Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG

Overview

General Information

Sample URL:https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG
Analysis ID:1467850

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
Invalid T&C link found
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,4129686458143356249,5395737620641479105,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    1.3.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It uses a domain 'linodeobjects.com' which is not associated with Microsoft. The subdomain 'authitca-adobue-sign' is designed to look like a legitimate service but is misleading. The image shows the Microsoft logo, indicating an attempt to impersonate Microsoft. There is no prominent login form or captcha visible in the image, but the use of social engineering techniques is evident in the URL structure and branding. The legitimate domain for Microsoft services is 'microsoft.com'. DOM: 1.2.pages.csv
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain uses a combination of unrelated terms and a hosting service (linodeobjects.com) that is not associated with Microsoft. The page contains a prominent login form asking for sensitive information, which is a common tactic in phishing attacks. Additionally, the URL structure and the use of social engineering techniques to mimic a legitimate Microsoft login page further indicate that this is a phishing site. DOM: 1.3.pages.csv
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 1.2.pages.csv, type: HTML
      Source: Yara matchFile source: 1.3.pages.csv, type: HTML
      Phishing site detected (based on image similarity)
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlMatcher: Found strong image similarity, brand: MICROSOFT
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: Number of links: 0
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: Total embedded image size: 18628
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: Invalid link: After the death of Rachmaninoff, the villa stayed in possession of the family. His grand child Alexandre Rachmaninoff Conus established the Rachmaninoff foundation. After the death of Rachmaninoff Conus, his will mentioned Lucerne as a possible inheritor, but it was not worded properly enough. In order to prevent a possible legal case between Lucerne and his descendants the bought the estate in 2022 and on the 1 April 2023, the 150th birthday of Rachmaninoff, the Villa was made accessible to the public.
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: Invalid link: After the death of Rachmaninoff, the villa stayed in possession of the family. His grand child Alexandre Rachmaninoff Conus established the Rachmaninoff foundation. After the death of Rachmaninoff Conus, his will mentioned Lucerne as a possible inheritor, but it was not worded properly enough. In order to prevent a possible legal case between Lucerne and his descendants the bought the estate in 2022 and on the 1 April 2023, the 150th birthday of Rachmaninoff, the Villa was made accessible to the public.
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: <input type="password" .../> found
      Source: https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tGHTTP Parser: No favicon
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: No favicon
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: No <meta name="author".. found
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: No <meta name="author".. found
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: No <meta name="copyright".. found
      Source: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmlHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49720 version: TLS 1.2
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: authitca-adobue-sign.us-ord-1.linodeobjects.com
      Source: global trafficDNS traffic detected: DNS query: ba3393a6.parecorps.com
      Source: global trafficDNS traffic detected: DNS query: openfpcdn.io
      Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49720 version: TLS 1.2
      Source: classification engineClassification label: mal60.phis.win@14/20@18/62
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,4129686458143356249,5395737620641479105,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1944,i,4129686458143356249,5395737620641479105,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      openfpcdn.io
      		13.32.99.103
      		truefalse
        		unknown
        a.nel.cloudflare.com
        		35.190.80.1
        		truefalse
          		unknown
          code.jquery.com
          		151.101.130.137
          		truefalse
            		unknown
            ba3393a6.parecorps.com
            		188.114.96.3
            		truefalse
              		unknown
              cdnjs.cloudflare.com
              		104.17.25.14
              		truefalse
                		unknown
                www.google.com
                		142.250.185.100
                		truefalse
                  		unknown
                  s-part-0035.t-0009.t-msedge.net
                  		13.107.246.63
                  		truefalse
                    		unknown
                    s-part-0032.t-0009.t-msedge.net
                    		13.107.246.60
                    		truefalse
                      		unknown
                      authitca-adobue-sign.us-ord-1.linodeobjects.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tGtrue
                          		unknown
                          https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.htmltrue
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.186.68
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            13.107.246.63
                            		s-part-0035.t-0009.t-msedge.netUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            1.1.1.1
                            		unknownAustralia
                            		13335CLOUDFLARENETUSfalse
                            216.58.206.74
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            74.125.133.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.185.100
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            13.107.246.60
                            		s-part-0032.t-0009.t-msedge.netUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            151.101.130.137
                            		code.jquery.comUnited States
                            		54113FASTLYUSfalse
                            13.32.99.103
                            		openfpcdn.ioUnited States
                            		16509AMAZON-02USfalse
                            172.232.0.221
                            		unknownUnited States
                            		20940AKAMAI-ASN1EUfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            188.114.97.3
                            		unknownEuropean Union
                            		13335CLOUDFLARENETUSfalse
                            188.114.96.3
                            		ba3393a6.parecorps.comEuropean Union
                            		13335CLOUDFLARENETUSfalse
                            142.250.186.131
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            35.190.80.1
                            		a.nel.cloudflare.comUnited States
                            		15169GOOGLEUSfalse
                            216.58.212.174
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            104.17.25.14
                            		cdnjs.cloudflare.comUnited States
                            		13335CLOUDFLARENETUSfalse

                            Private

                            IP
                            192.168.2.16

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1467850
                            Start date and time:2024-07-04 22:06:26 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:11
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal60.phis.win@14/20@18/62

                            Warnings

                            • Exclude process from analysis (whitelisted): SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 184.28.90.27, 142.250.186.131, 74.125.133.84, 216.58.212.174
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, e16604.g.akamaiedge.net, clientservices.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                            • Not all processes where analyzed, report is missing behavior information
                            • VT rate limit hit for: https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG

                            LLM Input / Output

                            InputOutput
                            URL: https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG Model: Perplexity: mixtral-8x7b-instruct
                            {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers (CVV).","The text does not create a sense of urgency or interest as it only provides a notice about redirection and does not contain any calls to action like 'Click here to view document' or 'To view secured document click here'.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism as there are no challenges or tests presented to the user."]}
                            Title: Redirect Notice OCR: Redirect Notice The previous page is sending you to https //authitca-adobue-sign.us-ord-l linodeobjects.com/apts html_ If you do not want to visit that page, you can return to the previous uge.
                            URL: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html Model: Perplexity: mixtral-8x7b-instruct
                            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers (CVV).","However, the text does not create a sense of urgency or interest as it does not contain any calls-to-action related to viewing documents or invoices."]}
                            Title: Sign in to Best Productivity Provider OCR: Microsoft
                            URL: https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html Model: Perplexity: mixtral-8x7b-instruct
                            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","The text does not create a sense of urgency.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                            Title: Sign in to Best Productivity Provider OCR: Microsoft Sign in to continue to Out&k Email, phone, or Skype Dismiss Cent access your acc Next
                            URL: https://authitca-adobue-sign.us-ord-1.linodeobjects.com Model: gpt-4o
                            ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": false,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It uses a domain 'linodeobjects.com' which is not associated with Microsoft. The subdomain 'authitca-adobue-sign' is designed to look like a legitimate service but is misleading. The image shows the Microsoft logo, indicating an attempt to impersonate Microsoft. There is no prominent login form or captcha visible in the image, but the use of social engineering techniques is evident in the URL structure and branding. The legitimate domain for Microsoft services is 'microsoft.com'."}
                            URL: https://authitca-adobue-sign.us-ord-1.linodeobjects.com Model: gpt-4o
                            ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://authitca-adobue-sign.us-ord-1.linodeobjects.com' is highly suspicious. It does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain uses a combination of unrelated terms and a hosting service (linodeobjects.com) that is not associated with Microsoft. The page contains a prominent login form asking for sensitive information, which is a common tactic in phishing attacks. Additionally, the URL structure and the use of social engineering techniques to mimic a legitimate Microsoft login page further indicate that this is a phishing site."}

                            Created / dropped Files

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 19:06:58 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.99102323113626
                            Encrypted:false
                            SSDEEP:
                            MD5:545B6A16BFADAA78ECD7575924C1B4C1
                            SHA1:196A03B38454C58BBAD0A0729C290677BC68FE84
                            SHA-256:3A4956799784A8F1435A74034D0F8204CB9E87E02ABAF7CC98F3FAEFBE2CE95F
                            SHA-512:2D8F4FFB9B100C415A84E5B785034EF28B683DEE036BC24D9838C0A40A431D663F2E1024E9CEC47A1549F4347A6ABEC23F2ABD531F9A823052A64A5B59359953
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....:v.M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 19:06:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.004419429399191
                            Encrypted:false
                            SSDEEP:
                            MD5:6CECCE525B7B08B7B1C5E07A7652F0C1
                            SHA1:D99B03B30E12E0EBB57F56999B6A5A91DD4BFE6E
                            SHA-256:C8CA455F610C3205835219346458B035673FDD5286D471B4C7BCDAED4B69B5DE
                            SHA-512:9245D97308A1492D0CBD59F4ED085573309F4D380652E588FB8CBB6BD8521C534643F1E11A487C5999713DD51E02E9355DBA52F4F45A36F76881104CE83CE0C6
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....y>k.M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.013068421917127
                            Encrypted:false
                            SSDEEP:
                            MD5:1BA3A8DDA87985A55E7A784997B77DB2
                            SHA1:4FD74DDA808CF78E90879E76EFEDF6B62FF724C3
                            SHA-256:427B355B63ED6B77363125AFF23E3649A57105CF257861B10E01C7A76B180BCB
                            SHA-512:3FCC33F339DE7247380115A2BEC7608256369F80E94546B14387E083D967F36D71D7B49CFB341C53D8A7622E0EDB76860CD0468F5D5F54DAE6D55558BD4F9F95
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 19:06:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9996645912664053
                            Encrypted:false
                            SSDEEP:
                            MD5:3DF6185ED3C62DA978A670140F1AE3E6
                            SHA1:E9682F78C423FBD1D6E728526A5BB04B6ADD5E10
                            SHA-256:9264655A5635F71237A23DCC7810709784AB37A70AA6F7AB18CE16DB56CCAB27
                            SHA-512:BF934853955D2DC293F757F98D9F483BA1822D02F9CFF4B5DBC197627D222303E23F2EABF4F756A67304E83F9C1D3F615951B66B5F3D1049FC0695BFF71BBFFA
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....\.e.M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 19:06:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9908098038822883
                            Encrypted:false
                            SSDEEP:
                            MD5:911F93CF5837473943F5046152CBCC9E
                            SHA1:E4F78DD1BC668746319355D0D09EAC8FB91CD55D
                            SHA-256:6768BD132E51E5452D887CE704A7DF06393D23D0C397D27650CEA6957976F30E
                            SHA-512:CB396AB0D9147CCF4CF6E0B1056B7B4A409D64CD4D63A2D9E5D8DA44626402E4DEFFAB4762A694877BB2D892706B2A16B4B0C2EC7AD36759B62D093304103254
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....1q.M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 19:06:57 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):4.001347492681736
                            Encrypted:false
                            SSDEEP:
                            MD5:CB2C03C2264F4AB692CB43FC856EBD31
                            SHA1:6A2B2857C522F81D4DD370950496C2A72DE32693
                            SHA-256:A558703A25DCB1E8B02E577FD44F638DDD7580644921EE51F0F5272A9D0B080C
                            SHA-512:9A0D02144F62EAD7D99825F78EBB4CACC0F180CEF81E94935501127E4CE95ED2E697B23EAE414095FDD6E66F0042B4C78665EDB77826B790CBD88D2AAC3C2DEC
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,......\.M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$,.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Chrome Cache Entry: 57

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):196
                            Entropy (8bit):3.2757766180548793
                            Encrypted:false
                            SSDEEP:
                            MD5:20245887376E0C279F4A000B51FB4013
                            SHA1:44C3D6A76BD51860CBDE07ED622EADBCFF12DE14
                            SHA-256:D9A8F8F1143B74E81E1E8A78BAA7CF609B33CF50489CD75A3CF505F41623922A
                            SHA-512:8E42D983B383C0BA1308D72B35C0E3C80E69E6A641E6941C5753ADF3B7EA365809D10CA88942B9D1F454D48C7793EB4B04A36A42AC14A5AFC04EA14944BA3FFB
                            Malicious:false
                            Reputation:unknown
                            URL:https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html
                            Preview: <html> <body> </body> <script> import("https://ba3393a6.parecorps.com/s/c36f91555"); </script> </html>

                            Chrome Cache Entry: 58

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (32030)
                            Category:downloaded
                            Size (bytes):86709
                            Entropy (8bit):5.367391365596119
                            Encrypted:false
                            SSDEEP:
                            MD5:E071ABDA8FE61194711CFC2AB99FE104
                            SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                            SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                            SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                            Malicious:false
                            Reputation:unknown
                            URL:https://code.jquery.com/jquery-3.1.1.min.js
                            Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

                            Chrome Cache Entry: 59

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (1604), with no line terminators
                            Category:downloaded
                            Size (bytes):1604
                            Entropy (8bit):5.49561347388135
                            Encrypted:false
                            SSDEEP:
                            MD5:C3C34ECC742FCD3546F962D44C528272
                            SHA1:AEC5B3E4FBF59A261CCC8DE60B40289859CF2514
                            SHA-256:0328CE1DDDE7FCE865F99F28C3C103851881B47DB1ECAB2BF869E241F243EDD4
                            SHA-512:DDDFF1B56BB2C44C79A6D5CB886C3554E5AB5003F55D2957492C363C6DC01D20669845BC2149B9364B44038A908132483D724308BE465DB309BC11C86724ED63
                            Malicious:false
                            Reputation:unknown
                            URL:https://www.google.com/url?q=https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html&sa=D&source=editors&ust=1720118061448441&usg=AOvVaw1WUHTIwDQHQCe4Um2Fp0tG
                            Preview:<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice</b></font></div></div><div class="fTk7vd">&nbsp;The previous page is sending you to <a href="https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html">https://authitca-adobue-sign.us-ord-1.linodeobjects.com/apts.html</a>.<br><br>&nbsp;If you do not want to visit that page, you can <a href="#" id="tsuid_4QCHZtT5Bqiri-gPm_es-A0_1">return to the previous page</a>.<scr

                            Chrome Cache Entry: 61

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (3341)
                            Category:downloaded
                            Size (bytes):21785
                            Entropy (8bit):5.0332064978353275
                            Encrypted:false
                            SSDEEP:
                            MD5:9C2CC419BB872D13F6DF4CB50C10D85F
                            SHA1:D5A03F1517640F234622885070DFBC5877DB8A5C
                            SHA-256:353D6A52CA1C8359E43BC14C70BF5EDA81BD4F308BC1F516604C059D4C7ED9F7
                            SHA-512:AB33507CE26970D2D844D03C7F5A3F8A38C67B8C6879662F5A2BBAE648BA04F742253A77D172CE2DDEBEB89066DFE0742D8E5D3D463D10DCFC7B038BB4E51895
                            Malicious:false
                            Reputation:unknown
                            URL:https://ba3393a6.parecorps.com/s/c36f91555
                            Preview:var loader = `<html><head>. . <style>. #e053da03 {. position: fixed;. top: 0;. bottom: 0;. left: 0;. right: 0;. background-color: #fff;. }. #b1634016d5 {. position: fixed;. top: calc(50vh - 90px);. left: calc(50vw - 90px);. width: 180px;. height: 180px;. }. #c051abdbc228ba5 {. position: fixed;. bottom: 36px;. left: calc(50vw - 45px);. }. .dark #loadingScreen {. background-color: #333;. }. #bd15850e {. animation : c22614886 3000ms linear 1 normal forwards;. animation-iteration-count: 1000;. }. #b9a37786 {. animation : ab61862e649c0 3000ms linear 1 normal forwards;. animation-iteration-count: 1000;. }. #b202648bc57 {. animation : a349f0d8ca2b83 3000ms linear 1 normal forwards;. animation-iteration-count: 1000;. }. #fd917964ecc5 {. animation : b54291fd4 3000ms linear 1 normal forwards;. animation-i

                            Chrome Cache Entry: 62

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                            Category:dropped
                            Size (bytes):5430
                            Entropy (8bit):3.6534652184263736
                            Encrypted:false
                            SSDEEP:
                            MD5:F3418A443E7D841097C714D69EC4BCB8
                            SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                            SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                            SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                            Malicious:false
                            Reputation:unknown
                            Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                            Chrome Cache Entry: 63

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):52
                            Entropy (8bit):4.585055102756476
                            Encrypted:false
                            SSDEEP:
                            MD5:854D2C6CF8BB258FB9ED2965A3DAC0AD
                            SHA1:D219F1F860D6F7B74542725770099A208046C789
                            SHA-256:76E50552AEB7B7EC1C2F49A2AC413B1310FAF57581FAA43AA559694B1908A0C7
                            SHA-512:BF929EEDBB1F8432D687433470652A368331ECD9337342BE33FF3BC724FF99280787B7DC21871FB62A8F580A8031DA360C9EF6AF7F156E729AB30A65F18A3974
                            Malicious:false
                            Reputation:unknown
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQntFpuyqmmYrxIFDXhvEhkSBQ3OQUx6EgUNla-N_RIFDY8eeXM=?alt=proto
                            Preview:CiQKBw14bxIZGgAKBw3OQUx6GgAKBw2Vr439GgAKBw2PHnlzGgA=

                            Chrome Cache Entry: 64

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                            Category:downloaded
                            Size (bytes):2407
                            Entropy (8bit):7.900400471609788
                            Encrypted:false
                            SSDEEP:
                            MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                            SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                            SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                            SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                            Malicious:false
                            Reputation:unknown
                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg
                            Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                            Chrome Cache Entry: 65

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:XML 1.0 document, ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):238
                            Entropy (8bit):5.140542558541109
                            Encrypted:false
                            SSDEEP:
                            MD5:98E5F382567154D3199A97DA11930FCA
                            SHA1:D3B5A673FF4BC8B98178A127CA6D7E909480C1F5
                            SHA-256:184B4869AB9734155D81F069D973EFD6AAE3872671CE08ACDF1DBFD02651A963
                            SHA-512:B4261E2C8C6D3B61978ECDB56092AC1670C6D684E957E69FC05779E27651EF663BD4B0ADC104D4B97A4CE64CCA3B1DB87C774D55D43A18CEC4EB4D2B303542D3
                            Malicious:false
                            Reputation:unknown
                            URL:https://authitca-adobue-sign.us-ord-1.linodeobjects.com/favicon.ico
                            Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>authitca-adobue-sign</BucketName><RequestId>tx000000065682a019ddc32-00668700eb-25dadef4-default</RequestId><HostId>25dadef4-default-default</HostId></Error>

                            Chrome Cache Entry: 66

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):31
                            Entropy (8bit):3.86469832616696
                            Encrypted:false
                            SSDEEP:
                            MD5:2D7D30EA1C6F925302D2C3ABED382951
                            SHA1:5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1
                            SHA-256:83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100
                            SHA-512:BCC7AAA8A6A27ADCBD1B3E0FCA73FC1BD727FECEAB34734E99863503D1D50936A8830C0A12D75D187614F318F46B1E67F046E89F5EB6CE727D8433A722E2C525
                            Malicious:false
                            Reputation:unknown
                            Preview:{"detail":"Method Not Allowed"}

                            Chrome Cache Entry: 67

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
                            Category:dropped
                            Size (bytes):199
                            Entropy (8bit):6.766983163126765
                            Encrypted:false
                            SSDEEP:
                            MD5:21B761F2B1FD37F587D7222023B09276
                            SHA1:F7A416C8907424F9A9644753E3A93D4D63AE640E
                            SHA-256:72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
                            SHA-512:77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
                            Malicious:false
                            Reputation:unknown
                            Preview:..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

                            Chrome Cache Entry: 68

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
                            Category:dropped
                            Size (bytes):1173
                            Entropy (8bit):7.811199816788843
                            Encrypted:false
                            SSDEEP:
                            MD5:5C7ACF60A2ACAA5C54BF2B2EC6D484D8
                            SHA1:F1837FD5DB6DAD498148D7D77438DE693114B042
                            SHA-256:EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
                            SHA-512:11516935B1C777D6457B7FB44235F8C8A73BA1313AC8607C16D342EECAE22AE5BFD702CE01DBB2DC63C3D480E89A689C7AA6CAC8D822E306B413534FEE770A77
                            Malicious:false
                            Reputation:unknown
                            Preview:..........uV.n$7......iR.+..LN9.oA..5.......nx..S...l..%[.*.)..=.....z.?/.._......|{8.4M........^.~w>=>......t.....~.M;.....,....n~}=-.7........U.<>=.._.O.....y9.>.....y...wR.`8..r..q$.....KR...X.....W.....$g'". W<..$..-.2.....h04.O...|._../.6.)..ax..X...wzT.....2..7....1....C.@8B....d.M..KS8..>... .%=...q....yWF....\..kM.H....<..&.mM..s...%.'G.n..(..h.-.I.S.K...1;..:7.xdvP..y.]....Q$..4.@.2Fp ..Oe.......=.I........F......{....`.............uC..G.....'..E.....dR..g.(.+K.q...?...O.%.@.i..."n...1 .JTm.*S..wM.,../.|H..s.....C.=.B1(.B.f..:K.\.T....c..N...sT..D....T.=..Zt..M2.).FP.h.:.*+A.. ^N-$..U.K..n.u.DZ...d.C....s.n.PI..@.4.pi....G..j.5.7l6....Q$...fs....uD......F...e%..}5.S.s.n".9...e&(_.=..oq..F%L...G].....b.`..hi.S.I.8..Y%hM.|..W....jC.-a..'..%.r..W?...a...H...5.c......v.G..v.G.a....a/.LT.Fv......7.A...@.OcV.......6xcy,l[.wkP..-E...U..J.....*1j....2....C+...?.I.Q.C.kM.n...j..5{HV)I...M.G2o......5.....E_..j.....D...^b..+.U..,K2

                            Chrome Cache Entry: 69

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:troff or preprocessor input, ASCII text, with very long lines (372)
                            Category:downloaded
                            Size (bytes):37414
                            Entropy (8bit):4.82325822639402
                            Encrypted:false
                            SSDEEP:
                            MD5:C495654869785BC3DF60216616814AD1
                            SHA1:0140952C64E3F2B74EF64E050F2FE86EAB6624C8
                            SHA-256:36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
                            SHA-512:E40F27C1D30E5AB4B3DB47C3B2373381489D50147C9623D853E5B299364FD65998F46E8E73B1E566FD79E97AA7B20354CD3C8C79F15372C147FED9C913FFB106
                            Malicious:false
                            Reputation:unknown
                            URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
                            Preview:/*!. * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */./* FONT PATH. * -------------------------- */.@font-face {. font-family: 'FontAwesome';. src: url('../fonts/fontawesome-webfont.eot?v=4.7.0');. src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');. font-weight: normal;. font-style: normal;.}..fa {. display: inline-block;. font: normal normal normal 14px/1 FontAwesome;. font-size: inherit;. text-rendering: auto;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;.}./* makes the font 33% larger relative to the icon container */..

                            Chrome Cache Entry: 71

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (15005)
                            Category:downloaded
                            Size (bytes):15196
                            Entropy (8bit):5.206988093706638
                            Encrypted:false
                            SSDEEP:
                            MD5:234A8C1C15DF9B03C65E9E14C82FC872
                            SHA1:E5CA36727846AEDE7DFBC07E88B2B025EB0CAE90
                            SHA-256:29CB26E06F2A4A877F1134A46480D9B78F8B6E0E6F9B0FE67E34307C312B5A89
                            SHA-512:9AEEE4E620DE49E0ED303917E9AFC1806DA0815896BC5FEEF3ADD9F89E0429678BFE0D9F0AD3FC940BD8E48F7E235E5C8D23463407C42B6FBC740B50C43A0B53
                            Malicious:false
                            Reputation:unknown
                            URL:https://openfpcdn.io/botd/v1
                            Preview:/**. * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. */.var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,n){e.__proto__=n}||function(e,n){for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(e[t]=n[t])},e(n,t)};function n(e,n,t,r){return new(t||(t=Promise))((function(i,o){function a(e){try{s(r.next(e))}catch(n){o(n)}}function u(e){try{s(r.throw(e))}catch(n){o(n)}}function s(e){var n;e.done?i(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}s((r=r.apply(e,n||[])).next())}))}function t(e,n){var t,r,i,o,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function u(u){return function(s){return function(u){if(t)throw new TypeError("Generator

                            Chrome Cache Entry: 72

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with very long lines (39376)
                            Category:downloaded
                            Size (bytes):39908
                            Entropy (8bit):5.6281912100230835
                            Encrypted:false
                            SSDEEP:
                            MD5:E0AA9D621CBC2F0747DD7034DC62A0DD
                            SHA1:A962309940C0E57B135D8422CDAB4B1BC8356BA6
                            SHA-256:4D83E34BC622E288C8E1F17DCFAC5EFA4E9A966E84B2C1823840ED283A366A9B
                            SHA-512:6CABD985FB1C79DC0D6391F0DACFFE9A8B991AF84F89E3602CE1A6C6EC9F1A07673643E5CE26146D1E3E3BB5312E8CCEB0789712ECB426BD732A7C596A87008A
                            Malicious:false
                            Reputation:unknown
                            URL:https://ba3393a6.parecorps.com/s/64?0
                            Preview:/**. * FingerprintJS v4.3.0 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). *. * Licensed under Business Source License 1.1 https://mariadb.com/bsl11/. * Licensor: FingerprintJS, Inc.. * Licensed Work: FingerprintJS browser fingerprinting library. * Additional Use Grant: None. * Change Date: Four years from first release for the specific version.. * Change License: MIT, text at https://opensource.org/license/mit/ with the following copyright notice:. * Copyright 2015-present FingerprintJS, Inc.. */.var e=function(){return e=Object.assign||function(e){for(var n,t=1,r=arguments.length;t<r;t++)for(var o in n=arguments[t])Object.prototype.hasOwnProperty.call(n,o)&&(e[o]=n[o]);return e},e.apply(this,arguments)};function n(e,n,t,r){return new(t||(t=Promise))((function(o,i){function a(e){try{u(r.next(e))}catch(n){i(n)}}function c(e){try{u(r.throw(e))}catch(n){i(n)}}function u(e){var n;e.done?o(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,c)}u((r=

                            Static File Info

                            No static file info