DOCSLIB.ORG

Automated Malware Analysis Report For

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report For ID: 406830 Cookbook: browseurl.jbs Time: 09:36:59 Date: 07/05/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Analysis Report https://hmk- my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3zcU0H7s6bMwEg? e=4%3ajV6tDZ&at=9 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 9 Contacted IPs 15 Public 15 Private 15 General Information 15 Simulations 18 Behavior and APIs 18 Joe Sandbox View / Context 18 IPs 18 Domains 18 ASN 18 JA3 Fingerprints 18 Dropped Files 18 Created / dropped Files 18 Static File Info 52 No static file info 52 Network Behavior 52 Network Port Distribution 52 TCP Packets 52 UDP Packets 54 DNS Queries 57 DNS Answers 58 HTTPS Packets 59 Code Manipulations 60 Statistics 60 Behavior 60 System Behavior 61 Analysis Process: iexplore.exe PID: 4292 Parent PID: 792 61 General 61 File Activities 61 Registry Activities 61 Analysis Process: iexplore.exe PID: 5400 Parent PID: 4292 61 General 61 File Activities 61 Registry Activities 62 Analysis Process: dllhost.exe PID: 6600 Parent PID: 792 62 General 62 File Activities 62 Analysis Process: explorer.exe PID: 3440 Parent PID: 6600 62 General 62 File Activities 62 Analysis Process: iexplore.exe PID: 724 Parent PID: 4292 63 General 63 File Activities 63 Registry Activities 63 Disassembly 63 Code Analysis 63 Copyright Joe Security LLC 2021 Page 2 of 63 Analysis Report https://hmk-my.sharepoint.com:443/:b:/…g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3zcU0H7s6bMwEg?e=4%3ajV6tDZ&at=9 Overview General Information Detection Signatures Classification Sample URL: https://hmk-my.sharepoint. com:443/:b:/g/personal/cd YYaarrraa ddeettteeccttteedd HHtttmlllPPhhiiisshh1100 ark3_hallmark_com/ESso PYPhahiirissahh diiinneggt e ssciiitttee d dd eHetttteemcctlttPeedhd i (s((bbhaa1ss0eedd oonn iiim… Cn...llmark_com/ESsoCnIn 0KVAvpl8nR3eDlkBbuLER PPhhiiisshhiiinngg ssiiitttee ddeettteeccttteedd (((bbaasseedd oonn llilomogg… AJv3zcU0H7s6bMwEg?e= 4%3ajV6tDZ&at=9 HPHThTiMshLLi n bbgoo dsdyiyt e cc odonentttaeaiciinntses d llloo (wwb a nnsuuemdb boeenrrr loofffg … Ransomware Miner Spreading Analysis ID: 406830 HHTTMLL ttbtiiittotllleed ydd ocoeoesns t nanoionttt s m loaawtttcc hhn uUUmRRbLLer of mmaallliiiccciiioouusss Infos: malicious Evader Phishing MHToonMniiittLtoo rrtrsist l ecce edrrrotttaaeiiinsn nrrreeoggt iiimsstttrarryyt c kkhee yUyssR ///L vvaallluu… sssuusssppiiiccciiioouusss Moonniittoorrss cceerrttaaiinn rreeggiissttrryy kkeeyyss // vvaalluu… suspicious Most interesting Screenshot: cccllleeaann SMSuuobbnmitoiiitttr bsb uuctttetttoortnna iccnoo rnnetttagaiiinsntssr y jjja akvveaayssscc rr/ri iipvptatt clcuaallllll clean Exploiter Banker Submit button contains javascript call HTMLPhisher Spyware Trojan / Bot Adware Score: 56 Range: 0 - 100 Whitelisted: false Confidence: 100% Startup System is w10x64 iexplore.exe (PID: 4292 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 5400 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) iexplore.exe (PID: 724 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:82952 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) dllhost.exe (PID: 6600 cmdline: C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D} MD5: 2528137C6745C4EADD87817A1909677E) explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D) cleanup Malware Configuration No configs have been found Yara Overview Dropped Files Source Rule Description Author Strings C:\Users\user\AppData\Local\Microsoft\Windows\INet JoeSecurity_HtmlPhish_10 Yara detected Joe Security Cache\IE\OTUW0Q90\ESsoCnIn0KVAvpl8nR3eDl HtmlPhish_10 kBbuLERAJv3zcU0H7s6bMwEg[1].htm Sigma Overview No Sigma rule has matched Copyright Joe Security LLC 2021 Page 3 of 63 Signature Overview • Phishing • Compliance • Networking • System Summary • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • HIPS / PFW / Operating System Protection Evasion Click to jump to signature section Phishing: Yara detected HtmlPhish10 Phishing site detected (based on image similarity) Phishing site detected (based on logo template match) Mitre Att&ck Matrix Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Impact Valid Scripting 1 Path Process Masquerading 1 OS Query Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Interception Injection 2 Credential Registry 1 Services Local Over Other Channel 2 Insecure Track Device System Dumping System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Security Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 2 Memory Software Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery 1 Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Scripting 1 Security Process SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script Account Discovery 1 Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups Local At Logon Script Logon Binary Padding NTDS File and Distributed Input Scheduled Protocol SIM Card Carrier Accounts (Windows) (Mac) Script Directory Component Capture Transfer Impersonation Swap Billing (Mac) Discovery 1 Object Model Fraud Behavior Graph Copyright Joe Security LLC 2021 Page 4 of 63 Hide Legend Legend: Behavior Graph Process ID: 406830 URL: https://hmk-my.sharepoint.c... Signature Startdate: 07/05/2021 Architecture: WINDOWS Created File Score: 56 DNS/IP Info Is Dropped hmk.sharepoint.com hmk-my.sharepoint.com 2 other IPs or domains Is Windows Process started started Number of created Registry Values Phishing site detected Number of created Files Phishing site detected Yara detected HtmlPhish10 (based on logo template (based on image similarity) match) Visual Basic Delphi iexplore.exe Jdllahovsta.exe .Net C# or VB.NET 5 84 C, C++ or other language Is malicious 192.168.2.1 unknown statics-wcus.onestore.ms 8 other IPs or domains started started Internet injected unknown iexplore.exe iexplore.exe explorer.exe 2 47 333 blob.bl6prdstr14a.store.core.windows.net cs1227.wpc.alphacdn.net spoprod-a.akamaihd.net hmk.sharepoint.com 3 other IPs or domains dropped 52.239.152.74, 443, 49800, 49801 192.229.221.185, 443, 49777, 49778 10 other IPs or domains MICROSOFT-CORP-MSN-AS-BLOCKUS EDGECASTUS United States United States ESsoCnIn0KVAvpl8nR...cU0H7s6bMwEg[1].htm, HTML Screenshots Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2021 Page 5 of 63 Antivirus, Machine Learning and Genetic Malware Detection Initial Sample Source Detection Scanner Label Link https://hmk- 0% Virustotal Browse my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3z cU0H7s6bMwEg?e=4%3ajV6tDZ&at=9 https://hmk- 0% Avira URL Cloud safe my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3z cU0H7s6bMwEg?e=4%3ajV6tDZ&at=9 Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains No Antivirus matches URLs Copyright Joe Security LLC 2021 Page 6 of 63 Source Detection Scanner Label Link www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe https://www.microsoftstore.com.cn/surface-pro-x-configurate 0% Avira URL Cloud safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://www.microsoftstore.com.cn/surface/surface-pro-7 0% Avira URL Cloud safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico
Load more

Recommended publications
  • Microsofts-Tjenestea
    Vi bruker informasjonskapsler til å forbedre opplevelsen på nettstedene våre og til Godta alle Behandle informasjonskapsler annonsering. Personvernerklæring Gå til hovedinnhold Microsoft Microsofts tjenesteavtale Microsofts tjenesteavtale Microsofts tjenesteavtale Hjem Vanlige spørsmål Microsofts tjenesteavtale Microsofts personvernerklæring Side for Bing-leverandører Mer Alt fra Microsoft Microsoft 365 Office Windows Surface Xbox Spesialtilbud Kundestøtte Programvare Windows-apper OneDrive Outlook Skype OneNote Microsoft Teams PCer og enheter Kjøp Xbox Tilbehør Underholdning Xbox Game Pass Ultimate Xbox Live Gold Xbox og spill PC-spill Windows-spill Filmer og TV Bedrift Microsoft Azure Microsoft Dynamics 365 Microsoft 365 Microsoft Industry Dataplattform Microsoft Advertising Power Platform Kjøp for bedrifter Developer & IT .NET Windows Server Windows Utviklingssenter Dokumenter Power Apps HoloLens 2 Annen Microsoft Rewards Gratis nedlastinger og sikkerhet Utdanning Gavekort Lisensiering Vis områdekart Søk på Microsoft.com SøkSøk på Microsoft.com Avbryt Publisert: 1. august 2020 Ikrafttredelsesdato: 1. oktober 2020 Skriv ut Microsofts tjenesteavtale Disse vilkårene ("Vilkår") dekke bruken av Microsoft-forbrukerprodukter, nettsteder og tjenester som er oppført på slutten av disse vilkårene her (#serviceslist) ("Tjenester"). Microsoft kommer med et tilbud til deg ved å gi deg muligheten til å abonnere på, bruke og/eller bestille Tjenestene. Du godtar disse vilkårene ved å opprette en Microsoft-konto, ved å bruke Tjenestene, eller ved å
    [Show full text]
  • Apple Is Killing Off 235 Mac Apps When It Launches Macos Catalina – Here’S What You Should Do
    Apple Is Killing Off 235 Mac Apps When It Launches MacOS Catalina – Here’s What You Should Do Apple Is Killing Off 235 Mac Apps When It Launches MacOS Catalina – Here’s What You Should Do 1 / 3 2 / 3 Apple is prone to formally launch macOS Catalina after its iPhone 11 ... Apple is killing off 235 Mac apps when it launches macbook OS ... This is because macOS Catalina now will not help 32-bit applications, ... You may be able to see the full list of applications in The Tape Drive. ... What must you do?. Apple is killing off 235 Mac apps when it launches macOS Catalina – here's what you should do ... and MacBooks brings plenty of new features, it's also killing off 235 apps – which means they will no longer be able to run.. Apple is killing off 235 Mac apps when it launches macOS Catalina – here's ... For those who do have any 32-bit apps put in, you'll have to examine to see if .... Releases of Mac OS X from 1999 to 2005 ran on the PowerPC-based Macs of that period. After Apple announced that they were switching to Intel CPUs from .... The OPPO Watch uses OPPO's custom Android-based operating system ColorOS and offers the functionality you would expect from a .... But as you might expect, Catalina also includes dozens of small Apple announced ... 6 days ago Launched in October 2019, macOS Catalina is Apple's latest ... Here's how Catalina promises to make your Mac A new feature in MacOS ..
    [Show full text]
  • Open Session IICSA Inquiry - Internet Hearing 14 May 2019
    Open Session IICSA Inquiry - Internet Hearing 14 May 2019 1 Tuesday, 14 May 2019 1 to ask you a little bit about your two children, 2 (10.30 am) 2 starting with your daughter, please, and at 3 (In Open Session) 3 paragraph 20, chair, in the witness statement. 4 THE CHAIR: Good morning, everyone, and welcome to Day 2 of 4 IN-H1, is this right? That, sadly, your daughter, 5 this two-week public hearing. 5 when she was younger, aged 5, was sexually abused 6 Ms Carey? 6 herself at that age? 7 MS CAREY: Thank you, chair. We're firstly going to hear 7 A. She was. 8 this morning from IN-H1. I ask that she now be sworn, 8 Q. I think it happened at a time when you were away for 9 please. 9 a week and it was whilst you were away that the abuse 10 WITNESS IN-H1 (affirmed) 10 happened? 11 (Evidence given via videolink) 11 A. It did. 12 Examination by MS CAREY 12 Q. I think the person that did that was arrested but 13 MS CAREY: IN-H1, good morning. I'm going to ask you some 13 nothing further happened to him; is that right? 14 questions, please, about your witness statement that 14 A. Yes, that's true. 15 I hope you have in front of you. 15 Q. And as well as dealing with that, your daughter was 16 A. I do. 16 bullied at school, she became a little bit of a bully, 17 Q.
    [Show full text]
  • Surface™ Product Solutions
    Surface Pro Surface Go Surface Laptop Go Surface Laptop Surface Pro X Surface Book Surface™ Product Solutions The Ultimate Accessories to Enhance Security, Productivity and Wellbeing Surface Studio Surface™ Pro Solutions SD7000 Surface™ Pro Docking Station Kensington have worked together with The SD7000 delivers the ultimate Surface™ experience. Built on Microsoft’s proprietary Surface Connect technology, the SD7000 is a Microsoft engineers to develop a powerful docking station allowing users to connect to two external range of officially licensed monitors, USB peripherals and a wired network. Designed for Surface accessories. This means that the product Work upright using the Surface has been designed and tested as a display or angle it flat to assure proper fit and to use as a graphics tablet in function with a Surface Studio mode device, ensuring a great customer experience. K62917EU USB-C™ Gigabit HDMI port Ethernet Combo 3.5mm 4 x Kensington With the optional Locking Kit Audio In/Out USB 3.0 DisplayPort++ Security Slot™ (K62918EU/K63251M) to secure the Surface Pro, the SD7000 offers best- in-class docking Security Solutions Control Solutions Protection Solutions Connectivity Solutions SureTrack™ Dual Wireless Mouse Black - K75298WW | Blue - K75350WW For Surface™ Pro 7 Keyed Cable Lock for Grey - K75351WW | Red - K75352WW BlackBelt™ Rugged Case USB-C ™ to Dual HDMI Adapter Surface™ Pro & Surface™ Go White - K75353WW for Surface™ Pro 7/6/5/4 K38286WW The SureTrack™ mobile mouse tracks on multiple Connect the Surface™ Pro 7 to two HDMI 4K K62044WW K97951WW surfaces (including glass) and offers 2.4GHz, monitors @ 30Hz. Clamps around kickstand to physically secure Bluetooth 3.0 and Bluetooth 5.0 connectivity.
    [Show full text]
  • Surface Go 2 for Education Größeres, Helleres Und Brillanteres Touchscreen-Display Bei Gleicher Entdecken Sie Unbegrenztes Lernen Mit Surface Go 2 Kompakter Größe
    FUNKTIONEN: Surface Go 2 for Education Größeres, helleres und brillanteres Touchscreen-Display bei gleicher Entdecken Sie unbegrenztes Lernen mit Surface Go 2 kompakter Größe Schneller Begleiter für alle essenziellen Entfesseln Sie die Kreativität Ihrer Schüler mit Anwendungen, die Sie täglich benötigen. Surface Go 2 – einem leistungsfähigen, Dank Intel® Pentium®-Prozessor oder vielseitigen Gerät für Bildung und Forschung. Intel® Core™ m3-Prozessor der 8. Generation ist Surface Go 2 schneller als 10 Holen Sie das Beste aus jeder Unterrichtsstunde Surface Go. heraus mit einem schnellen Begleiter und allen essenziellen Anwendungen, die Schüler täglich Viel Leistung für unterwegs dank der 9 im Unterricht benötigen. Surface Go 2 bietet verbesserten Akkulaufzeit für den ganzen Schülern Leistung, Mobilität und eine verbesserte Schultag. In Kombination mit Surface Akkulaufzeit für den ganzen Schultag.9 Dock* und Fast Charging kann der Akku in etwas weniger als einer Stunde zu 80 % geladen werden.11 Kein WLAN – kein Problem. Neben WLAN bietet das optionale LTE Advanced12 eine reibungslose und sichere Konnektivität, damit Schüler von nahezu überall aus arbeiten können. Tools für jede Aufgabe. Kombinieren Sie Surface Go 2 mit dem Surface Go Type Cover* und der Surface Mobile Mouse*, um es wie einen Laptop zu nutzen, oder schreiben und zeichnen Sie mit Surface Pen*. Technische Daten: Surface Go 2 245 mm x 175 mm x 8,3 mm WLAN: Kompatibel mit IEEE 802.11 a/b/g/n/ac/ax, Bluetooth® Abmessungen (9,65 Zoll x 6,9 Zoll x 0,33 Zoll) Wireless 5.0-Technologie, Qualcomm® Snapdragon™ X16 LTE- Netzwerk Modem, bis zu 600 Mbps LTE Advanced13 mit nanoSIM- Bildschirm: PixelSense™-Display (10,5 Zoll) Unterstützung.
    [Show full text]
  • Lightweight Portability for the Task at Hand
    Lightweight portability for the task at hand Meet the new Surface Go 2 for Federal Always on the go Work wherever, whenever with ease. The lightest Microsoft Surface 2-in-1 device features a bigger 10.5-inch touchscreen display, either Pentium processors or a newly introduced 8th Intel® Core™ Processor option, up to 10 hours of battery life, and still weighs just 1.2 pounds. Equipped for government use Protect your device with the Kensington BlackBelt Rugged Case with Integrated CAC Reader, and military-grade drop protection or the IOGEAR Smart Card Reader Hub for Surface. These FIPS 201–compliant smart card readers provide a highly secure connection to your network. Work more securely, on your terms Whether you need to physically disable cameras or just want to better secure all aspects of your corporate endpoints, Surface Enterprise Management Mode (SEMM) provides a scalable deployable utility to meet this need. Administrators can selectively choose to enable or disable hardware- based components, in addition to boot options, on a per-device basis—all secured via PKI. Warranty Support you can Trust Work without worries, knowing you can receive quick and reliable support through Microsoft’s service partnership with ITG. Choose 3-year, 4- year, or 5-year onsite warranties w/Keep Your Hard Drive, receive support by the next business day, and remain in full compliance with regulations. TECHNICAL DETAILS 9.65” x 6.9” x 0.33” eMMC drive: 64GB (Wi-Fi) Dimensions (245 mm x 175 mm x 8.3 mm) Storage6 Solid-state drive (SSD): 128GB (Wi-Fi or LTE);
    [Show full text]
  • Surface Go 2 Fact Sheet May 2020
    Surface Go 2 Fact Sheet May 2020 We created Surface Go to bring a more affordable and portable 2:1 to the Surface line. Businesses, schools, students and families have chosen Surface Go for its compact design, the versatility of a touchscreen, keyboard, Pen and the added connectivity of LTE Advanced. The newest Surface Go 2 was designed with those same people in in mind. Surface Go 2 keeps the same thin, lightweight design, but now offers a larger 10.5” edge-to-edge PixelSense display, improved battery life, dual Studio Mics, a 5MP front-facing camera and faster performance than the original with new Intel 8th generation processors. Surface Go 2 is perfect companion for your everyday tasks, homework, and play — delivering tablet portability with laptop versatility, all-day battery life, and Windows security for the whole family Top Features and Benefits • Most Versatile. Surface Go 2 gives you tablet portability and a full laptop experience with built-in Kickstand and Signature Type Cover1 in one compact design. Starting at just 1.2 pounds (not including Type Cover*), Surface Go 2 is our lightest and most affordable Surface yet, helping you stay connected wherever you are. Connect the Surface Go 2 Signature Type Cover* for a great typing experience when and where you need it — now in a choice of new colors2 for fast and accurate typing with an integrated glass trackpad for precise navigation. With Surface Go 2, you have your go-to Microsoft 365 apps3 at your fingertips: Glance and edit in Word and PowerPoint or take notes in OneNote from anywhere.
    [Show full text]
  • Surface Laptop Go Contract 2021
    Name: ______________________________ Grade: ____ Surface Laptop Go Contract 2021 - 2022 GREATER MIAMI ADVENTIST ACADEMY Surface Laptop Go Initiative Greater Miami Adventist Academy, in support of its educational mission, has acquired internet-connected computing devices for every student in grades kindergarten through twelfth grade. These devices will be used to support learning activities in the classroom. For grades four through twelve, the school has purchased Microsoft Surface Laptop Go devices. Ownership Just like any library book, every Surface Laptop Go is owned and managed by Greater Miami Adventist Academy. Students and families who agree to the terms of this contract will be permitted to use a device for the duration of the 2021-2022 school year. Students are permitted to take their devices home in order to complete learning activities using the device. This device, protective case, and all charging cables should be returned in good condition at the end of the school year. Device Protection Students will be provided with a case for the Surface Laptop Go to prevent accidental damage during the school year. While these cases offer quite a bit of protection, no case can prevent all damage. Please treat the school’s device with care through the year. Students are responsible for any damage to the school’s devices. Due Care and Damage Policy Students are to exercise due care with the school’s Surface Laptop Go. Devices should not be left unsecured, and heavy items should not be placed on top of the device. In the event that a student damages a device, such damage should be immediately reported to the GMAA IT Department.
    [Show full text]
  • Netclean Report 2019
    NETCLEAN REPORT 2019 A REPORT ABOUT CHILD SEXUAL ABUSE CRIME 1 INTRODUCTION INTRODUCTION p. 4–5 EXECUTIVE SUMMARY p. 6–7 ABOUT THE REPORT p. 8–9 RESULTS EIGHT INSIGHTS INTO CHILD SEXUAL ABUSE CRIME p. 10–11 PART ONE: LAW ENFORCEMENT SURVEY p. 12–13 1. The spread of live-streamed child sexual abuse p. 14–17 2. Victims of live-streamed child sexual abuse p. 18–19 3. Offenders who consume live-streamed child sexual abuse p. 20–25 4. How child sexual abuse material is stored p. 28–31 5. Apps and platforms are used to store and distribute child sexual abuse material p. 32–33 6. Emerging technologies – trends, challenges and opportunities p. 36–40 PART TWO: BUSINESS SURVEY p. 44–45 7. Businesses’ use of policies and action plans to protect their IT environment from child sexual abuse material p. 46–47 8. Businesses’ use of technologies to protect their IT environment from child sexual abuse material p. 48–49 PART THREE: MAPPING OF TECHNOLOGIES p. 52–53 Binary hashing p. 54 Robust hashing p. 55 Artificial Intelligence p. 56 Keyword matching p. 57 Filter technology p. 58 Blocking technology p. 59 IN CLOSING TECHNOLOGY – A DRIVER OF BOTH PROBLEM AND SOLUTION p. 60 SAFEGUARDED CHILDREN IN 2018 AND ACKNOWLEDGEMENTS p. 62 2 3 INTRODUCTION BY USING TECHNOLOGY TO About John F. Clark and NCMEC John F. Clark is president and CEO of the National Center OUR ADVANTAGE WE for Missing & Exploited Children (NCMEC). Clark has an extensive law-enforcement background, including 28 years with the United States Marshals Service (USMS).
    [Show full text]
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 17 | January through June, 2014 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. Copyright © 2014 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Dennis Batchelder Nam Ng Tim Rains Microsoft Malware Protection Microsoft Trustworthy Microsoft Trustworthy Center Computing Computing Joe Blackbird Niall O'Sullivan Jerome Stewart Microsoft Malware Protection Microsoft Digital Crimes Unit Microsoft Digital Crimes Unit Center Daryl Pecelj Holly Stewart Paul Henry Microsoft IT Information Microsoft Malware Protection Wadeware LLC Security and Risk Management Center Sriram Iyer Anthony Penta Todd Thompson Application and Services Group Windows Services Safety Microsoft IT Information Platform Security and Risk Management Jeff Jones Microsoft Trustworthy Simon Pope Terry Zink Computing Microsoft Trustworthy Exchange Online Protection Computing Aneesh Kulkarni Geoff McDonald Windows Services Safety Ina Ragragio Microsoft Malware Protection Platform Microsoft Malware Protection Center Center Marc Lauricella Microsoft Trustworthy Computing Contributors Tanmay Ganacharya Sean Krulewitch Takumi Onodera
    [Show full text]
  • ICT Usage Among Children, Parents Are Frequently Concerned About Their Children's Ability to Navigate the Internet Safely
    Children’s Rights & the Internet GOOD PRACTICE Case Study: Amigos Conectados The Walt Disney Company Latin America is a leader in family Project by The Walt Disney entertainment in the region and assumes this role with great Company Latin America and responsibility. Disney strives to create products in an ethical Chicos.net manner and promote the happiness and well being of kids and families everywhere. Since the launch of its first Internet site in 1995, Disney has been committed to promoting both safe Internet practices for children and parental involvement in kids’ online experiences. Disney conducts online safety media and educational outreach campaigns aimed at building awareness and educating kids, parents, and caregivers on how to be safe and have fun online. Children’s rights Issue or Risk With increased ICT usage among children, parents are frequently concerned about their children's ability to navigate the Internet safely. Additionally, the digital divide, once primarily associated with one's access to the Internet, is now also impacted heavily by digital literacy – how well users understand ICT risks and how to responsibly leverage all that technology has to offer. ICT use among children continues to expand rapidly bringing with it a diverse set of opportunities and challenges and risks. On the one hand the Internet has placed the world's information at our fingertips, shaping culture, communication and learning. On the other hand, as technologies become increasingly accessible and portable, children and teenagers are presented with new scenarios that parents, teachers and technology product/service providers must work to understand to better guide them and protect them.
    [Show full text]
  • Online Sexual Exploitation of Children in the Philippines 1
    The sexual exploitation of children is, sadly, not a new phenomenon. It has existed for many centuries, has victimized children of any age from all countries, and has been committed by offenders of all backgrounds from around the world. What has changed however, are the ways in which these offences occur and the mechanisms that facilitate these types of abuse. In the last fifteen years there has been a significant increase in the use of technologies internationally. Across much of the globe, it is hard to find a person without at least one mechanism that allows them to access the Internet at the mere touch of a button. However, as history will teach us, with every new invention there will be misuse - this has never been more evident than with online technologies and the Internet. Technological advancements have changed the ways through which children are sexually exploited – online child sexual exploitation continues to grow exponentially with hotlines around the world reporting a consistent and continual increase in number of cases every year. Efforts internationally are responding to these increases. We are seeing police agencies utilizing technology to help them further investigations and more and more industry partners are exploring how they can be part of the solution. Additionally, non-government agencies continue to seek out new opportunities to enhance their support to victims in their communities through supporting criminal justice and social service system development, survivor care, and community-based support mechanisms. Never before has it been more important to work together to protect children. But in order to do just that, it is imperative that we know more about these crimes against children.
    [Show full text]