Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=

Overview

General Information

Sample URL:	https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVud
Analysis ID:	1535628

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML page contains obfuscated javascript

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1964,i,15674453264827099133,465942068165618772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

HTML page contains obfuscated javascript

Source: http://codeviro.com/.ja/#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=	HTTP Parser: (function(_0x5442ef,_0x19180b){function _0x18244d(_0x2451f6,_0x1902c2,_0x4a223e,_0x4ed4ee){return
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: function a0_0x1cd1(_0x20ddc0,_0x4f4cfd){var _0x488603=a0_0x5832();return a0_0x1cd1=function(_0x
Source: https://authy.drivetimeads360.com/js2_/671091c3062a4-dbe45bbbc6192f0f18b8fdb6a864d68b	HTTP Parser: const a0_0x47cda6=a0_0x2895;(function(_0x4d5865,_0xbd8d13){const _0x14ccd0=a0_0x2895,_0x24b2be=_0x4d

Phishing site detected (based on favicon image match)

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

HTTP Parser: Number of links: 0

Source: https://authy.drivetimeads360.com/&dm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=

HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20SREF6k%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

HTTP Parser: Title: eba8605e7557e848f9eda1af0be2a49e671091c28e000 does not match URL

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

HTTP Parser: Invalid link: reset it now.

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: Invalid link: Terms of use
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: Invalid link: Privacy & cookies
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: Invalid link: Terms of use
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: Invalid link: Privacy & cookies

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

HTTP Parser: <input type="password" .../> found

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232

HTTP Parser: No favicon

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: No <meta name="author".. found
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: No <meta name="author".. found

Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: No <meta name="copyright".. found
Source: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49784 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic

HTTP traffic detected: GET /.ja/ HTTP/1.1Host: codeviro.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.co.uk
Source: global traffic	DNS traffic detected: DNS query: codeviro.com
Source: global traffic	DNS traffic detected: DNS query: authy.drivetimeads360.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msauthimages.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49784 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@22/24@26/207

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1964,i,15674453264827099133,465942068165618772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1964,i,15674453264827099133,465942068165618772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
codeviro.com	0%	Virustotal		Browse
code.jquery.com	1%	Virustotal		Browse
authy.drivetimeads360.com	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
codeviro.com	192.250.231.230	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		unknown
code.jquery.com	151.101.130.137	true	false	1%, Virustotal, Browse	unknown
authy.drivetimeads360.com	188.114.96.3	true	false	1%, Virustotal, Browse	unknown
sni1gl.wpc.upsiloncdn.net	152.199.21.175	true	false		unknown
www.google.co.uk	142.250.185.99	true	false		unknown
challenges.cloudflare.com	104.18.95.41	true	false		unknown
www.google.com	216.58.212.132	true	false		unknown
aadcdn.msauthimages.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://codeviro.com/.ja/	false		unknown
https://authy.drivetimeads360.com/&dm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=	false		unknown
https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.99	www.google.co.uk	United States		15169	GOOGLEUS	false
142.250.186.78	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States		15169	GOOGLEUS	false
216.58.212.132	www.google.com	United States		15169	GOOGLEUS	false
104.18.94.41	unknown	United States		13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
216.58.206.46	unknown	United States		15169	GOOGLEUS	false
142.250.185.170	unknown	United States		15169	GOOGLEUS	false
142.250.181.227	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	unknown	European Union		13335	CLOUDFLARENETUS	false
188.114.96.3	authy.drivetimeads360.com	European Union		13335	CLOUDFLARENETUS	false
151.101.66.137	unknown	United States		54113	FASTLYUS	false
152.199.21.175	sni1gl.wpc.upsiloncdn.net	United States		15133	EDGECASTUS	false
192.250.231.230	codeviro.com	United States		36454	CNSV-LLCUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
142.250.74.195	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1535628
Start date and time:	2024-10-17 06:24:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.google.co.uk/url?q=2RUDu&rct=2RUDu&sa=t&esrc=2RUDu&source=&cd=2RUDu&uact=&url=amp%2F%63%6F%64%65%76%69%72%6F%2E%63%6F%6D%2F%2E%6A%61%2F#zFqKgE-SUREJACKdm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@22/24@26/207

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.186.78, 108.177.15.84, 34.104.35.123, 2.16.100.168
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: challenges.cloudflare.com
VT rate limit hit for: http://codeviro.com/.ja/
VT rate limit hit for: www.google.co.uk
VT rate limit hit for: www.google.com

LLM Input / Output

Input	Output
URL: https://authy.drivetimeads360.com/&dm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20= Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://authy.drivetimeads360.com/&dm1hbnRocmlwcmFnYWRhQG1vbnRyb3NlLWVudi5jb20= Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare", "Microsoft" ] }
	```json { "brands": [ "Cloudflare", "Microsoft" ] }
URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign in to continue", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: claude-3-haiku-20240307	```json { "brands": [ "Montrose Environment" ] }
	```json { "brands": [ "Montrose Environment" ] }
URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: gpt-4o	```json{ "legit_domain": "montrose-env.com", "classification": "unknown", "reasons": [ "The URL 'authy.drivetimeads360.com' does not match any known domain associated with 'Montrose Environment'.", "The domain 'drivetimeads360.com' does not appear to be related to 'Montrose Environment'.", "The use of 'authy' as a subdomain is suspicious and often used in phishing attempts to mimic authentication services.", "The brand 'Montrose Environment' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.", "The presence of a password input field on a domain not associated with the brand increases the risk of phishing." ], "riskscore": 8}
URL: authy.drivetimeads360.com Brands: Montrose Environment Input Fields: Password
URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Enter password", "prominent_button_name": "Sign in", "text_input_field_labels": [ "Enter password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: claude-3-haiku-20240307	```json { "brands": [ "Montrose Environment" ] }
	```json { "brands": [ "Montrose Environment" ] }
URL: https://authy.drivetimeads360.com/816125027fe57a95881387691ab201cd671091c29c22fsec&uid=f253efe302d32ab264a76e0ce65be769671091c29c232 Model: gpt-4o	```json{ "legit_domain": "montrose-env.com", "classification": "unknown", "reasons": [ "The URL 'authy.drivetimeads360.com' does not match any known domain associated with 'Montrose Environment'.", "The domain 'drivetimeads360.com' does not appear to be related to 'Montrose Environment'.", "The use of 'authy' as a subdomain is suspicious and could indicate a phishing attempt, especially when combined with a password input field.", "The brand 'Montrose Environment' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'.", "The presence of a password input field on a domain not associated with the brand increases the risk of phishing." ], "riskscore": 8}
URL: authy.drivetimeads360.com Brands: Montrose Environment Input Fields: Enter password

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 17 03:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9923979864506594
Encrypted:	false
SSDEEP:
MD5:	6C332C57F58F5F5DB4BC27729A6F29E8
SHA1:	61350136BE58A5C9ADECE1BD26153BF3C18A941F
SHA-256:	07A9DF4CB61F2EC62CBF50F9798735583192B9994FE6B368756C2E776BA70097
SHA-512:	AD36D44A7A51982FC84116AF3791577CF676A03068D6FF18F93ECB9F05C1CEDAEE9260ECF66285AD615C19A703345685A7FE7065D92ACD99260DE0981D4B0B42
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....E..L ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQY'#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 17 03:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.008345514533919
Encrypted:	false
SSDEEP:
MD5:	D4EFDFA4E39C47F0E3BACED675D4588B
SHA1:	03D256518C5DAB019D7C454CF51CD1ECB1B3D22F
SHA-256:	B94256AAC107A2EC8378436A71CE85E651240223D2BA3CB374AC2DDD47AEFA38
SHA-512:	73928A21A92D7C0D00A2988DA2A07DE5A546BC3F9D924B0A20ADA5F6AA342A3DD388C85CEF40629BF7A44D5C1291A86BD6DE12E78874D0558B76E43B22F79C26
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....L...L ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQY'#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.01644803192834
Encrypted:	false
SSDEEP:
MD5:	1FCD1227DEC0EB5895722434DBC9FD2F
SHA1:	9E58F70335A16D44FDDA7AA219F8C7273DC56021
SHA-256:	77455B72AA63165045174377F7917E1FEB2790DC4867724E9D93743A83A23B94
SHA-512:	1857638F42B7242A394C45AE71EE213B30DAC07283D50C6187ACF56BC24B25A24DCDA5ECD5C680C08B3D61043A96D93B80E6D0032D49AC3504C3734FC57B96CA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 17 03:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0073288094625115
Encrypted:	false
SSDEEP:
MD5:	8E69423A1296EEF0B838BA37027A86CC
SHA1:	76681C9ACFC65682F67C70FD7BA6F8375E9555C2
SHA-256:	952792FA0638EC6F35EF6FA8A0CB62068292FF315AB8FB7A69252AB47FD5CFFE
SHA-512:	622B90D3FB390D85D8058EAC1725E5D2E8579CCA0E9A75317CA1601CB62BE11589881DBA69F9D1B4B6DF5E73C9994864FF2909B33E40B87CB32C433178672CA6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........L ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQY'#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 17 03:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9939257045580767
Encrypted:	false
SSDEEP:
MD5:	3D9ECDD8CE69AD0ADCEF76EBA9AA08C3
SHA1:	342646C33820DAE7E1320C984B13A307C1D0BABC
SHA-256:	2EF05749B57F540891DF394451492D1B79208FB8518CABA43DE7FEBBFB9D2218
SHA-512:	C6607527D9962FFB0E234A34D29373505F352392ED872D3CC65FC34C6E009DDB437095F24467ED9BDA585B7ADCF92D61FE1A04C9C457E9758D2B79E96066B46D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....)..L ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQY'#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 17 03:25:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.005573645985048
Encrypted:	false
SSDEEP:
MD5:	A15D0974E778D2AE4A7B6D64C197BF4D
SHA1:	7E5C3E2595F42FBEC08AB7900DD0955DA135093E
SHA-256:	7E2F1D48E443392BF1B477E5B65CCD3E1BCFDD81C8B03B424786D37EC2F9BC4D
SHA-512:	45FAF9906DB2223DEB157DF62780CA9292013EAB641033434D3E1E305041BAC439E71BE2CC1B4CBAF8E5D68B3369A07C96239F23EAC96CF61B01291E95EA5581
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......L ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQY.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQY&#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQY&#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQY&#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQY'#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/left_/f16juuYl68YC8qx
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105456
Entropy (8bit):	5.227044897009775
Encrypted:	false
SSDEEP:
MD5:	4C674D8D4294C4A6B763AA1FC836827C
SHA1:	88DEC91B36CAD6555FB73B9ED28D6FDC7A944467
SHA-256:	99855F2433E80A925CE4CABD975E2DD7A9FE01FAB8E164B26F67010FF5769EC0
SHA-512:	80B73385D21512B2FD10690F08EE99B6FD2D1123920ABACF7A864841F07F817EE1BCC5C466ACC27209A094E31D334E4532AE7EFE7F2F7D7427E67CC567F20733
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/css_/Z7cSOMJEDsO3EbJ
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3202
Entropy (8bit):	4.236796532981122
Encrypted:	false
SSDEEP:
MD5:	7D2B8F25545A2894E2721E9FE528E34C
SHA1:	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C
SHA-256:	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
SHA-512:	FE1F84AF0BA1100B2A90EE6FBFBD3763EF34D1A3BF045345538302ECE7D37EAADC9A9CD0E09C2030E62B13A55E118A2417B27F14336C271758BFB3E256906385
Malicious:	false
Reputation:	unknown
Preview:	<svg id="MSLogo" width="99" height="22" xmlns="http://www.w3.org/2000/svg">..<g fill="none" fill-rule="evenodd">..<path fill="#737474"..d="m34.64 12.07-.58 1.65h-.04c-.1-.39-.28-.93-.56-1.63l-3.14-7.9h-3.08v12.56h2.03V9.03l-.03-1.7c-.01-.34-.05-.6-.06-.81h.05c.1.47.2.83.28 1.07l3.78 9.16h1.42l3.75-9.24c.08-.21.17-.62.25-1h.05c-.05.92-.1 1.76-.1 2.26v7.98h2.17V4.2h-2.96l-3.23 7.88z"../>..<path d="M0 20.96h98.15V0H0z" />..<path fill="#737474"..d="M42.87 16.75h2.11v-9h-2.11zm1.08-12.82c-.35 0-.66.12-.9.35a1.17 1.17 0 0 0-.38.88c0 .35.12.64.37.87.25.23.55.34.9.34s.67-.11.92-.34c.25-.23.38-.52.38-.86 0-.34-.13-.64-.37-.88a1.26 1.26 0 0 0-.92-.36m8.53 3.73a5.9 5.9 0 0 0-1.19-.12c-.97 0-1.83.2-2.57.62-.74.4-1.3 1-1.7 1.74a5.57 5.57 0 0 0-.01 4.9c.37.7.9 1.23 1.58 1.6.67.38 1.45.57 2.31.57 1.01 0 1.87-.2 2.56-.6l.03-.02v-1.94l-.1.07c-.3.23-.65.4-1.03.54a3.12 3.12 0 0 1-1.01.2c-.83 0-1.5-.26-1.98-.78a3 3 0 0 1-.73-2.14c0-.9.25-1.65.76-2.2a2.6 2.6 0 0 1 1.98-.81c.7 0 1.38.23 2.02.7l.09.06V8.01L5

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47459)
Category:	downloaded
Size (bytes):	47460
Entropy (8bit):	5.397735966179774
Encrypted:	false
SSDEEP:
MD5:	5D332FD1AE9FEB79A10425DFC3F84FE4
SHA1:	C7D7F9D2BF5EE08E242765803CDD3A223FE1CBFC
SHA-256:	2EA786910282DF7AE154A0011375CD1254ADBD8EF0E75EB62177ADA67DAF9611
SHA-512:	01CDAC8103290B0FC1BF9BE8EE3923BFA6B8AD7778FF6B4716E421D6BBB3382240D9316B9994D6F4EA87E67DA9791EB8E3E2A1AAF81DBD749B3C8D7778E15F20
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js
Preview:	"use strict";(function(){function Wt(e,r,n,o,c,l,h){try{var f=e[l](h),p=f.value}catch(s){n(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function h(p){Wt(l,o,c,h,f,"next",p)}function f(p){Wt(l,o,c,h,f,"throw",p)}h(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	dropped
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/js___/671091c30627e-dbe45bbbc6192f0f18b8fdb6a864d68b
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 100, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	24B81702EF87E49427AB4E9438BC4293
SHA1:	432559B445AF69B257529AD48A575D954A304B99
SHA-256:	24C42DCE56067CC495AC510EA8CE1F7F3D9181C24FB2E3183BECA03E0AF5C3E0
SHA-512:	7BD9319D0E15544BF850957D98AC54A4CF215AF717E7E8F2F281DD329EDC69DAEA8C7493CE0B92D286ED6485FB99366D6D54DA32E36B2F8D816E8E2FFE218CE7
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d3d863408406c4a/1729139124899/Yv9K1TsVD3xV7w3
Preview:	.PNG........IHDR...Y...d.....b.......IDAT.....$.....IEND.B`.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=24, height=1080, bps=0, compression=none, PhotometricIntepretation=RGB, description=Plants emerge though asphalt, symbol for bright hope of life and success., manufacturer=Canon, model=Canon EOS 6D, width=1920], baseline, precision 8, 1920x1080, components 3
Category:	dropped
Size (bytes):	194326
Entropy (8bit):	7.944298098810447
Encrypted:	false
SSDEEP:
MD5:	2D5255FC3224A9A94AA712DABD1BCE77
SHA1:	1D66591B45F422738375A9E5ADB26E501D108832
SHA-256:	0CB32BB8877FAA5821EED7DF0049C30D2CAC81930F87A55AC9B595C472551C90
SHA-512:	9F78CE891D9AD062CE885665378A8D7438636DF1D68FF13E3B3EC58BC832B6D6319FB94F5EC077443B9C58916F1E69C841176EB4FDDC478DBA187B555A383E55
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....x.x......Exif..MM.*...........................8.............................................J...4...........~.............................................................(...........1...........2...........;.....................i..........0...........2.........}.1...........2...........4...........5....................Plants emerge though asphalt, symbol for bright hope of life and success..Canon.Canon EOS 6D...x.......x......paint.net 4.0.21..2018:10:25 13:50:42.greenaperture.greenaperture............................"...........'.......}..........0230...........&...........:...........N...........V...........^...........f...................................n........68..........68.........................8...........v...........~.......................................................................(...8....2016:04:24 17:25:18.2016:04:24 17:25:18..Q4...B@.K.f..B@...................i.....L.......L........378051000699.............i....................EF24-105mm f/4L IS U

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3379)
Category:	downloaded
Size (bytes):	4210
Entropy (8bit):	5.364580472613482
Encrypted:	false
SSDEEP:
MD5:	59087D72EEDCB7650C9D5D6088440DD3
SHA1:	97B607FCE11F640E5764699038E50A76EB98944B
SHA-256:	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
SHA-512:	4F213391C01CFB017AB290007F3C7E66DB9B2A7A1EA4B4843DD52B0D7E5B1A5C04896BF1856806964F5A49C38A66403A8CDFE2C8C3EAF82C8318012F444DCD3F
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/captcha/style.css
Preview:	@font-face{font-family:FabricMDL2Icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/o365icons-mdl2.woff') format('woff');font-weight:400;font-style:normal}@font-face{font-family:office365icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/office365icons.woff?') format('woff');font-weight:400;font-style:normal}#loadingScreen{position:fixed;top:0;bottom:0;left:0;right:0;background-color:#fff}#loadingLogo{position:fixed;top:calc(50vh - 90px);left:calc(50vw - 90px);width:180px;height:180px}#MSLogo{position:fixed;bottom:36px;left:calc(50vw - 50px)}.dark #loadingScreen{background-color:#333}.darkNew #loadingScreen{background-color:#1f1f1f}.:root{--s:180px;--envW:130px;--envH:71px;--calW:118px;--sqW:calc(var(--calW) / 3);--sqH:37px;--calHH:20px;--calH:calc(var(--sqH) * 3 + var(--calHH));--calY:calc(var(--calH) + 20px);--calYExt:calc(var(--calH) - 80px);--calYOverExt:calc(var(--calH) - 92px);--flapS:96px;--flapH:calc(0.55 * var(--envH));--flapScal

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (62637), with CRLF line terminators
Category:	downloaded
Size (bytes):	126303
Entropy (8bit):	5.2390033963141995
Encrypted:	false
SSDEEP:
MD5:	C6124D923210C382B3F64C6FB63754AF
SHA1:	2E322A1AB4CC39F42A5ACD534736EDF9CB472EEE
SHA-256:	254FCBC4B8E41C5E1D62601827B8068197CBC6AC124D43F95E49133151DD45CA
SHA-512:	EAB2EA29415C20242427022ECBA49643531D3044E6964DD71F76D4ABC2893BD05DE95BD7139EE6F8CA4675CD7334875A806778B1095D5E1018376261DF2633AC
Malicious:	false
Reputation:	unknown
URL:	http://codeviro.com/.ja/
Preview:	......<!DOCTYPE html>..<html>..<head>.. .. <meta name="description" content="Apples are one of the most popular fruits in the world, and for good reason. They are delicious, nutritious, and versatile. This article will provide you with everything you need to know about apples, including their history, types, health benefits, and how to eat them." />..</head>..<body>.. <div id="s63hd" style="display:none">.. <h1>Apples: A Comprehensive Guide</h1>.... <p>Apples are one of the most popular fruits in the world, and for good reason. They are delicious, nutritious, and versatile. Apples can be eaten fresh, cooked, or baked, and they are used in a wide variety of dishes.</p>.... <section id="history">.. <h2>History of apples</h2>.... <p>Apples have been cultivated for thousands of years. The earliest evidence of apple cultivation dates back to Central Asia, where apples were grown around 6500 BC. Apples were eventually introduced to Europe and North America, an

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5922), with no line terminators
Category:	dropped
Size (bytes):	5922
Entropy (8bit):	5.279360748892287
Encrypted:	false
SSDEEP:
MD5:	33ADC1790FF18DFF94960F10115A6CDC
SHA1:	365C5B75DABC57168C401E9C660EE605B5135321
SHA-256:	FC57EF2D72AFB789341E354E7F053817B00C821BA917230C3DEA3563CE893FAB
SHA-512:	B5646637204720699ACC61E2E2EDDD8CB1F8C102352731CB1E7F426D8D23563322E61C0AF311B01B938D94E681B531EA3F017BF27E8CF87E0E7098455311BA5F
Malicious:	false
Reputation:	unknown
Preview:	const a0_0x47cda6=a0_0x2895;(function(_0x4d5865,_0xbd8d13){const _0x14ccd0=a0_0x2895,_0x24b2be=_0x4d5865();while(!![]){try{const _0x3974f0=parseInt(_0x14ccd0(0xc2))/0x1+parseInt(_0x14ccd0(0x99))/0x2(parseInt(_0x14ccd0(0x9e))/0x3)+-parseInt(_0x14ccd0(0xb0))/0x4(-parseInt(_0x14ccd0(0xa7))/0x5)+parseInt(_0x14ccd0(0xab))/0x6+-parseInt(_0x14ccd0(0xa9))/0x7+-parseInt(_0x14ccd0(0xd3))/0x8+-parseInt(_0x14ccd0(0x97))/0x9*(parseInt(_0x14ccd0(0xcb))/0xa);if(_0x3974f0===_0xbd8d13)break;else _0x24b2be['push'](_0x24b2be['shift']());}catch(_0xf406d5){_0x24b2be['push'](_0x24b2be['shift']());}}}(a0_0x627d,0x1b1b0));const a0_0x2eb462=(function(){let _0x3801e0=!![];return function(_0x5316d8,_0x38972f){const _0x7d3d88=_0x3801e0?function(){const _0x1b3795=a0_0x2895;if(_0x38972f){const _0x33fe8d=_0x38972f[_0x1b3795(0xb7)](_0x5316d8,arguments);return _0x38972f=null,_0x33fe8d;}}:function(){};return _0x3801e0=![],_0x7d3d88;};}()),a0_0x70f96c=a0_0x2eb462(this,function(){const _0x26886c=a0_0x2895;return a0_0x7

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/fav/Zod4Af7OBE7aZM2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	D6B82198AF25D0139723AF9E44D3D23A
SHA1:	D60DEEF1847EEEF1889803E9D3ADC7EDA220F544
SHA-256:	A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
SHA-512:	B21BEE2EEC588308A9DC3C3C2405377704B39B08AA20CBA40BA6E6834E67CF6F2C086E0701F5B05AEE27E2677E9C5C24FF137318275ACA00DD063DF3DCC07D4D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmUYTTEFb_zdRIFDVd69_0=?alt=proto
Preview:	CgkKBw1Xevf9GgA=

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31803)
Category:	downloaded
Size (bytes):	31842
Entropy (8bit):	5.341705273940054
Encrypted:	false
SSDEEP:
MD5:	6470A918BA1FD4B8D0882DF0269DDB82
SHA1:	97814FDAB64AA7D1B30F082F9EB272D4B1CE18A2
SHA-256:	FD4CE12A87594281AFCEE9C73A40FE7ACC282BCC9E764FBB3AFA1481A96A091E
SHA-512:	B8CB57985DBC03601BFC924EDADFEF62195A6BFDDA8543A08F565FDBB339ACEA3CFFE7DC4D4547D3F134965EBC9E39A3ACBA8E0635CCDD5F4D88F14BE72C163D
Malicious:	false
Reputation:	unknown
URL:	https://authy.drivetimeads360.com/__static/248789cdf7bbac885bc813d6d0e0c436671091c3062b5
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).axios=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}function r(e,t,r){return t&&n(e.prototype,t),r&&n(e,r),Object.defineProperty(e,"prototype",{writable:!1}),e}function o(e,t){return function(e){if(Array.isArray(e))return e}(e)\|\|function(e,t){var n=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]\|\|e["@@iterator"];if(nul

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 400 x 110, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	7527
Entropy (8bit):	7.873117358489303
Encrypted:	false
SSDEEP:
MD5:	5680ABB969964763E4CF1BD4941EA34E
SHA1:	D15650C62065CE0193C6A3ACE63E18D58BE07BAD
SHA-256:	6F1DCBBB79493BF00210A3629E3AF788A2C9513DEE1940967300F2E6272D352A
SHA-512:	DCA325C6074F05EA609DF96433F5AA0A7B7E66178FB363967E198184AAECCFF37FDB683771CB2224EEF8A4467AC68C9F547DDC938A8FD475B97AD2C51067668B
Malicious:	false
Reputation:	unknown
URL:	https://aadcdn.msauthimages.net/dbd5a2dd-j44neq4v7dg12canrzqhxqgkkto4iavlbdh0kyyq69u/logintenantbranding/0/bannerlogo?ts=638223597241559243
Preview:	.PNG........IHDR.......n.....>..#....sRGB.........gAMA......a.....PLTE8}N..?e.?\.=z.=~.=..Q..K..L..M..S..R&.L4.M(.M8.L(.R7.W(.T8.U..Q..N..S(.M9.L).S7.S<.b=.gI.NG.MS.NG.WG.VU.Xe.Fi.ZG.LW.L[.JH.SW.VZ.Tf.Kt.Lh.Ix.Hg.Vu.Xj.Sy.VL.qF.eV.eV.uf.gs.lj.uw.vI.iY.gM.qX.v[.zh.hw.gi.jz.if.wu.wi.wx.x{.Cz.mv.w..>..=..<..=..L..I..K..V..V..W..]..O..t..l..b..f..h..v..v..f..~..^..D..E..@..X..E..D..W..l..h..w..y..g..m..g..k..w..{..z..z.t..w.'w.&{..{.&}....,..7..*..5..:..[.._..u..f..j..x..y..C..J..Z..i..o.{.{.............%..7..'..9..&..5..$..9.....-..2..'........&..(..J..W..G..W..F..X..F..W..b..g..s..g..u..S..I..W..X..x..g..x..f..x..j..u..l.....k..w..~..~..\|................................................................................................................................................Nf....tRNS......................................................................................................................................................

Static File Info

⊘No static file info