Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb

Overview

General Information

Sample URL:https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb
Analysis ID:1504846

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Detected non-DNS traffic on DNS port
Found iframes
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1864,i,15368383865682639495,9934645665720640044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
7.10.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    7.6.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      8.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        8.9.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          Phishing

          barindex
          AI detected phishing page
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueLLM: Score: 8 Reasons: The URL '69x26piyt36.dcciss.es' seems to be a subdomain of 'dcciss.es', which is a domain with a top level domain of 'es'. The subdomain '69x26piyt36' appears to be randomly generated and does not seem to be related to the brand 'Microsoft'. The presence of a randomly generated subdomain and the mismatch between the brand and the domain suggests that this webpage may be a phishing attempt. The domain 'dcciss.es' does not match the legitimate domain associated with Microsoft, which is'microsoft.com'. DOM: 8.8.pages.csv
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueLLM: Score: 8 Reasons: The URL '69x26piyt36.dcciss.es' seems to be a subdomain of 'dcciss.es'. The subdomain appears to be randomly generated and does not seem to be related to the Microsoft brand. The top level domain 'es' is a country-code top-level domain for Spain, which is not the primary domain for Microsoft. The presence of a randomly generated subdomain and an unrelated top level domain suggests that this URL may be a phishing attempt or a fake login page. The brand name 'Microsoft' is displayed on the webpage, but the URL does not match the legitimate domain associated with the brand, which is a strong indicator of a phishing attempt. The design and content of the webpage are typical for a login page, but the unusual URL and lack of association with the legitimate domain make it likely that this is a phishing site. DOM: 8.9.pages.csv
          Yara detected HtmlPhish54
          Source: Yara matchFile source: 7.10.id.script.csv, type: HTML
          Source: Yara matchFile source: 7.6.pages.csv, type: HTML
          Source: Yara matchFile source: 8.7.pages.csv, type: HTML
          Source: Yara matchFile source: 8.9.pages.csv, type: HTML
          Phishing site detected (based on favicon image match)
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueMatcher: Template: microsoft matched with high similarity
          Phishing site detected (based on image similarity)
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
          Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
          Source: https://www.lechato.org/fete-de-la-musique/HTTP Parser: async function decryptfunction(encryptedfunction, password, salt, iv) { const key = cryptojs.pbkdf2(password, cryptojs.enc.hex.parse(salt), { hasher: cryptojs.algo.sha512, keysize: 64 / 8, iterations: 999 }); const decrypted = cryptojs.aes.decrypt(encryptedfunction, key, { iv: cryptojs.enc.hex.parse(iv) }); return decrypted.tostring(cryptojs.enc.utf8); } (async () => { const encryptedfunction = 'rfd9sok3zd5pif/1guveeakkpntbyrja1peylm0rtqmgup0nvmdfm5ox0gfeqf1vtw0btkdajzmtdzfy31pspk3+amgzgjujvzcibackgjefjhubr4dxbygy8cuuue7ezf+ncgaujgmldxzlkklhk50rrzeofeapq8tu9qhwrouqjkzj0bx7+dxuur2ddvbeyw4ftwvuqzks3fknkyplsxkq2ffke38igcg1ia7mx2dpilolhe5iiyifi3hkadnauc6xhehjlgg02ybdwd3ttvmhat8pvvw4h6lo1/w19v/82mbco2l+xxgdvobbyn3zx1pvlrpylx5ox1ofcid9j5zccb0bklzgjzxdjjeb7kay6igol1h35sapdf03zt2dkjjwwsyp9lo0w/7bnlbkmu1cv+yntlrzjlpxtn57uv7nszx0adr07prluwhynolxfaqnuxqr/+xh2gy...
          Source: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97cHTTP Parser: async function c(encryptedfunction, password, salt, iv) { const key = cryptojs.pbkdf2(password, cryptojs.enc.hex.parse(salt), { hasher: cryptojs.algo.sha512, keysize: 64 / 8, iterations: 999 }); const b = cryptojs.aes.decrypt(encryptedfunction, key, { iv: cryptojs.enc.hex.parse(iv) }); return b.tostring(cryptojs.enc.utf8); } (async () => { const encryptedfunction = 'jtene3ratqqfye1dge+7ozcyfzs2lnlv1hhdi/l2pmewphry9t3pgow1jhoc+efwvvfhusihtmi8ncqfq2sqp9zgwhcf4yj+akt+3t0iczst+knwvjcxcogv5yvyx5qyx8fx9eydr9a9qesfvsrvu8yqju5dftzw6rjfsrubo1zaepacajebitbor7+evdmr72gtfpszr9fzawue2y8k+9vvy7jqlyhph8hxbsca3nb3pmo+ysfasp88a0sw3zgepgmswni/rnyk18pk9zmtqbuknxzjda8hqr9nrkijbin4i4rlsl7khli0717lsldk7pendkoxc23e3p/qkgpqwde0pg/kvmyxah3mp85ty/jms0+ohvchqfsuhuc4qzxa6jqily9xd0fgnf0vit1e3audaxxlqquq9wditwboazspzac5eeinr...
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: Number of links: 0
          Source: https://www.lechato.org/fete-de-la-musique/HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
          Source: https://69x26piyt36.dcciss.es/?auth=2HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: <input type="password" .../> found
          Source: https://www.lechato.org/fete-de-la-musique/HTTP Parser: No favicon
          Source: https://www.lechato.org/fete-de-la-musique/HTTP Parser: No favicon
          Source: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97cHTTP Parser: No favicon
          Source: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97cHTTP Parser: No favicon
          Source: https://69x26piyt36.dcciss.es/?auth=2HTTP Parser: No favicon
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No favicon
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No favicon
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No favicon
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No <meta name="author".. found
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No <meta name="author".. found
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
          Source: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
          Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49734 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49759 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49761 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49762 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:62174 version: TLS 1.2
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: global trafficTCP traffic: 192.168.2.16:63513 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.16:62172 -> 162.159.36.2:53
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
          Source: global trafficDNS traffic detected: DNS query: www.carsoup.com
          Source: global trafficDNS traffic detected: DNS query: lyn.bz
          Source: global trafficDNS traffic detected: DNS query: www.lechato.org
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
          Source: global trafficDNS traffic detected: DNS query: aeioserv.com
          Source: global trafficDNS traffic detected: DNS query: 69x26piyt36.dcciss.es
          Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
          Source: global trafficDNS traffic detected: DNS query: portal.microsoftonline.com
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62174
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
          Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 63516 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 62174 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63516
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49734 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49736 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49746 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49759 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49761 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 51.11.168.232:443 -> 192.168.2.16:49762 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:62174 version: TLS 1.2
          Source: classification engineClassification label: mal68.phis.win@26/24@36/189
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1864,i,15368383865682639495,9934645665720640044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1864,i,15368383865682639495,9934645665720640044,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information1
          Scripting          		1
          Drive-by Compromise          		Windows Management Instrumentation1
          Scripting          		1
          Process Injection          		1
          Masquerading          		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Registry Run Keys / Startup Folder          		1
          Registry Run Keys / Startup Folder          		1
          Process Injection          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information          		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb0%Avira URL Cloudsafe

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s-part-0014.t-0009.t-msedge.net
          		13.107.246.42
          		truefalse
            		unknown
            lyn.bz
            		185.146.22.239
            		truefalse
              		unknown
              a.nel.cloudflare.com
              		35.190.80.1
              		truefalse
                		unknown
                cdnjs.cloudflare.com
                		104.17.25.14
                		truefalse
                  		unknown
                  carsoup-lb-preprod-new-835104961.us-east-1.elb.amazonaws.com
                  		54.225.16.232
                  		truefalse
                    		unknown
                    challenges.cloudflare.com
                    		104.18.94.41
                    		truefalse
                      		unknown
                      sni1gl.wpc.omegacdn.net
                      		152.199.21.175
                      		truefalse
                        		unknown
                        www.google.com
                        		172.217.18.4
                        		truefalse
                          		unknown
                          69x26piyt36.dcciss.es
                          		104.243.34.175
                          		truetrue
                            		unknown
                            aeioserv.com
                            		104.243.34.175
                            		truefalse
                              		unknown
                              www.lechato.org
                              		188.114.97.3
                              		truefalse
                                		unknown
                                portal.microsoftonline.com
                                		unknown
                                		unknownfalse
                                  		unknown
                                  aadcdn.msftauth.net
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.carsoup.com
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://www.lechato.org/fete-de-la-musique/true
                                        		unknown
                                        https://69x26piyt36.dcciss.es/?auth=2&sso_reload=truetrue
                                          		unknown
                                          https://69x26piyt36.dcciss.es/?auth=2false
                                            		unknown
                                            https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97ctrue
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              13.107.6.156
                                              		unknownUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              104.17.24.14
                                              		unknownUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              172.217.16.202
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              34.104.35.123
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              108.177.15.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.18.4
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              104.18.94.41
                                              		challenges.cloudflare.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              104.18.95.41
                                              		unknownUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              142.250.185.238
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              188.114.97.3
                                              		www.lechato.orgEuropean Union
                                              		13335CLOUDFLARENETUSfalse
                                              142.250.185.131
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.185.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.186.142
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              152.199.21.175
                                              		sni1gl.wpc.omegacdn.netUnited States
                                              		15133EDGECASTUSfalse
                                              35.190.80.1
                                              		a.nel.cloudflare.comUnited States
                                              		15169GOOGLEUSfalse
                                              2.23.209.183
                                              		unknownEuropean Union
                                              		1273CWVodafoneGroupPLCEUfalse
                                              54.225.16.232
                                              		carsoup-lb-preprod-new-835104961.us-east-1.elb.amazonaws.comUnited States
                                              		14618AMAZON-AESUSfalse
                                              185.146.22.239
                                              		lyn.bzUnited States
                                              		55293A2HOSTINGUSfalse
                                              104.243.34.175
                                              		69x26piyt36.dcciss.esUnited States
                                              		23470RELIABLESITEUStrue
                                              104.17.25.14
                                              		cdnjs.cloudflare.comUnited States
                                              		13335CLOUDFLARENETUSfalse

                                              Private

                                              IP
                                              192.168.2.16

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1504846
                                              Start date and time:2024-09-05 14:17:10 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:15
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal68.phis.win@26/24@36/189

                                              Warnings

                                              • Exclude process from analysis (whitelisted): svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.142, 108.177.15.84, 34.104.35.123, 2.23.209.183, 2.23.209.185, 2.23.209.188, 2.23.209.130, 2.23.209.189, 2.23.209.131, 2.23.209.182, 2.23.209.187, 2.23.209.191
                                              • Excluded domains from analysis (whitelisted): www.bing.com, clients2.google.com, e86303.dscx.akamaiedge.net, accounts.google.com, edgedl.me.gvt1.com, www.bing.com.edgekey.net, clientservices.googleapis.com, clients.l.google.com, www-www.bing.com.trafficmanager.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • VT rate limit hit for: https://www.carsoup.com/api/v1/connections/store?type=web_referrals&dealer_id=18689&redirect=https%3A%2F%2Flyn.bz/bbb

                                              LLM Input / Output

                                              InputOutput
                                              URL: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97c Model: jbxai
                                              {
"brand":["CLOUDFLARE"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97c Model: jbxai
                                              {
"brand":["CLOUDFLARE"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://aeioserv.com/?dxsbslew=4bd9593421a57015640422350e1aa6edaf2842faeebf3471f8cb71ff9a7c0cf72d958210703aeeecaca183efea54034e2ca5b279275b5bc203d01ff4195ec97c Model: jbxai
                                              {
"brand":["CLOUDFLARE"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=true Model: jbxai
                                              {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Next",
"text_input_field_labels":["Email,
 phone,
 or Skype",
"Password",
"Sign-in options"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=true Model: jbxai
                                              {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Next",
"text_input_field_labels":["Email,
 phone,
 or Skype",
"No account? Create one! Can't access your account?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=true Model: jbxai
                                              {
"phishing_score":8,
"brand_name":"Microsoft",
"reasons":"The URL '69x26piyt36.dcciss.es' seems to be a subdomain of 'dcciss.es',
 which is a domain with a top level domain of 'es'. The subdomain '69x26piyt36' appears to be randomly generated and does not seem to be related to the brand 'Microsoft'. The presence of a randomly generated subdomain and the mismatch between the brand and the domain suggests that this webpage may be a phishing attempt. The domain 'dcciss.es' does not match the legitimate domain associated with Microsoft,
 which is'microsoft.com'."}
                                              URL: https://69x26piyt36.dcciss.es/?auth=2&sso_reload=true Model: jbxai
                                              {
"phishing_score":8,
"brand_name":"Microsoft",
"reasons":"The URL '69x26piyt36.dcciss.es' seems to be a subdomain of 'dcciss.es'. The subdomain appears to be randomly generated and does not seem to be related to the Microsoft brand. The top level domain 'es' is a country-code top-level domain for Spain,
 which is not the primary domain for Microsoft. The presence of a randomly generated subdomain and an unrelated top level domain suggests that this URL may be a phishing attempt or a fake login page. The brand name 'Microsoft' is displayed on the webpage,
 but the URL does not match the legitimate domain associated with the brand,
 which is a strong indicator of a phishing attempt. The design and content of the webpage are typical for a login page,
 but the unusual URL and lack of association with the legitimate domain make it likely that this is a phishing site."}

                                              Created / dropped Files

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 11:17:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2673
                                              Entropy (8bit):3.978430314487258
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:98610F3742A9CC39EA872EFED3D922D2
                                              SHA1:D926FB6342201E148CD806CCFE0B3B80AF34666A
                                              SHA-256:D9715AE6DE6C4D43363CE6F6C4E82D8AC6579FBD4A2D6592B54EEDD2EECCF768
                                              SHA-512:CF9034644DD82FBDC29426AE86406EFD85CA92D3A518ACEC0A80C01569003137ADC7CD8AA3C17B0FCCE72579583231DD37EAB6D2BEF1EA1D7A0336A48B4FCE3C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,...... .....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%Y3b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 11:17:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2675
                                              Entropy (8bit):3.994799542999099
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:65D79EF6E42D084AF704186E9DE09778
                                              SHA1:161BCEAEEA57E8AEC8C81CD6E3366596425BCEC6
                                              SHA-256:0FC867984359F1718D8FD62B100ECD476ED7E843D35F5BAB9E7AEF7F0A36931A
                                              SHA-512:089AB47C929026FD44E635A209DF99B29A4335AD1CFBD0716D9B680D00BFB0765BABCE37CFB88CA9CFD79D859983149B90D23145700D8E185D49A676F85CB35A
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....Q9......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%Y3b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2689
                                              Entropy (8bit):4.001707641876179
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:82F550E14FAA514BC886E2E7F9614519
                                              SHA1:A0DD51988311C1B16569E62023971570CAC78993
                                              SHA-256:166904A9997331BB929A99407309A5AF331BE0B4843737EDE2B8C5FD4362047E
                                              SHA-512:219821DDDB0E62025E2650A432FE2C52470F310248DE30C1949E2ED98749CB3783018B2C6130976238029E2FEDF5F3965FE0640ACF1CCD895F1A7F121E35A56C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 11:17:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.992376687757435
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C2DDB0FC8D096D8F38C557CC708A9AA0
                                              SHA1:DD5034ACC5FB1A657E6D9BA6E17C9FEADE901613
                                              SHA-256:03B9A74BA02F587BF627ACDE4BC9E847A4615D4642EDD929FD3C6CDFB7E18905
                                              SHA-512:DBA4876BE5F13A28A294C1C171417C049B6F3A0BB0899B50629AA89F4050822E05F7D3776588BFCC620E3DFCDBAF78CB142C275DBD7D23858C63B4265D70A201
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....m.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%Y3b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 11:17:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.9805218577197325
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:06D35096C663A0972F4068EF515D6735
                                              SHA1:CFE52E50C2672A0DA2C5592548924AC8DB6FCC3F
                                              SHA-256:E3B15DA1C3F4306474E9688BC4EBEC4E65683223AB21C17235D1DFC0C6B9A014
                                              SHA-512:8D01877203AD0680D6F28C3B12536878C7E7B9EDFA46A6A6832A12BB0798F6D1B3BEF18462FCB57BFB29E5014963B0E6BDF116478A4D8B6F7DF660FA04499DCE
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....V.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%Y3b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 11:17:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):3.990498712621834
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:40A84DFBD7CA3B0A70F63B4F1CAD8789
                                              SHA1:05F35D5FC928F0B258B94811523FAEE1BDA14F59
                                              SHA-256:79A8262D07A614A2986417C92650B7E609E33D5F276A62A86968C729CA1F4788
                                              SHA-512:F8C31EB5DB5D8C9FEEB5E035E44EF35170DC4B7BE672495C7A6C9ED209371F81C9DC647B998048AEC9CD5EEC16CBACC10F9F1495710E404EC8E9A601F8866D67
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....3......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y*b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%Y1b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%Y1b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%Y1b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%Y3b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              Chrome Cache Entry: 155

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (45805)
                                              Category:downloaded
                                              Size (bytes):45806
                                              Entropy (8bit):5.401870820931706
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:57A4011B45A950C27C1C638C9ABF655B
                                              SHA1:CE3CA250A31B8A891D55B7EE51DD09FD201D1033
                                              SHA-256:F260796D39E01DF74E820ED2E7DE42F0A397D8C5B9751C58D68746066155A9C7
                                              SHA-512:639FBC5679555FE866B33CE869D757AD6C61E927646C618EEE9EEF0666F27645DAC804A328734284270F2C71F27081B7070B2244CAD2E2E16229FEFF643272BA
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js
                                              Preview:"use strict";(function(){function Dt(e,r,a,o,c,u,g){try{var _=e[u](g),s=_.value}catch(f){a(f);return}_.done?r(s):Promise.resolve(s).then(o,c)}function Ut(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);function g(s){Dt(u,o,c,g,_,"next",s)}function _(s){Dt(u,o,c,g,_,"throw",s)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Tr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                              Chrome Cache Entry: 157

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (32960)
                                              Category:dropped
                                              Size (bytes):109863
                                              Entropy (8bit):5.310477442235456
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:46C21D0ACECBD2212374B27C7D1B078A
                                              SHA1:5861965E506ACAAA7D10E5B9C31E99D254B85560
                                              SHA-256:5F5FBEE72883732799D75F6C08679ED8A6E769AE4F3AFDCD3721103A481AFA80
                                              SHA-512:B7E4980A66F15A8B918C2325CDC5FC41BADD0DEF7A43B2A2A93C593D05FC2ED4793448115DCC28B551F73623D876DB2B4672D64C3EE064369181FB74919FFC51
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[7],{496:function(e,t,n)

                                              Chrome Cache Entry: 164

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 text, with very long lines (32057)
                                              Category:dropped
                                              Size (bytes):56391
                                              Entropy (8bit):5.37635913975141
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B59C16ABA59DB0BC490C85B30C0B60E8
                                              SHA1:7B708EC7EDC902283A755FC0BF4E767A2A28473E
                                              SHA-256:D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
                                              SHA-512:F7E252E5B6046AFB46658F542233D7E1602C2638089B6BF4E1490643770A28D3DF1FFCB587699B82FD8E821495D69780E160EA8B7065519EEA8B34C98F4817AA
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                              Chrome Cache Entry: 165

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (61177)
                                              Category:downloaded
                                              Size (bytes):113401
                                              Entropy (8bit):5.284985933216009
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:41955034BB6BC6963DF5A8ECA72C5B81
                                              SHA1:D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81
                                              SHA-256:1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
                                              SHA-512:A52DF8961AC9964DE5202A52B4C38242368DC8898593BF3E8B3AFD3FC77C2C12FE72F27BB410DD4F7498643B69EEEFCCA1A566371E211F874C0BE22CF7E2A4E8
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
                                              Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                              Chrome Cache Entry: 166

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 3 x 94, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):61
                                              Entropy (8bit):4.068159130770307
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:D7438E639BA211704DD73FFEF5EAC2D1
                                              SHA1:ADE15B68C16F9969BF78CF8E7B8C654C148F99C4
                                              SHA-256:B510EB24C75CCF8CC28682250E9F1F13770095C328405888919E72F6AB6CF540
                                              SHA-512:A91973759ED241AFF1FF512F73E50662E33DEA76465B50DB29162FCFA4E0693501FCA1ACD32250A7B9F23879D3576C4C517D3055FE93CBA06667B02D2B06A1FF
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR.......^.....iZ9.....IDAT.....$.....IEND.B`.

                                              Chrome Cache Entry: 167

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (63269)
                                              Category:dropped
                                              Size (bytes):64193
                                              Entropy (8bit):5.297915762195252
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:75B50A7B71ECDB6A7F61BE21407E0800
                                              SHA1:DF3E8674F6BE1D85A2C79D709A5FCE1C1F45AACD
                                              SHA-256:999EE8900F72B7DFA1FA9D8D9DC12BA5FDC81A383A28C0245266B7A2B9E950D1
                                              SHA-512:48CB01715E3CBAC47C94AEFF46BFDAF0A0CE87CF5001B8356EAA59FC0665E1C6955EF32CEBEF5EB71231FACDD6D984480C0CADB32456821381FCAF63C37C0D72
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[33],{459:function(e,t,r

                                              Chrome Cache Entry: 168

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 58 x 61, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):61
                                              Entropy (8bit):4.068159130770307
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:7F1E0DDD728783DEAC367D5BE395A21F
                                              SHA1:8790BA52D65433CD3183FC464D86E71A4CF9EB99
                                              SHA-256:772E347F685DA28C1CD0417CC6AD31500E1D765C98074451CB47A66E0B844972
                                              SHA-512:BD34082BD6558BE655C30E92F165290B8C9E069183DCD43C4C6EDBA6B9FA89027B726CCFD3B37CC63B7036224E0727C8DCF1BE66D585A869D2B859535333E49C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...:...=.....s.......IDAT.....$.....IEND.B`.

                                              Chrome Cache Entry: 170

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text
                                              Category:downloaded
                                              Size (bytes):397
                                              Entropy (8bit):5.114449023354537
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:54FE507D6484795585B800D8286DE5C7
                                              SHA1:4314229E29BE0CF8F10F3D7B650E8059DB4513F4
                                              SHA-256:3BA28F66781386DEC949A1E813F41F75CC54A52573B3B5C54E8FF76F836F00BC
                                              SHA-512:6872D219F8ECE00F140ADE35265FCA04296447D88F029FAD58B0C5FC36C40D7EFA5D4C29C79B9DE8AC36B231B6DCFA5EBC948D93124D9E96B8AE280924082449
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://www.lechato.org/favicon.ico
                                              Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.<hr>.<address>Apache/2.4.41 (Ubuntu) Server at www.lechato.org Port 443</address>.</body></html>.

                                              Chrome Cache Entry: 173

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (64612)
                                              Category:downloaded
                                              Size (bytes):113440
                                              Entropy (8bit):5.492739044834378
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:94C1C15699B6C6AD5CDE9175C33E1E33
                                              SHA1:7343457FA4893301F0C6150EAC688B7507EB7416
                                              SHA-256:2516EF9D75F7088BEA081C0B2CF357D4E0055CA3A508972247346E5EE5828400
                                              SHA-512:18501F7D5F06AC3CDB8619BA2FF7312A4F3E1BC52BD2E22F639BE80B0EE716155529B6A125048937C314016EC01230E3F816AEDEC1A0225B14FED13420AB80F7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[33],{459:function(e,t,r

                                              Chrome Cache Entry: 174

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):22
                                              Entropy (8bit):3.6978458230844122
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6AAB5444A217195068E4B25509BC0C50
                                              SHA1:7B22EAF7EAA9B7E1F664A0632D3894D406FE7933
                                              SHA-256:FC5525D427BFA27792D3A87411BE241C047D07F07C18E2FC36BF00B1C2E33D07
                                              SHA-512:AA5F66638B142B5E6D1D008F2934530C7AAD2F7F19128CA24609825D0DACFFD25A77591BFD7FB1D225BE2FA77CABCE837E0741326C1AC622C244D51E6FAFB303
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aeioserv.com/favicon.ico
                                              Preview:<h1>Access Denied</h1>

                                              Chrome Cache Entry: 175

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):689017
                                              Entropy (8bit):4.210697599646938
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3E89AE909C6A8D8C56396830471F3373
                                              SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                              SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                              SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_2P9n4TNNrWcgKwW6Mt6tGA2.js
                                              Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                              Chrome Cache Entry: 176

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                              Category:dropped
                                              Size (bytes):17174
                                              Entropy (8bit):2.9129715116732746
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:12E3DAC858061D088023B2BD48E2FA96
                                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                              Chrome Cache Entry: 179

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):28
                                              Entropy (8bit):4.307354922057605
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                              SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                              SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                              SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwn1ZjKPKjFwmxIFDdFbUVISBQ1Xevf9?alt=proto
                                              Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                              Chrome Cache Entry: 180

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1864
                                              Entropy (8bit):5.222032823730197
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                              Chrome Cache Entry: 181

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1592
                                              Entropy (8bit):4.205005284721148
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4E48046CE74F4B89D45037C90576BFAC
                                              SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                              SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                              SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                              Chrome Cache Entry: 182

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                              Category:downloaded
                                              Size (bytes):61
                                              Entropy (8bit):3.990210155325004
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                              Chrome Cache Entry: 183

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (48316), with no line terminators
                                              Category:downloaded
                                              Size (bytes):48316
                                              Entropy (8bit):5.6346993394709
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2CA03AD87885AB983541092B87ADB299
                                              SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                              SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                              SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                              Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                                              Chrome Cache Entry: 184

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):3651
                                              Entropy (8bit):4.094801914706141
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                              SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                              SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                              SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://69x26piyt36.dcciss.es/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                              Static File Info

                                              No static file info