Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzU

Overview

General Information

Sample URL:	https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUF
Analysis ID:	1516173

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

HTML page contains obfuscated javascript

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site or detected (based on various text indicators)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1952,i,14798934362159215962,7961097455226120660,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzUyOC9ZV1J0YVc1QWRHaGxaMmhsYm5SbmNtOTFjQzVqYjIwPS8zNTI4LzM1Mjg=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=YzhQK0ozMTg5ZHZISEsvMjVIZk1oR2x3dHJtdjd0NDJzV0R3SmFSY0xnND0=&h=e159a7d174b64613964ce7f18ba9acf9&s=AVNPUEhUT0NFTkNSWVBUSVbXJldVmaV0WYxfMT-BjNT6dEipLxbn94Hs6quwmec4Kg" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

LLM: Score: 10 Reasons: The provided URL does not match the legitimate Microsoft domain., The domain 'seitatu.net' is unrelated to Microsoft., The subdomain 'docease' is not associated with Microsoft., Presence of suspicious domain structure and unfamiliar subdomains., Potential phishing attempt detected. DOM: 6.6.pages.csv

HTML page contains obfuscated javascript

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27	HTTP Parser: function a0_0x2ce4(_0x2cc00e,_0x5d9ccd){var _0x321eb7=a0_0x4f6b();return a0_0x2ce4=function(_0x
Source: https://docease.seitatu.net/js2_/66f1c43d85af5-65b245f87330ed78dfa921a53f41359d	HTTP Parser: const a0_0x2ceecf=a0_0x3787;(function(_0x102330,_0x174332){const _0x3eccca=a0_0x3787,_0x12b1c3=_0x10

Phishing site detected (based on favicon image match)

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 1.3

OCR Text: Verifying... CLOUDFLARE Ten-rs Microsoft

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: Number of links: 0

Source: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg

HTTP Parser: Base64 decoded: https://docease.seitatu.net/.

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: Title: Signing in does not match URL

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: Invalid link: FWg==oWg==rWg==gWg==oWg==tWg== Wg==mWg==yWg== Wg==pWg==aWg==sWg==sWg==wWg==oWg==rWg==d

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27	HTTP Parser: Invalid link: Terms of use
Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27	HTTP Parser: Invalid link: Privacy & cookies

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: <input type="password" .../> found

Source: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg	HTTP Parser: No favicon
Source: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg	HTTP Parser: No favicon
Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27	HTTP Parser: No favicon

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: No <meta name="author".. found

Source: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:55580 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:55578 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	DNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: sysreview.tarikul.com
Source: global traffic	DNS traffic detected: DNS query: imagedelivery.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docease.seitatu.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 55615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55626
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55587
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55588
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55589
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55622
Source: unknown	Network traffic detected: HTTP traffic on port 55638 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55593 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55593
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55590
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55591
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55592
Source: unknown	Network traffic detected: HTTP traffic on port 55609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55638
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55639
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55634
Source: unknown	Network traffic detected: HTTP traffic on port 55633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55635
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55636
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55637
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55632
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55633
Source: unknown	Network traffic detected: HTTP traffic on port 55627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55587 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55649
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55645
Source: unknown	Network traffic detected: HTTP traffic on port 55598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55646
Source: unknown	Network traffic detected: HTTP traffic on port 55632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55647
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55648
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55641
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55642
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55643
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55644
Source: unknown	Network traffic detected: HTTP traffic on port 55626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55651
Source: unknown	Network traffic detected: HTTP traffic on port 55595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 55607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 55649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 55586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55635 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 55621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55646 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55643 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55637 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55651 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55648 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55606
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55608
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55604
Source: unknown	Network traffic detected: HTTP traffic on port 55636 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55617 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55600
Source: unknown	Network traffic detected: HTTP traffic on port 55603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55639 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55617
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55618
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55615
Source: unknown	Network traffic detected: HTTP traffic on port 55631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55610
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55611
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55585
Source: unknown	Network traffic detected: HTTP traffic on port 55596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55580
Source: unknown	Network traffic detected: HTTP traffic on port 55608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55642 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:55580 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@26/26@30/147

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1952,i,14798934362159215962,7961097455226120660,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzUyOC9ZV1J0YVc1QWRHaGxaMmhsYm5SbmNtOTFjQzVqYjIwPS8zNTI4LzM1Mjg=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=YzhQK0ozMTg5ZHZISEsvMjVIZk1oR2x3dHJtdjd0NDJzV0R3SmFSY0xnND0=&h=e159a7d174b64613964ce7f18ba9acf9&s=AVNPUEhUT0NFTkNSWVBUSVbXJldVmaV0WYxfMT-BjNT6dEipLxbn94Hs6quwmec4Kg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1952,i,14798934362159215962,7961097455226120660,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg

LLM: Page contains button: 'Submit' Source: '0.0.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzUyOC9ZV1J0YVc1QWRHaGxaMmhsYm5SbmNtOTFjQzVqYjIwPS8zNTI4LzM1Mjg=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=YzhQK0ozMTg5ZHZISEsvMjVIZk1oR2x3dHJtdjd0NDJzV0R3SmFSY0xnND0=&h=e159a7d174b64613964ce7f18ba9acf9&s=AVNPUEhUT0NFTkNSWVBUSVbXJldVmaV0WYxfMT-BjNT6dEipLxbn94Hs6quwmec4Kg	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		unknown
d35tlz0p71apkp.cloudfront.net	18.173.205.127	true	false		unknown
imagedelivery.net	104.18.3.36	true	false		unknown
sysreview.tarikul.com	192.185.116.212	true	false		unknown
code.jquery.com	151.101.130.137	true	false		unknown
ad.doubleclick.net	172.217.16.198	true	false		unknown
challenges.cloudflare.com	104.18.95.41	true	false		unknown
docease.seitatu.net	188.114.96.3	true	false		unknown
www.google.com	142.250.184.196	true	false		unknown
eu-west-1.protection.sophos.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg	true		unknown
https://docease.seitatu.net/.admin%40theghentgroup.com	false		unknown
https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States		15169	GOOGLEUS	false
142.250.184.196	www.google.com	United States		15169	GOOGLEUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.18.3.36	imagedelivery.net	United States		13335	CLOUDFLARENETUS	false
142.250.186.174	unknown	United States		15169	GOOGLEUS	false
173.194.76.84	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	unknown	United States		13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
192.185.116.212	sysreview.tarikul.com	United States		46606	UNIFIEDLAYER-AS-1US	false
216.58.206.35	unknown	United States		15169	GOOGLEUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
142.250.185.170	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	unknown	European Union		13335	CLOUDFLARENETUS	false
188.114.96.3	docease.seitatu.net	European Union		13335	CLOUDFLARENETUS	false
18.173.205.127	d35tlz0p71apkp.cloudfront.net	United States		3	MIT-GATEWAYSUS	false
142.250.186.142	unknown	United States		15169	GOOGLEUS	false
151.101.194.137	unknown	United States		54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
172.217.16.198	ad.doubleclick.net	United States		15169	GOOGLEUS	false
142.250.184.202	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1516173
Start date and time:	2024-09-23 21:38:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzUyOC9ZV1J0YVc1QWRHaGxaMmhsYm5SbmNtOTFjQzVqYjIwPS8zNTI4LzM1Mjg=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=YzhQK0ozMTg5ZHZISEsvMjVIZk1oR2x3dHJtdjd0NDJzV0R3SmFSY0xnND0=&h=e159a7d174b64613964ce7f18ba9acf9&s=AVNPUEhUT0NFTkNSWVBUSVbXJldVmaV0WYxfMT-BjNT6dEipLxbn94Hs6quwmec4Kg
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@26/26@30/147

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.186.174, 173.194.76.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://eu-west-1.protection.sophos.com/?d=doubleclick.net&u=aHR0cHM6Ly9hZC5kb3VibGVjbGljay5uZXQvZGRtL2Nsay80NzI4NzM5MzQ7Mjc4OTA5MTE1O3k_Ly8lRTIlODAlOEJzeSVDMiVBRHNyJUMyJUFEZSVDMiVBRHYlQzIlQURpJUMyJUFEZSVDMiVBRHclQzIlQUQudCVFMiU4MCU4QmFyJUMyJUFEaSVDMiVBRGslQzIlQUR1JUMyJUFEbC5jJUMyJUFEbyVDMiVBRG0vMzUyOC9ZV1J0YVc1QWRHaGxaMmhsYm5SbmNtOTFjQzVqYjIwPS8zNTI4LzM1Mjg=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=YzhQK0ozMTg5ZHZISEsvMjVIZk1oR2x3dHJtdjd0NDJzV0R3SmFSY0xnND0=&h=e159a7d174b64613964ce7f18ba9acf9&s=AVNPUEhUT0NFTkNSWVBUSVbXJldVmaV0WYxfMT-BjNT6dEipLxbn94Hs6quwmec4Kg

LLM Input / Output

Input	Output
URL: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg Model: jbxai	{ "brand":["Globi"], "contains_trigger_text":true, "prominent_button_name":"Submit", "text_input_field_labels":["Type the word below to continue: peach", "Type the word her"], "pdf_icon_visible":false, "has_visible_captcha":true, "has_urgent_text":false, "trigger_reasoning":"The page contains the phrase 'Type the word below to continue: peach' which is a trigger phrase for the 'contains_trigger_text' key. The prominent button on the page is named 'Submit'. The page contains a visible CAPTCHA feature. There is no visible PDF icon or urgent text on the page.", "has_visible_qrcode":false}

URL: https://sysreview.tarikul.com/3528/YWRtaW5AdGhlZ2hlbnRncm91cC5jb20=/3528/3528?dclid=CKv7g9_o2YgDFQSKgwcdavcLxg Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "trigger_reasoning":"The page does not contain any of the trigger phrases or text, does not have visible input fields, no visible CAPTCHA, no urgent text, and no PDF icon", "has_visible_qrcode":false}

URL: https://docease.seitatu.net/.admin%40theghentgroup.com Model: jbxai	{ "brand":["CLOUDFLARE", "Microsoft"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "trigger_reasoning":"The page does not contain any of the trigger phrases or text that would prompt immediate action or access to sensitive information. There are no visible input fields, CAPTCHAs, or urgency-inducing text on the page.", "has_visible_qrcode":false}

URL: https://docease.seitatu.net/.admin%40theghentgroup.com Model: jbxai	{ "brand":["cloudflare", "microsoft"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "trigger_reasoning":"the page does not contain any of the trigger phrases or text, and there is no visible captcha or urgent text", "has_visible_qrcode":false}

URL: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27 Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "prominent_button_name":"Sign in", "text_input_field_labels":["Enter password", "Forgot my password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "trigger_reasoning":"The page does not contain any of the trigger phrases or similar text, so the 'contains_trigger_text' is set to False. The 'prominent_button_name' is 'Sign in' as it is the most visible and prominent button on the page. The 'text_input_field_labels' are 'Enter password' and 'Forgot my password' as these are the labels associated with the input fields. The 'pdf_icon_visible' is set to False as there is no graphical PDF logo or icon present on the page. The 'has_visible_captcha' is set to False as there is no visible CAPTCHA feature on the page. The 'has_urgent_text' is set to False as there is no text on the page implying a sense of urgency to the user.", "has_visible_qrcode":false}

URL: https://docease.seitatu.net/dff9b43297f2c33f2743471d43b8c07c66f1c43d3ba23sec&uid=f253efe302d32ab264a76e0ce65be76966f1c43d3ba27 Model: jbxai	{ "phishing_score":8, "brands":["Microsoft"], "sub_domain":"docease", "legit_domain":"microsoft.com", "partial_domain_match":true, "brand_matches_associated_domain":false, "reasons":"The domain name docease.seitatu.net does not match the legitimate domain name associated with Microsoft, and the presence of a subdomain 'docease' and a domain'seitatu' suggests a phishing attempt. The brand name Microsoft is commonly associated with the domain microsoft.com, not docease.seitatu.net.", "brand_matches":[false], "url_match":false, "llama70":{ "riskscore":9, "legit_domain":"microsoft.com", "reasons":["The provided URL 'docease.seitatu.net' does not match the legitimate domain 'microsoft.com'.", "The URL contains suspicious elements, such as unusual domain extensions and misspellings (e.g., 'docease' instead of 'office' or 'docs').", "The brand name 'Microsoft' is not commonly associated with the given URL 'docease.seitatu.net'.", "The URL structure appears to be attempting to mimic a legitimate Microsoft service, but the domain is not owned by Microsoft."]} , "gpto1":{ "riskscore":10, "legit_domain":"microsoft.com", "reasons":["The provided URL does not match the legitimate Microsoft domain.", "The domain 'seitatu.net' is unrelated to Microsoft.", "The subdomain 'docease' is not associated with Microsoft.", "Presence of suspicious domain structure and unfamiliar subdomains.", "Potential phishing attempt detected."]} }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 23 18:39:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9868133351427697
Encrypted:	false
SSDEEP:
MD5:	AA4A21165993ADCFF7D257F9DF66EE75
SHA1:	EC481D130961FDBF5E16CAC589D4E7F7EE648373
SHA-256:	E36284AFF20D5BED976EB5BB124A87CBA80CD4D51F1491820A63326D409C0C23
SHA-512:	2BF5DC9C91EF7FFB68E5D50F5A07E23ACEC7244C064F4FC17A2916B1CB6F2A3A037CDAF59141812B37AF55A68DF7FA5FA0C2F901974B885DE722EA422BA3594B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....9..K....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 23 18:39:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00375233092536
Encrypted:	false
SSDEEP:
MD5:	9B43C90FFD6B251351A279DF51448A3B
SHA1:	8CD211EB1FA91FCEDD8363B5CD2001187154B9B5
SHA-256:	EAB1C745A71E0090CFBE1792C5A07792481E8DF1DB7D896DBB1F4C8BF33A9F52
SHA-512:	26038831258EE03F688EDA367C62A3B28804CC3E29013DD047FFE089529668E229F523EC5F5FAC9E8586FA78A5CB03A7691FA028487D9197D74573B2DD8DC411
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....1..K....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011305030549502
Encrypted:	false
SSDEEP:
MD5:	7BB1F9223D85C43228CE4E884A5CA484
SHA1:	F99A2283A745396E4B1B81832B3CA871172C71A0
SHA-256:	860FF6FDC71F3EB442998AACED5520E363E54491EB2F4E70751C1B4889E2C920
SHA-512:	4987EB65F82B3880EA2B7DC6C672358B792B35801EB795535985F304F52BF083ED311C772DE4D56244E6C0237DFC2F911CAC623E0A6A456CC768D3606D197C64
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 23 18:39:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9989002260798108
Encrypted:	false
SSDEEP:
MD5:	B082694F6C9CE20920A131FFDF45A90B
SHA1:	AFC5A39EB1CBA04ECD0D1E672DEA201FA1ED2CC1
SHA-256:	7275653ED95C25278314A27C4A2DF1F165D533F6224D475C96F1E9C784B80AD2
SHA-512:	DB08EE410CE19F4F425EB41C4B50D0D41350E36DDB39BEDE83E4386548B52C1C8DED62E737E364D9AA0CAF296D01EE9FA0A8BB8B48170955FFF85444A7202518
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....lO.K....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 23 18:39:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.99032719870402
Encrypted:	false
SSDEEP:
MD5:	53560792CBF894DB6D4456C049E1ED40
SHA1:	C7AE7E573FA877FF227393233D5D45C3415870FB
SHA-256:	5BD125F96DB949B556A380B2F6B8A2D71C97A4A02722939CCFFE21293ADA928A
SHA-512:	3485CB16895E230068659BCEE874E9CDA10FA81989D5B4F40719893BFD29E54230E7F2766563646EAAA86A58E4135AFE22B3EF100DF544F47224A395A42B908B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....G.K....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 23 18:39:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9977177869770153
Encrypted:	false
SSDEEP:
MD5:	7E14DAEBFAC117FB773FB74D4FEA0B56
SHA1:	FFDC06DEE40E4578D63DD10FC1A49230993315FE
SHA-256:	31137FFCBD96ED02AE7FC263B446DC87A482E792174233DFB3549A23B67A8D43
SHA-512:	748751FF5E80E8C5DF11173BCF0C1F425E4963FC347D06C2D576F198C99FD5A18267CB55E66179480CBCBAA2514348D70340FBD1DA596E8EFA1999F4928E2885
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......J....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I7Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V7Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V7Y.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V7Y............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V7Y............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wn......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 143

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 145

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/b_/66f1c43d85af4-65b245f87330ed78dfa921a53f41359d
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 147

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 148

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 24, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1637
Entropy (8bit):	6.669128973210611
Encrypted:	false
SSDEEP:
MD5:	EE236805D05E24861CE1B6B0E7D94B8D
SHA1:	D46828CF9DF268DDAF62FACF15590A447116AEB8
SHA-256:	175986272200FB72DA9A598D30016BBDA9DDCAA9E6E3F07EB94BC74196D4B805
SHA-512:	7AB26F51D3F8F1CAAF208D86A62558593FF6DD99617A5D3D42648F0F4AEA1FCE766BCA8D0D6E2A8AABF82A6F4024CA2C3DCA588EDE6C5973D631B0E575271315
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/1logo/66f1c44147588
Preview:	.PNG........IHDR...l.........(..(...mPLTE.........UUU...fff...mmm...qqq...jjjmmmxxxqqqyyysssmmmooouuupppvvvqqqvvvrrrwwwpppqqqqqquuurrrvvvpppsssqqqtttqqqrrruuusssqqqtttrrrtttuuusssuuusssqqqttttttrrrtttsssuuussssssrrrtttrrrtttsssssssssrrrtttrrrtttsssrrrrrrrrrtttrrrtttssssssrrrsssrrrrrrtttssstttsssssstttssstttssstttsssrrrrrrtttssstttssstttsssrrrrrrsssssstttsssrrrsssssssssttttttsssrrrssssssssstttssstttsssrrrsssssssssttttttsssrrrsssrrrsssssssssssstttssstttrrrsssssssssssstttsssssssssssstttssssssssssssssssssssstttssssssssssssssssss...sss....P!...sssssssssrrrsssssssssssssssssstttssssss...sss....P"...ssssssssssssssssssrrrssssssssssssssssssssssss...sss....P"........%'....tRNS.......................... "$%&')*+,-1236789;<=>?@BCDEFGIJMNOPRTUVWX[\^`abcdfghiklmnosuvwxyz{}...........................................................................................................N>......bKGD.........IDATH....W.e...k.2....(.+c.,....h....1.A......B4Z.L1.l1.r..M-Q36A........}...C.x}}.}~.~n~.;._..O:......

Chrome Cache Entry: 149

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3202
Entropy (8bit):	4.236796532981122
Encrypted:	false
SSDEEP:
MD5:	7D2B8F25545A2894E2721E9FE528E34C
SHA1:	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C
SHA-256:	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
SHA-512:	FE1F84AF0BA1100B2A90EE6FBFBD3763EF34D1A3BF045345538302ECE7D37EAADC9A9CD0E09C2030E62B13A55E118A2417B27F14336C271758BFB3E256906385
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/captcha/logo.svg
Preview:	<svg id="MSLogo" width="99" height="22" xmlns="http://www.w3.org/2000/svg">..<g fill="none" fill-rule="evenodd">..<path fill="#737474"..d="m34.64 12.07-.58 1.65h-.04c-.1-.39-.28-.93-.56-1.63l-3.14-7.9h-3.08v12.56h2.03V9.03l-.03-1.7c-.01-.34-.05-.6-.06-.81h.05c.1.47.2.83.28 1.07l3.78 9.16h1.42l3.75-9.24c.08-.21.17-.62.25-1h.05c-.05.92-.1 1.76-.1 2.26v7.98h2.17V4.2h-2.96l-3.23 7.88z"../>..<path d="M0 20.96h98.15V0H0z" />..<path fill="#737474"..d="M42.87 16.75h2.11v-9h-2.11zm1.08-12.82c-.35 0-.66.12-.9.35a1.17 1.17 0 0 0-.38.88c0 .35.12.64.37.87.25.23.55.34.9.34s.67-.11.92-.34c.25-.23.38-.52.38-.86 0-.34-.13-.64-.37-.88a1.26 1.26 0 0 0-.92-.36m8.53 3.73a5.9 5.9 0 0 0-1.19-.12c-.97 0-1.83.2-2.57.62-.74.4-1.3 1-1.7 1.74a5.57 5.57 0 0 0-.01 4.9c.37.7.9 1.23 1.58 1.6.67.38 1.45.57 2.31.57 1.01 0 1.87-.2 2.56-.6l.03-.02v-1.94l-.1.07c-.3.23-.65.4-1.03.54a3.12 3.12 0 0 1-1.01.2c-.83 0-1.5-.26-1.98-.78a3 3 0 0 1-.73-2.14c0-.9.25-1.65.76-2.2a2.6 2.6 0 0 1 1.98-.81c.7 0 1.38.23 2.02.7l.09.06V8.01L5

Chrome Cache Entry: 151

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/js___/66f1c43d85aea-65b245f87330ed78dfa921a53f41359d
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 152

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	306493
Entropy (8bit):	7.715068170696433
Encrypted:	false
SSDEEP:
MD5:	7D07C247E8DFD5BFAF9A7169B5C402BD
SHA1:	392CC7836CA5418F3E65CC67F5680B2A359399DC
SHA-256:	345F500582FB5CFC20DF5426C6B54BB0BCAA62EB0249A4A661DC9716A9EDC006
SHA-512:	7004443DE5B756F63B9CC5498AE8B33540F82297250DF5996E9510F653D2ACFFC1B6AB0FB5B955131EC9AF60BA33F34C52D277563FE9C78214B0C53DF2DFE541
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......8........C....bKGD..............IDATx...[o].'z~.s.m9O._..'.a.#Y.Ul. .Z.m]bI.t.C..$@.hAF3.C.2/.I.......IP...N.\.....{.=.\.2.c^.x.C.^s.M.....3?..o.{h~....?...?./).......,(2.4....XI..}..l~..s7F~x.....7..9..w.t.....U.s.i..?...{..K....?.....?...$..g.HgL..7....5.....(.Z..`.X.....).3.....y.,....../.q..z....3h..........2........yny...8....G....y.<.c:.:o.s~........R..~3x.k~}.w~......)0...<W.)6owrm......7.,X~....@.m1...Z.9.....?..2o.yc... .M..$...?M.O.....c.v~..9.y\_.n..w...{z...s....?:.....g........o..........`.v...\|e...}.`..7.H;...2.f..Ky#._Q.e.....g...F...g2...K..Z.....s...q... .~..81.....3.Z{..1..I..]..18_...c.;.. ......^.^.....\..?..t..E]..\|..7N.Z......_w..<6........vB`.y...?[0&....`..O......h...2.f.f(f.f.f.......D....w.......w=.........2w..{ma.M..K....\|...".)#.........t..!. ...'..j.3..!p....Z8.+0..:...x9[....>@".....;..K......p/.8o....aV........!p............&F`.9...7.qY G`..p.0.s............6.Li#.a..........S.0.f.......n

Chrome Cache Entry: 155

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 156

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 159

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	D6B82198AF25D0139723AF9E44D3D23A
SHA1:	D60DEEF1847EEEF1889803E9D3ADC7EDA220F544
SHA-256:	A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
SHA-512:	B21BEE2EEC588308A9DC3C3C2405377704B39B08AA20CBA40BA6E6834E67CF6F2C086E0701F5B05AEE27E2677E9C5C24FF137318275ACA00DD063DF3DCC07D4D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlWYOH_uRP-EhIFDVd69_0=?alt=proto
Preview:	CgkKBw1Xevf9GgA=

Chrome Cache Entry: 160

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AA97FB60DFF7D2C2F4745E13494E91C4
SHA1:	6915420AD80B6FD9A01954BDEF7960BB1BAFE71D
SHA-256:	D83E84924B014EF37BB73CA55AD25276907E2834FA53CC4CE224677BF42A4418
SHA-512:	AAEC166AED9C654076390830D789B088C2E75D42D52DBAF534280A24A67E0CC94FF710A0FA57FCF7C792CECB482EA793EBFE4A3683FBEC1DD04E2E5940878259
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkkGffueh6YUhIFDf8DFLk=?alt=proto
Preview:	CgkKBw3/AxS5GgA=

Chrome Cache Entry: 164

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 165

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3379)
Category:	downloaded
Size (bytes):	4210
Entropy (8bit):	5.364580472613482
Encrypted:	false
SSDEEP:
MD5:	59087D72EEDCB7650C9D5D6088440DD3
SHA1:	97B607FCE11F640E5764699038E50A76EB98944B
SHA-256:	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
SHA-512:	4F213391C01CFB017AB290007F3C7E66DB9B2A7A1EA4B4843DD52B0D7E5B1A5C04896BF1856806964F5A49C38A66403A8CDFE2C8C3EAF82C8318012F444DCD3F
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/captcha/style.css
Preview:	@font-face{font-family:FabricMDL2Icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/o365icons-mdl2.woff') format('woff');font-weight:400;font-style:normal}@font-face{font-family:office365icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/office365icons.woff?') format('woff');font-weight:400;font-style:normal}#loadingScreen{position:fixed;top:0;bottom:0;left:0;right:0;background-color:#fff}#loadingLogo{position:fixed;top:calc(50vh - 90px);left:calc(50vw - 90px);width:180px;height:180px}#MSLogo{position:fixed;bottom:36px;left:calc(50vw - 50px)}.dark #loadingScreen{background-color:#333}.darkNew #loadingScreen{background-color:#1f1f1f}.:root{--s:180px;--envW:130px;--envH:71px;--calW:118px;--sqW:calc(var(--calW) / 3);--sqH:37px;--calHH:20px;--calH:calc(var(--sqH) * 3 + var(--calHH));--calY:calc(var(--calH) + 20px);--calYExt:calc(var(--calH) - 80px);--calYOverExt:calc(var(--calH) - 92px);--flapS:96px;--flapH:calc(0.55 * var(--envH));--flapScal

Chrome Cache Entry: 168

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/logo_/HHQYWnY3IFRPcYu
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 169

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1354x768, components 3
Category:	dropped
Size (bytes):	48177
Entropy (8bit):	7.732251836099665
Encrypted:	false
SSDEEP:
MD5:	288112764462F5A9EE8D892849843598
SHA1:	8711C1622851C3480632760BEBB00A3CF477E740
SHA-256:	A1C84CDC1DDBACCDE66167320645DCA09B4060262261A29E745A95C659A018A4
SHA-512:	1C39DDFBCEA5E67EB3993739E4181D4804C089F72F317F8B2AB442324A06AB6A192632F8855345E3874AC4C5E84B7517B1BFB08017D42D4F27C8C364F1C13049
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................J.."................................................................................a....Z...dA..G....q..x..HE!.x.@......................................F.J....~!.P.>...}.O.}...y.\|?5...+._..}/.d..V...Z......,.S.......[.........,.x..MQ.....s+r[Z3..fi...~m...l....R;..............................................o.........Zh.....M7.^N....Y...?..+.....o<..N...R.5.}..N..:.....z.`.N...~S(....c.W..~t..~u....]..~v..~w..G.\|..~u....]..~t..~v..~u....o...\|..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t..~t....O.G.O.:~t..~t..~t..~t..~t..~v..~t..~t....O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.O.G.}../..\|.zO....<.<..\|>C...?o.~t.......Q...Q..?E..?E..?E..?E..?E..?E..?D....N..?E.f....w..:8...:8...:8...:8...:8...:8...:8...:8...rQ.v.....

Chrome Cache Entry: 170

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31803)
Category:	dropped
Size (bytes):	31842
Entropy (8bit):	5.341705273940054
Encrypted:	false
SSDEEP:
MD5:	6470A918BA1FD4B8D0882DF0269DDB82
SHA1:	97814FDAB64AA7D1B30F082F9EB272D4B1CE18A2
SHA-256:	FD4CE12A87594281AFCEE9C73A40FE7ACC282BCC9E764FBB3AFA1481A96A091E
SHA-512:	B8CB57985DBC03601BFC924EDADFEF62195A6BFDDA8543A08F565FDBB339ACEA3CFFE7DC4D4547D3F134965EBC9E39A3ACBA8E0635CCDD5F4D88F14BE72C163D
Malicious:	false
Reputation:	unknown
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).axios=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}function r(e,t,r){return t&&n(e.prototype,t),r&&n(e,r),Object.defineProperty(e,"prototype",{writable:!1}),e}function o(e,t){return function(e){if(Array.isArray(e))return e}(e)\|\|function(e,t){var n=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]\|\|e["@@iterator"];if(nul

Chrome Cache Entry: 173

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105417
Entropy (8bit):	5.226975237169787
Encrypted:	false
SSDEEP:
MD5:	8B31FB4AAC0B9BEE8622CE9AD3AB6A80
SHA1:	07F46409F552DCECDD093CD9C7E32C9B12683E47
SHA-256:	0B84488C7C47CD46DB83EDA73A419CD4529301D1E93F1D5842DAAA291631998E
SHA-512:	2137C1CD97C287418C5DE7CA429592630B0A7B50D4B9AA662BB3E3717449D53A2EBA3EDD41192D48A506337D29F21B97B039DF67A32D99F251B4E4AC02AA0DE0
Malicious:	false
Reputation:	unknown
URL:	https://docease.seitatu.net/css_/yuBPpbW30H9s52Q
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 174

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6024), with no line terminators
Category:	dropped
Size (bytes):	6024
Entropy (8bit):	5.295202855239353
Encrypted:	false
SSDEEP:
MD5:	D170F3128EC33D3D10AE3B63D4509583
SHA1:	986292B5D507BE37B81DE37C405FFE772A86EC5D
SHA-256:	965EE5CF38E33B966E9E27314F02D5F6C123264975F99617AA367A606A04C57C
SHA-512:	F414BF5C0777D2A476A2A677DD67919024FF93DAA3E0F7B6E61EC0245C93350A1D76AAFD1B7371FA6A1B49A8A6F4C68961BB1FC0FDB91D338B76259379D1AFD6
Malicious:	false
Reputation:	unknown
Preview:	const a0_0x2ceecf=a0_0x3787;(function(_0x102330,_0x174332){const _0x3eccca=a0_0x3787,_0x12b1c3=_0x102330();while(!![]){try{const _0x503629=parseInt(_0x3eccca(0x1a9))/0x1(parseInt(_0x3eccca(0x1ad))/0x2)+parseInt(_0x3eccca(0x1cc))/0x3+parseInt(_0x3eccca(0x1c4))/0x4+-parseInt(_0x3eccca(0x1a8))/0x5(-parseInt(_0x3eccca(0x1cf))/0x6)+parseInt(_0x3eccca(0x1c3))/0x7+parseInt(_0x3eccca(0x1bc))/0x8(-parseInt(_0x3eccca(0x1e2))/0x9)+parseInt(_0x3eccca(0x1db))/0xa(-parseInt(_0x3eccca(0x1e1))/0xb);if(_0x503629===_0x174332)break;else _0x12b1c3['push'](_0x12b1c3['shift']());}catch(_0x4fde36){_0x12b1c3['push'](_0x12b1c3['shift']());}}}(a0_0x5536,0x81ac6));const a0_0x369bda=(function(){let _0xda0fcb=!![];return function(_0x16dad8,_0x2dc7e0){const _0x3dc600=_0xda0fcb?function(){const _0x19e625=a0_0x3787;if(_0x2dc7e0){const _0x2aacb3=_0x2dc7e0[_0x19e625(0x1a2)](_0x16dad8,arguments);return _0x2dc7e0=null,_0x2aacb3;}}:function(){};return _0xda0fcb=![],_0x3dc600;};}()),a0_0x1cf6a5=a0_0x369bda(this,functio

Chrome Cache Entry: 176

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 82, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.002585360278503
Encrypted:	false
SSDEEP:
MD5:	C09C96D4D16A1B12C30372B42C631B08
SHA1:	5F3708E1C84DB62847F30665148273556FCC1A9C
SHA-256:	2619AF1441AA9B737211EA20CF085357F092CD2134049C9E70C3282D5EEA11EA
SHA-512:	264C2E74FF1C6721D05539559D6C997C18370EDCD08A99CDC4B54085A649174B77B96062398F59416A7A87DB7BA0EBDE51110A3BAB103744A714CF4355035CE3
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c7d01d83ed7c354/1727120435592/sI0ZKMM4XpJwBDu
Preview:	.PNG........IHDR...3...R.....vk{.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47261)
Category:	downloaded
Size (bytes):	47262
Entropy (8bit):	5.3974731018213795
Encrypted:	false
SSDEEP:
MD5:	E07E7ED6F75A7D48B3DF3C153EB687EB
SHA1:	4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
SHA-256:	96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
SHA-512:	A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js
Preview:	"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Static File Info

⊘No static file info