9AE6D58A4C534E
SHA-256:	B2F9E38F5AFDA86BF9A94AD998F145A092932F6A76554D69814854E73DA99CEA
SHA-512:	E5DE3A651AFA0B5082CF0C83793AB289DC8503F79AC0E476016A430E6287C10569AAF7A88F4CDC6EEAEC2D107DA30DBC632902DA0C6BBE60394807C639574AC9
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/javascript/WebAdvisor_scripts.js
Preview:	var g_urlParameters = new Array();..var g_tokenIdx = "TOKENIDX";..var g_nullString = "NULL";..var g_cloneName = "CLONE";..var g_warnName = "WARN";..var g_lastToken = "LASTTOKEN";..var g_securityToken = ".SECURITYTOKEN";..var g_controlID = ".CONTROLID";..var g_guestStatus = ".GUEST";..var g_cookieCheck = "WA30_checkCookie";..var g_warning = "You are now logged out of WebAdvisor.\n\nTo ensure the security of data, you should now close your browser window. To close your browser now, click OK";..var g_displayWindowMessage = "The maximum number of cookie values has been reached.\n\nIf other windows are currently open or were not closed using the 'CLOSE WINDOW' button, then you must close all current browser windows and re-login to avoid unpredictable behavior.";..var g_setWindowMessage = g_displayWindowMessage....+ "\n\nThis window will now be closed.";..var g_clicks = 0;..var g_busyMessage = "Your request is currently processing. Please refresh the page to regain control.";....function in

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sub-BGCurrentStudents[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x640, frames 3
Category:	downloaded
Size (bytes):	516
Entropy (8bit):	5.509808750897449
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8l7mMe2ziwnmtssVwDb7Q0uwO0QLwhMzELRfyLlKfKQ62:V/XPYhiPRd8k+YIRQLfKRfyR1Zk
MD5:	EA2DD84A415EF9F03B9DF3944D3536D6
SHA1:	53674FC3065E25DE65F0EE9B6FD822796A084C12
SHA-256:	3166F9D5FE2B4F578B9E4F565C1A51C960685B1B500AFEC931F93E32749ECFEE
SHA-512:	A177DF36237DBF53FB7ABA09F2065AC8BC70E1EF9C44CF1F072D28EBAFC8FD8813CDC23CD65D2B8C8FE351A17631BAABA7778705385F64AE05DF2748F11A9F79
Malicious:	false
Reputation:	low
IE Cache URL:	https://webadv-prod.cloud.rsccd.edu/WBMAIN/stylesheets/themes/ORIGINAL/images/sub-BGCurrentStudents.jpg
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d.................................................................................................................................................................a..................................................................aQ..R!b..................................?...K..cJ...<....&.6..4...Q....<9WF.Kb.....k.TQ]...j...z..)..[.Q5...ETUDUE5.:).!\..p....=t.......U..xB..Mt.)..[.Wi\.5ET.8.U.S.5QMc.).<....B.WLW-1...c......................................?..

C:\Users\user\AppData\Local\Temp\~DF0D2D0FC300E0E516.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	89028
Entropy (8bit):	1.953805311407002
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+LFX+FyrAs0sqEASpA3kAlt00G6kG1NHebWN0AKSJhaj7VlTo9:iNiAKrj5lTo9
MD5:	2C6556F9FE1179F51D834A4BBFC1BFE7
SHA1:	F6400B4E0D4A684E74124031324CC607772895EC
SHA-256:	270DBDCDA3B8CDC6F0743F8E155A7C80BFC5253BA9096BDEE0BD0861250EEC69
SHA-512:	CE6ADEBF013FB9C4F71C8DFAE1988E304393D8D5A75B9CCCFA341E5030AFA52230F80F2D4C3BB16093EC8B28871E95EF1D03EF851C6E7754AB20EC7ABB31C2D8
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF2049ACE8865EEA90.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	1.0827816400336687
Encrypted:	false
SSDEEP:	192:kBqoxDhHjgE+pmQ8wmOgLu7nw21Kw23T:kBqoxDhHjgE+JbgMM
MD5:	FDB418A23EBBCBE78D5105720BACAB7A
SHA1:	61519D51B0DB73B2CA98BF814F67B4D3A2E87AC7
SHA-256:	A1AE7F450819D3F724B5C5152F1E71B0B73C26968FD8E9D2C46F432C53ED452C
SHA-512:	5455C91434E8F7C76F331B36F9A42333187826AAD8292F0DCBB7C1F01A62C3592677DB98945AF7029446EAACA4C04E750BCE6D4BECBFE5E856861B088C301BEF
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF8348648A35F74BE0.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48074968473481183
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lo7F9loB9lWZ++yy:kBqoIKUZ++yy
MD5:	FC5AF2EC031A71B02F94D33208382CDC
SHA1:	1D4A110440E3A525B326DE329189C9A222D84672
SHA-256:	8A42D8C6E21E10F9697C17A559B0C612F8B274F9E1F29220738E4E67EDCCD378
SHA-512:	E70B0269033899083234B29600373740B1630A5DF8F8D0E7F999C847F8C8097B62B5D7EF9DFE74E75A0AFA7854CD95FB526191FC6603B9ACF8096DC57289F2F8
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2020 21:53:36.107429028 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.107690096 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.288261890 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.288393021 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.290254116 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.290366888 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.294703007 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.295011997 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.477930069 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.478595972 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.479373932 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.479392052 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.479407072 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.479477882 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.479499102 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.482188940 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.482208967 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.482224941 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.482270002 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.482314110 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.511840105 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.512218952 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.517349958 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.692867041 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.692944050 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.695079088 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.695178986 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.710700035 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.710725069 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.710779905 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.710803032 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.758229017 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.940690041 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940715075 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940728903 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940741062 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940753937 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940766096 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940778017 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940824986 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940850973 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.940877914 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.940895081 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940911055 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:36.940922976 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.940948009 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:36.940964937 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.121692896 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.121745110 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.121783972 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.121790886 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.121812105 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.121822119 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.121830940 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.121862888 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.121865034 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.121905088 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.243907928 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.259717941 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426162958 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426224947 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426248074 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426269054 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426290035 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426320076 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426347017 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426374912 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426402092 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426426888 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426435947 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426485062 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426491022 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426506996 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426521063 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426536083 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426577091 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426608086 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426647902 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426659107 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426673889 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426696062 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426709890 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426728010 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426750898 CET	443	49716	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.426772118 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.426805973 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.483994007 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.554738045 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.554769039 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.554781914 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.554800034 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.554826975 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.554863930 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.560486078 CET	49717	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.561675072 CET	49716	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.564846992 CET	49719	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.743335009 CET	443	49717	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.745313883 CET	443	49719	35.160.239.228	192.168.2.3
Dec 17, 2020 21:53:37.745541096 CET	49719	443	192.168.2.3	35.160.239.228
Dec 17, 2020 21:53:37.745768070 CET	443	49716	35.160.239.228	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2020 21:53:30.340349913 CET	58361	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:30.367387056 CET	53	58361	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:31.143441916 CET	63492	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:31.167953014 CET	53	63492	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:32.048904896 CET	60831	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:32.073337078 CET	53	60831	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:32.831226110 CET	60100	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:32.858671904 CET	53	60100	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:33.652046919 CET	53195	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:33.676491976 CET	53	53195	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:34.499414921 CET	50141	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:34.523669958 CET	53	50141	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:34.791186094 CET	53023	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:34.828233004 CET	53	53023	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:35.543863058 CET	49563	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:35.571048975 CET	53	49563	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:35.903707027 CET	51352	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:36.095407963 CET	53	51352	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:36.333477020 CET	59349	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:36.357711077 CET	53	59349	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:37.527880907 CET	57084	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:37.554944038 CET	53	57084	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:39.304260015 CET	58823	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:39.337291956 CET	53	58823	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:40.142350912 CET	57568	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:40.177736044 CET	53	57568	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:41.018522978 CET	50540	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:41.051700115 CET	53	50540	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:52.476207972 CET	54366	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:52.511888027 CET	53	54366	8.8.8.8	192.168.2.3
Dec 17, 2020 21:53:58.337455988 CET	53034	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:53:58.527302027 CET	53	53034	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:00.853452921 CET	57762	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:00.880943060 CET	53	57762	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:02.589333057 CET	55435	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:02.633637905 CET	53	55435	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:05.092161894 CET	50713	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:05.116297007 CET	53	50713	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:05.514152050 CET	56132	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:05.542804003 CET	53	56132	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:06.101313114 CET	50713	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:06.125722885 CET	53	50713	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:06.521405935 CET	56132	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:06.548718929 CET	53	56132	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:07.099731922 CET	50713	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:07.124191999 CET	53	50713	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:07.581237078 CET	56132	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:07.608555079 CET	53	56132	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:09.116581917 CET	50713	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:09.140892029 CET	53	50713	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:09.269136906 CET	58987	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:09.303148031 CET	53	58987	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:09.584093094 CET	56132	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:09.611128092 CET	53	56132	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:13.131459951 CET	50713	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:13.155682087 CET	53	50713	8.8.8.8	192.168.2.3
Dec 17, 2020 21:54:13.600302935 CET	56132	53	192.168.2.3	8.8.8.8
Dec 17, 2020 21:54:13.627471924 CET	53	56132	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 17, 2020 21:53:35.903707027 CET	192.168.2.3	8.8.8.8	0xb5e	Standard query (0)	webadv-prod.cloud.rsccd.edu	A (IP address)	IN (0x0001)
Dec 17, 2020 21:53:52.476207972 CET	192.168.2.3	8.8.8.8	0xde1a	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
Dec 17, 2020 21:53:58.337455988 CET	192.168.2.3	8.8.8.8	0xbae7	Standard query (0)	www.rsccd.edu	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 17, 2020 21:53:36.095407963 CET	8.8.8.8	192.168.2.3	0xb5e	No error (0)	webadv-prod.cloud.rsccd.edu		35.160.239.228	A (IP address)	IN (0x0001)
Dec 17, 2020 21:53:36.095407963 CET	8.8.8.8	192.168.2.3	0xb5e	No error (0)	webadv-prod.cloud.rsccd.edu		34.211.132.52	A (IP address)	IN (0x0001)
Dec 17, 2020 21:53:52.511888027 CET	8.8.8.8	192.168.2.3	0xde1a	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
Dec 17, 2020 21:53:58.527302027 CET	8.8.8.8	192.168.2.3	0xbae7	No error (0)	www.rsccd.edu		204.75.250.153	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Dec 17, 2020 21:53:36.479407072 CET	35.160.239.228	443	192.168.2.3	49716	CN=*.cloud.rsccd.edu, OU=Information Technology Services, O=Rancho Santiago Community College District, STREET=2323 N. Broadway, L=Santa Ana, ST=CA, OID.2.5.4.17=92706-1640, C=US CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Jul 01 02:00:00 CEST 2019 Mon Oct 06 02:00:00 CEST 2014	Thu Jul 01 01:59:59 CEST 2021 Sun Oct 06 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 17, 2020 21:53:36.479407072 CET	35.160.239.228	443	192.168.2.3	49716	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Oct 06 02:00:00 CEST 2014	Sun Oct 06 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
Dec 17, 2020 21:53:36.482224941 CET	35.160.239.228	443	192.168.2.3	49717	CN=*.cloud.rsccd.edu, OU=Information Technology Services, O=Rancho Santiago Community College District, STREET=2323 N. Broadway, L=Santa Ana, ST=CA, OID.2.5.4.17=92706-1640, C=US CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Jul 01 02:00:00 CEST 2019 Mon Oct 06 02:00:00 CEST 2014	Thu Jul 01 01:59:59 CEST 2021 Sun Oct 06 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 17, 2020 21:53:36.482224941 CET	35.160.239.228	443	192.168.2.3	49717	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Oct 06 02:00:00 CEST 2014	Sun Oct 06 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4116 Parent PID: 792

General

Start time:	21:53:34
Start date:	17/12/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7a0160000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5764 Parent PID: 4116

General

Start time:	21:53:34
Start date:	17/12/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4116 CREDAT:17410 /prefetch:2
Imagebase:	0x810000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://webadv-prod.cloud.rsccd.edu/WBMAIN/WBMAIN?TOKENIDX=8766656380&SS=2&APP=ST&CONSTITUENCY=WBST

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4116 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5764 Parent PID: 4116

General

Disassembly