Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01

Overview

General Information

Sample URL:	https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/
Analysis ID:	1544062

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML page contains obfuscated javascript

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 6264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,9561173104173412098,5589010220219904130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

LLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'embe.elansconstruction.com' does not match the legitimate domain for Microsoft., The domain 'elansconstruction.com' does not appear to be related to Microsoft, which is suspicious., The presence of a subdomain 'embe' and the unrelated primary domain suggest potential phishing., The input fields 'Email or phone' are commonly targeted in phishing attempts to harvest credentials. DOM: 3.9.pages.csv

HTML page contains obfuscated javascript

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

HTTP Parser: var a0_0x5caa1d=a0_0x4407;function a0_0x4407(_0x1a3a04,_0x483c3b){var _0x3655f4=a0_0x2c14();re

Phishing site detected (based on favicon image match)

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

HTTP Parser: Number of links: 0

Source: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88

HTTP Parser: Base64 decoded: 1730139599.000000

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

HTTP Parser: Title: 566f56bec2e12df2436342b3b464aa2f671fd5f4117ac does not match URL

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: Invalid link: Terms of use
Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: Invalid link: Privacy & cookies
Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: Invalid link: Terms of use
Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: Invalid link: Privacy & cookies

Source: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88

HTTP Parser: No favicon

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: No <meta name="author".. found
Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: No <meta name="author".. found

Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: No <meta name="copyright".. found
Source: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.17:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.143:443 -> 192.168.2.17:49836 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: e.trustifi.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: be.trustifi.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ckbox.cloud
Source: global traffic	DNS traffic detected: DNS query: embe.elansconstruction.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.17:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.143:443 -> 192.168.2.17:49836 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@20/37@38/302

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,9561173104173412098,5589010220219904130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,9561173104173412098,5589010220219904130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
be.trustifi.com	104.26.5.170	true	false		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		unknown
ckbox.cloud	52.222.169.57	true	false		unknown
e.trustifi.com	172.67.72.31	true	false		unknown
static.cloudflareinsights.com	104.16.80.73	true	false		unknown
embe.elansconstruction.com	188.114.97.3	true	true		unknown
code.jquery.com	151.101.130.137	true	false		unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		unknown
challenges.cloudflare.com	104.18.94.41	true	false		unknown
www.google.com	142.250.186.164	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88	false		unknown
https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7	true		unknown
https://embe.elansconstruction.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
99.86.4.123	unknown	United States		16509	AMAZON-02US	false
216.58.206.72	unknown	United States		15169	GOOGLEUS	false
172.217.18.14	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
142.250.185.168	unknown	United States		15169	GOOGLEUS	false
104.16.80.73	static.cloudflareinsights.com	United States		13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
172.217.23.110	unknown	United States		15169	GOOGLEUS	false
142.250.186.131	unknown	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
104.16.79.73	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.184.206	unknown	United States		15169	GOOGLEUS	false
172.67.72.31	e.trustifi.com	United States		13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.26.5.170	be.trustifi.com	United States		13335	CLOUDFLARENETUS	false
52.222.169.57	ckbox.cloud	United States		16509	AMAZON-02US	false
104.18.95.41	unknown	United States		13335	CLOUDFLARENETUS	false
142.251.173.84	unknown	United States		15169	GOOGLEUS	false
142.250.181.226	unknown	United States		15169	GOOGLEUS	false
142.250.185.170	unknown	United States		15169	GOOGLEUS	false
142.250.181.227	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	embe.elansconstruction.com	European Union		13335	CLOUDFLARENETUS	true
188.114.96.3	unknown	European Union		13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States		15169	GOOGLEUS	false
172.217.16.195	unknown	United States		15169	GOOGLEUS	false
142.250.186.66	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544062
Start date and time:	2024-10-28 19:19:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@20/37@38/302

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.23.110, 142.251.173.84, 34.104.35.123, 142.250.181.227, 142.250.181.226, 142.250.186.66, 172.217.18.14
Excluded domains from analysis (whitelisted): clients2.google.com, www.googleadservices.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245/fb6752/33794d/6e0d28/60381b/a98a06/87eaef/01f4e4/642891/927008/b3d84b/be88ef/6f56ca/922d7f/c2017a/2b28ce/5f100a/ab5cfe/ca732f/ba9f64/6c13c0/db448e/12afff/ea859a/0054d0/06ab25/ddf455/c36939/fe771f/592f7f/fd9f55/51d733/4f5c46/02cddd/dbef71/7c02e0/b3eaba/7eac45/4a8768/a7dd16/2174e0/de559c/dacc2a/571f0f/f5f216/44ee34/abbbf4/b6cd49/d82da6/795ff3/bc1fdf/8febc7/4b7488/0cb4fb/7ef03b/a191c5/4d2316/483906/0c1e88

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://e.trustifi.com
URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Not sure why you received this email or why you need to authenticate? Contact the email's sender", "prominent_button_name": "Need help? Click here", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "EMBE Consulting Eng Signed Progress Report", "prominent_button_name": "Reply", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "EMBE Consulting Eng Signed Progress Report", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "brands": ["Loading..."] }
	```json { "brands": ["Loading..."] }
URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "EMBE Consulting Eng Signed Progress Report for your review and approval-copies-scan.pdf", "prominent_button_name": "Open", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "brands": [ "Trustifi" ] }
	```json { "brands": [ "Trustifi" ] }
URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "brands": [ "Trustifi", "EMBE Consulting Engineers Inc." ] }

URL: https://e.trustifi.com/#/fff2a6/655144/3ac50c/e93bb8/594e42/41c163/f1cd98/92ee40/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/848a7a/9632d0/879ea4/bcfc0d/744595/93daa1/f34456/a15015/3ddaed/fad545/1fd970/328bf8/9bb3f0/c514cd/df7a51/88456c/c9366d/790245 Model: claude-3-haiku-20240307	```json { "brands": [ "Trustifi", "EMBE Consulting Engineers Inc." ] }

URL: https://embe.elansconstruction.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying...", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://embe.elansconstruction.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://embe.elansconstruction.com
URL: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign in", "prominent_button_name": "Next", "text_input_field_labels": [ "Email or phone" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7 Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7 Model: gpt-4o	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'embe.elansconstruction.com' does not match the legitimate domain for Microsoft.", "The domain 'elansconstruction.com' does not appear to be related to Microsoft, which is suspicious.", "The presence of a subdomain 'embe' and the unrelated primary domain suggest potential phishing.", "The input fields 'Email or phone' are commonly targeted in phishing attempts to harvest credentials." ], "riskscore": 9} Google indexed: False
URL: embe.elansconstruction.com Brands: Microsoft Input Fields: Email or phone
URL: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Enter a valid email address, phone number, or Skype name.", "prominent_button_name": "Next", "text_input_field_labels": [ "sddfsdfsASDADASDDASDFDS" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7 Model: claude-3-haiku-20240307	```json { "brands": [ "Microsoft" ] }
	```json { "brands": [ "Microsoft" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://elansconstruction.com

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:19:59 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984651876296617
Encrypted:	false
SSDEEP:
MD5:	614A9AD49008C8C77BA399671CD1B1D8
SHA1:	F0493194AD6DE64B32A3D1D9AF64E89AA1AB0BF9
SHA-256:	6A695C959350DC3E4DFF4D98EF3954968E4B342BCB5E8384738F7ADF531AD88B
SHA-512:	7031E330D1617D1259F1FE90BBCD3E05AD58404CBF4B086720AECEAD5B97C2F166E172999A00F87D06F7D03B4FA7B24CCDCF66C4924924378DC0B2B083225339
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....].e)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:19:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0003149755534
Encrypted:	false
SSDEEP:
MD5:	F71BB7AD9EA1CC91D1E37C625AC096D0
SHA1:	048F93DC85423508C70DF1CE83692627C898CB98
SHA-256:	74E5FA8DCFCA327B0DC67AFB8BFA2D8834B3151132D5C69CA6EAC90A128F7485
SHA-512:	165FF9303EA6C4DBC9A14064C6DB344C374CD99D355C5B2F0F256DBCA28D73605E65554855A0EB3ABED2218850A2DC0D9CB6D97B96B7DBDC05F766E63286CFCD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......Q.e)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0095675307086
Encrypted:	false
SSDEEP:
MD5:	E3B5B4BA05553EE2B06993445CA4E671
SHA1:	3DD6BCCD09F053E186BFBB9FBB13A23368A8976B
SHA-256:	3105F6E16233EB2219BCE07E08AB845109C2D3A7858896D5BE53149442319D28
SHA-512:	0691021C94F09AA57CC2A4303E07A61260064B81A5AA25B866BC7EC4C1E68BD69C4F928F4E0DEC43968CE29C87B856E280CD5A13D3182D60E6EC1C3F36832258
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:19:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.997150589864816
Encrypted:	false
SSDEEP:
MD5:	8EC7F8F9B7AD8A9F9329AF40364C819B
SHA1:	D16CC3E135616E423BF7E96C171DD2A7B82B7209
SHA-256:	714063056AE6BE8A0FFFB829CDB753F8A0BE1D1543B0F566F3538A74076D309B
SHA-512:	CE55A0F1BE60C59A527C92C0155684D4D305948780309309B625E5A3572BDA8FF164B29D02C3D0A328264CC06DCDC168E6CA2D3FD1228A7A904AC700844F1E8F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....J.e)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:19:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9833341099544066
Encrypted:	false
SSDEEP:
MD5:	0A0B1B3FE83056C8D46EF6EE3021EBEA
SHA1:	9DCC0AF52BF658F8A7F7BD1FEEF94A19D9F0AF03
SHA-256:	3A5B5DA81BEA7DA90FAAB618B3A8533E82BBA4C1796853E5B8D27C57C28A5FB8
SHA-512:	07ACB19E5456E970C5A71EE12AE7443C3D3B35B0205285F055B3DE40D5B857A991D2FB50F143D373780B92B5C766029DC64BC940C380220C2E5AC1CC7D136B7F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....CUW.e)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:19:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.996409443603309
Encrypted:	false
SSDEEP:
MD5:	57B47DD338B4B4D17034A695CE5B2EA4
SHA1:	E77690D4009EBADF32AE6287E2F313A66A3D82E0
SHA-256:	1934830E60FD059B5C793356ADE5DA8CDAF13FAE6676CFC447DF21BBBE9B47FB
SHA-512:	3590759823E35333DB0ACF88B55B066E8C78F9F8177E763EBCF06F6D8C96C8CD239A6F2693716B527DDB1CE08894641C996DAD52E11A2A2393647FF822AB13CF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....@.e)......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I\Yr.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y\|.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V\Y\|.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V\Y\|............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V\Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............j.U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47671)
Category:	dropped
Size (bytes):	47672
Entropy (8bit):	5.4016434300784555
Encrypted:	false
SSDEEP:
MD5:	EC4B20037C896C5F60640105C6EA36B1
SHA1:	A9A74169679305B6EF1B76470F5CB746D9420213
SHA-256:	FBACCE424D00878284DB8C04089F007944324D9CD2432DB2472E4CF62A39DBBF
SHA-512:	1AD0209E6BEFE4444E62BFD01EA8FC5302674A047313908E963AFB787D83E572DB6AEF7EFEBB6D294A0310DECD51E54C17ACE28E7CDF651BB588AE4A17030102
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	722
Entropy (8bit):	7.617650865641012
Encrypted:	false
SSDEEP:
MD5:	50692A2B1106C8388CC99AE006A17735
SHA1:	5E770B6E9459EC480CEAECF331A338A50DCE4C53
SHA-256:	273DFD7F99A29A40004E0BBAE00B138DD8C9580EE0AB543D4FBDAA307D38B49C
SHA-512:	860D95839D7E783A198FD487B6E9F80C662D2A66A76EF3ADCE9F67B91FE6103FD53539A67D5F713CBF9D65AEC089C06C9678252AC341C5B866A1B163AE83BBAF
Malicious:	false
Reputation:	unknown
URL:	https://ckbox.cloud/e1a6c21d6b69979a0dbc/assets/3yKgi7AG_2KX/images/64.webp
Preview:	RIFF....WEBPVP8X........?..?..ALPH[...._`.m.........#".m....m;.Kb 5.-]ZP...l.N...4.(........w..[i..T..BE......~..\|Q.F%.rZ.L.[.4..VP8 H...P....@.@.>.4.G.".!1.8....f...>E.q..A.W..<J.Hy....M.......".K...x......>.'./X.W<..Pt.>...V../.S;.?....2f$..\...........:.....:. ......^\.$F s.l....w......+...W.N,{.xwv.G."....cDg.........-.#...D.N7v...2..4..t....{.R.9.....4#k.\K....;...i..c.K........QDj0....H...d.#`9..bS=..5..<...$..............X....0_!.....Fm..>@.F90\|.a...G...po. ..9.pm. -.X...A.o.....azh.d..9.4.0>p.%^..5..[..x.......,.N.yw.....R.LU&."..=..$\9'f.......41q.]......=BW..v..i.......YU..HGQE.j.6.0O.........9.e...!.<.X.r...=]W..R.6f2...n..t..Tmx.....&6Sf.x..[.jcF...........*.\op2....

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8168), with no line terminators
Category:	dropped
Size (bytes):	8168
Entropy (8bit):	5.762545603913744
Encrypted:	false
SSDEEP:
MD5:	E43F91D85EF564EE790B22C72F822371
SHA1:	A3AC1B9377AE5BD9473EAC9EA86B0B0C8A47CD90
SHA-256:	99885B66016612717D840C4BA59DE15E8CF80FBB5F3BA380950B09FA6D1B50A3
SHA-512:	84BBC569C351DD9099140A906A2B5A9C867D648B97AC59B10083B91896B88AEBDAA3F3D96A4556E588F5460594E5A99A54278E16C48982D1F98CF7DAD4900E5C
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,n,o,y,z,B){V=b,function(c,d,U,e,f){for(U=b,e=c();!![];)try{if(f=-parseInt(U(300))/1(-parseInt(U(293))/2)+parseInt(U(228))/3(-parseInt(U(235))/4)+-parseInt(U(248))/5+parseInt(U(265))/6(parseInt(U(244))/7)+parseInt(U(256))/8(-parseInt(U(226))/9)+-parseInt(U(320))/10(-parseInt(U(294))/11)+parseInt(U(275))/12(parseInt(U(276))/13),f===d)break;else e.push(e.shift())}catch(D){e.push(e.shift())}}(a,932257),h=this\|\|self,i=h[V(295)],n={},n[V(279)]='o',n[V(277)]='s',n[V(291)]='u',n[V(261)]='z',n[V(289)]='n',n[V(254)]='I',n[V(263)]='b',o=n,h[V(269)]=function(D,E,F,G,a4,I,J,K,L,M,N){if(a4=V,E===null\|\|E===void 0)return G;for(I=x(E),D[a4(267)][a4(237)]&&(I=I[a4(216)](D[a4(267)][a4(237)](E))),I=D[a4(285)][a4(221)]&&D[a4(297)]?D[a4(285)][a4(221)](new D[(a4(297))](I)):function(O,a5,P){for(a5=a4,O[a5(304)](),P=0;P<O[a5(250)];O[P+1]===O[P]?O[a5(305)](P+1,1):P+=1);return O}(I),J='nAsAaAb'.split('A'),J=J[a4(292)][a4(242)](J),K=0;K<I[a4(250)];L=I[K],M=v(D,

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4997)
Category:	downloaded
Size (bytes):	5461
Entropy (8bit):	5.395410211925267
Encrypted:	false
SSDEEP:
MD5:	216AD22CEC22B75C3D93CE76A6707895
SHA1:	AB3B9BAA9978D2828FD1C9149C49BE01C7869ECF
SHA-256:	7C0F55E2389C4487190ED9A1D367CC70F934A7A32D1549D31049DCD5A9E75F92
SHA-512:	FB3E1D5781B9360476E176967637F63915325919430B6D4AD28D6C65322E0DC7A51EB7D8C73DD9BDF21D182CB2475536D1C36CDB9F5E76BAC3B6AE2D84C6A48D
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/&redirect=ed1d28a3476cb1960063bcdadcf99d577535ba79main&uid=f253efe302d32ab264a76e0ce65be769671fd5f46e4c7
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title></title>. <script src="js___/671fd5f4d2925-da48b10d617011f2f46209ae04d6d4fa"></script>. <script src="b_/671fd5f4d292d-da48b10d617011f2f46209ae04d6d4fa"></script>. <script src="js_/671fd5f4d292e-da48b10d617011f2f46209ae04d6d4fa"></script>.</head>..<script type="text/javascript">.. var a0_0x5caa1d=a0_0x4407;function a0_0x4407(_0x1a3a04,_0x483c3b){var _0x3655f4=a0_0x2c14();return a0_0x4407=function(_0x22dd48,_0x155e2e){_0x22dd48=_0x22dd48-0x14e;var _0x7c4543=_0x3655f4[_0x22dd48];return _0x7c4543;},a0_0x4407(_0x1a3a04,_0x483c3b);}(function(_0x197935,_0x1565c0){var _0x5dc6af=a0_0x4407,_0x3a9b0b=_0x197935();while(!![]){try{var _0x2931ea=-parseInt(_0x5dc6af(0x17b))/0x1(parseInt(_0x5dc6af(0x153))/0x2)+parseInt(_0x5dc6af(0x176))/0x3(parseInt(_0x5dc6af(0x17f))/0x4)+parseInt(_0x5dc6af(0x16a))/0x5*(parseInt(_0x5dc6af(0x17d))/0x6)

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	70815
Entropy (8bit):	4.75676219602545
Encrypted:	false
SSDEEP:
MD5:	E9365FE85B7E4DB79A87015E52C3DB6C
SHA1:	2E2B5EB6E08F0F3D11FE0ADA97C962A23BA6A0D9
SHA-256:	DEC3E9F0190A504ED0C8F4A5E957C107206BA106CAC4A1BBB6CBAC6369A16D56
SHA-512:	AD142D178576C2D02F5ECA2EE22500B369171E2DCB8FD344EF1251EFB0C4EC61ECC6063D4535B2F77773317803206F13A224530F8E55B0335D4E251A80E15E64
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css
Preview:	@font-face{font-family:Material-Design-Iconic-Font;src:url(../fonts/Material-Design-Iconic-Font.woff2?v=2.2.0) format('woff2'),url(../fonts/Material-Design-Iconic-Font.woff?v=2.2.0) format('woff'),url(../fonts/Material-Design-Iconic-Font.ttf?v=2.2.0) format('truetype')}.zmdi{display:inline-block;font:normal normal normal 14px/1 'Material-Design-Iconic-Font';font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.zmdi-hc-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.zmdi-hc-2x{font-size:2em}.zmdi-hc-3x{font-size:3em}.zmdi-hc-4x{font-size:4em}.zmdi-hc-5x{font-size:5em}.zmdi-hc-fw{width:1.28571429em;text-align:center}.zmdi-hc-ul{padding-left:0;margin-left:2.14285714em;list-style-type:none}.zmdi-hc-ul>li{position:relative}.zmdi-hc-li{position:absolute;left:-2.14285714em;width:2.14285714em;top:.14285714em;text-align:center}.zmdi-hc-li.zmdi-hc-lg{left:-1.85714286em}.zmdi-hc-border{padding:.1em .25em;border:solid .1em #9e9

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2306)
Category:	downloaded
Size (bytes):	57854
Entropy (8bit):	5.501678652002099
Encrypted:	false
SSDEEP:
MD5:	A2AA2A4FA740AE26533E3F66C0311D33
SHA1:	074922B7969379A84BEBA13D676FD6072322EB7E
SHA-256:	9CB4F3096E13F8D0AA304FD76FB05E3D2AF580097BF9C87DA50A83FAF26CDA1A
SHA-512:	0B64087CA96738588A341AF90DDF326AB64501473FA51E45630EB06C8A46963909992BE4EA397F37EEE7AAE17A969F621DEED3F87B18F122DD8D81C887FDAA0F
Malicious:	false
Reputation:	unknown
URL:	https://www.googleadservices.com/pagead/conversion_async.js
Preview:	(function(){var n,aa;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a}; .function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ea=da(this),fa=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",q={},ia={};function u(a,b,c){if(!c\|\|a!=null){c=ia[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function w(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in q?f=q:f=ea;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=fa&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ca(q,d,{configurable:!0,writable:!0,value:b}):b!==c&

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	dropped
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
Reputation:	unknown
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	011B17B116126E6E0C4A9B0DE9145805
SHA1:	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
SHA-256:	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
SHA-512:	BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAm95wsJPYx1YxIFDdFbUVI=?alt=proto
Preview:	CgkKBw3RW1FSGgA=

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 13408, version 1.0
Category:	downloaded
Size (bytes):	13408
Entropy (8bit):	7.985996562778236
Encrypted:	false
SSDEEP:
MD5:	39AFF03D2A35B1C80F210051F35D4B2B
SHA1:	35E71E31BFF4893DA229049A3ABABBB552F46EA0
SHA-256:	0A7FC3DE6341E5AB2853F213DBF792903CD35039DAA9530A649A20A877CCAC8A
SHA-512:	9D491CABB8FC51D748FC9403696D6F73E4087B266B53CE99DD1B384EC310F3D53AFE208779F471629C65388B67E98AE804BEC7B84048D315274AB16C54E56B23
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Preview:	wOF2......4`......lT..4.................................\|.`..J.....`....Z..6.$..0. ..~. .,\...;.C<_.>..l...[.H.mR.....I.G.3.+H!%...p.Z...bZH..Ngw.J.X>l.D..G...Y...0)....^...."..PW.tI.u..Y.....?.O....J2 s.D!.e..3+......[........`....76F.F. .Q.T.....X...U..}b.?u...Y..Q......~~.......w..L..g..".y..?....j.........!D.[$.H..P....&..FD.....`c..........."A:,5mu`...k?{...,..e.s.H.W..L.9.$>`.4R....y...KQ=.l....2wr...C.w..PH......-...?....Q.@..I,.P.....J..h.R.M.5(.4.0.a...Z..0]z..Mf.D.[.P...U8...BU...."q....\.]`Y....W....3.I2..d1......Bv@.DO.,..2Oc.. .L..;..<9.t.B..+.!.Q....?.Z.8K.z.F~}.Y.......D.@7.O. .3v..E..'K.l ..@.^.Q$.%.Q..U..F.....>SP..qeJ.......C P...sB..j.E.jF.Z.v...,$60w.../(>!7-AF=%-:~.3.3.f...^.<.IiI ../....s.....0.._o...L..y....}{......../gI.OW.V..c).:..m....1.].X.?.?.mV.O.(.R.?......9..XM.....~.S_W.L.........tz...^..0`6).GV..V.0g.K...R.)#.d...D.!.e3[...n.~...g.C.N........*.a._"....6.....W.j...s...zMM.....9.u.j...M.&aY..5...~q.......q.

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5945)
Category:	dropped
Size (bytes):	282573
Entropy (8bit):	5.586744225142895
Encrypted:	false
SSDEEP:
MD5:	B380312A521CE1A2A73C65BEB7CD0C00
SHA1:	045D38D08421E8424AF4D68C7F90F9D3C38200E8
SHA-256:	804E2D7BBCABC75D1240AAC026F3A09B987F0E414CED7135259A98B6FDDA4C1E
SHA-512:	500E5BA36D9C2ACB188958E7FF1D97013C41A52E6437F3C93DB233D09A3717FF013468881CFC0F56985F2DFC7A6DB2FC02A57CFD86055AEEF93F01CA6E2076B5
Malicious:	false
Reputation:	unknown
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","trustifi\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR

Chrome Cache Entry: 117

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/b_/671fd5f4d292d-da48b10d617011f2f46209ae04d6d4fa
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 120

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 90 x 49, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.068159130770307
Encrypted:	false
SSDEEP:
MD5:	96187DC7F9C785FD26618A6E4050C819
SHA1:	6D1D6E85CCCAA01D35C777CB60F92F5FCDFC59A2
SHA-256:	81A69C44E0F15210BF1AD0FADE22681DA1EB57AE52C28D315C7DFCA40707AD2B
SHA-512:	8F586B55E43C21396BA96B063DA9985A7F7A8AA223C6F1ABE38ADD41AE4776FC6DFBD3FAD9E525DE54ADAF162C72B89CE6D1463C95F9DF9287F8F23725C45238
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...Z...1.......).....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 122

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/2svg/lszSRmDPtgWpbOT
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 123

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 125

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3379)
Category:	downloaded
Size (bytes):	4210
Entropy (8bit):	5.364580472613482
Encrypted:	false
SSDEEP:
MD5:	59087D72EEDCB7650C9D5D6088440DD3
SHA1:	97B607FCE11F640E5764699038E50A76EB98944B
SHA-256:	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
SHA-512:	4F213391C01CFB017AB290007F3C7E66DB9B2A7A1EA4B4843DD52B0D7E5B1A5C04896BF1856806964F5A49C38A66403A8CDFE2C8C3EAF82C8318012F444DCD3F
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/captcha/style.css
Preview:	@font-face{font-family:FabricMDL2Icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/o365icons-mdl2.woff') format('woff');font-weight:400;font-style:normal}@font-face{font-family:office365icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/office365icons.woff?') format('woff');font-weight:400;font-style:normal}#loadingScreen{position:fixed;top:0;bottom:0;left:0;right:0;background-color:#fff}#loadingLogo{position:fixed;top:calc(50vh - 90px);left:calc(50vw - 90px);width:180px;height:180px}#MSLogo{position:fixed;bottom:36px;left:calc(50vw - 50px)}.dark #loadingScreen{background-color:#333}.darkNew #loadingScreen{background-color:#1f1f1f}.:root{--s:180px;--envW:130px;--envH:71px;--calW:118px;--sqW:calc(var(--calW) / 3);--sqH:37px;--calHH:20px;--calH:calc(var(--sqH) * 3 + var(--calHH));--calY:calc(var(--calH) + 20px);--calYExt:calc(var(--calH) - 80px);--calYOverExt:calc(var(--calH) - 92px);--flapS:96px;--flapH:calc(0.55 * var(--envH));--flapScal

Chrome Cache Entry: 127

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/sig/f95b26cb7af9fd7ee7bf037cf13ef9d8671fd5f7516c4
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 129

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8081), with no line terminators
Category:	downloaded
Size (bytes):	8081
Entropy (8bit):	5.777111485013148
Encrypted:	false
SSDEEP:
MD5:	5864FBA4C293908435C58D028635FE50
SHA1:	3465A9F27A2A709680268F6994F68CDB5B778F98
SHA-256:	951E6C53497D73CDDEA9AF34F4C7A0D2BB711AA137C594849892770A9DD6E9A1
SHA-512:	2DB3C47714E73003088D45F30252262D4B0A9A4789AD303B788166E7F829EFBD046D4E8B0A50965E0B8A1BB454656E6CEB44A2487E9F3198BFE45D0E7CB3CD79
Malicious:	false
Reputation:	unknown
URL:	https://e.trustifi.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/e1a56f38220d/main.js?
Preview:	window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,j,k,l,s,v){V=b,function(c,e,U,f,g){for(U=b,f=c();!![];)try{if(g=parseInt(U(519))/1+parseInt(U(448))/2+-parseInt(U(463))/3+parseInt(U(481))/4(parseInt(U(476))/5)+parseInt(U(487))/6+-parseInt(U(462))/7(-parseInt(U(446))/8)+parseInt(U(512))/9*(-parseInt(U(447))/10),g===e)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,705405),h=this\|\|self,i=h[V(456)],j=function(W,e,f,g){return W=V,e=String[W(515)],f={'h':function(D){return null==D?'':f.g(D,6,function(E,X){return X=b,X(544)[X(443)](E)})},'g':function(D,E,F,Y,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(Y=W,D==null)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[Y(500)];Q+=1)if(R=D[Y(443)](Q),Object[Y(490)][Y(546)][Y(485)](H,R)\|\|(H[R]=L++,I[R]=!0),S=J+R,Object[Y(490)][Y(546)][Y(485)](H,S))J=S;else{if(Object[Y(490)][Y(546)][Y(485)](I,J)){if(256>J[Y(493)](0)){for(G=0;G<M;O<<=1,E-1==P?(P=0,N[Y(449)](F(O)),O=0):P++,G++);for(T=J[Y(493)](0),G=0;8>G;O=T&1.09\|O<<1.21,E-1==P?(P=0,N[Y(449)]

Chrome Cache Entry: 130

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	838
Entropy (8bit):	7.622541543242848
Encrypted:	false
SSDEEP:
MD5:	16B576BDBBFADD4D1F87843381F433CC
SHA1:	899BA89C255C1F9702CD20228A7E9E6D2F5F3A81
SHA-256:	6566794AF0457B1B4D3CB4199EF516C89EB04FF9CDE50C3F0526038661A10BBB
SHA-512:	21A2B6706BB3A6469ED3605F59D5F579747284DA1618465F9D6ADD1EDBAFA03B2AD83CCA8E3CE408C1E7FC035A01175BC45563F6FDF44336205E3CAD12DEEE6D
Malicious:	false
Reputation:	unknown
URL:	https://ckbox.cloud/e1a6c21d6b69979a0dbc/assets/P-hYSOWMFaHr/images/48.webp
Preview:	RIFF>...WEBPVP8X......../../..ALPH.......m.Go..q.i..vRe....X....s6.d..=....Fn.8bN.gwS. .C..px...[.......]...8;a#/...0.u.0.G.....k.UiiU.k.......x3..ZJ......l....[M.6...G[L.....V)...a.....4._...I@TttT...<..!j...B.y...S.b....J1..........Q....x_.K.J.{`H...,l.e.B2@....dY'pK....N.".`k.X.......C....V9pSv.H...<........W..{.6,N.....@.St72...i..A.X.aHJvvJ.A.Z...\|...\_Gz.:r_.....>.9.....>.\|.8.S...9.d.....'..VP8 ....0....0.0.>.<.G.$"!.;.`...l..3%..J=.)......_.....a..........`;.z.t..f.........................p?q...M6H.P......KG.......Lec.2+R......(.......,J.....s\.....i.._-........X...}&8...Bj...E3.i..[.9.<..S1...K..F.....E.!8...X....7s.AQ..G.{....r.P..I7..UN"....Y.S.eJI..8\|.w....3!.2...J..6D&..i.MFu.\|......s.....``......yi..c.C.HJJ:...{....w.$...'.P9.JC..y)P1I..?.r}.n@..X....r.....9.c..\.7...].=\|.R...a...

Chrome Cache Entry: 133

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105456
Entropy (8bit):	5.227044897009775
Encrypted:	false
SSDEEP:
MD5:	4C674D8D4294C4A6B763AA1FC836827C
SHA1:	88DEC91B36CAD6555FB73B9ED28D6FDC7A944467
SHA-256:	99855F2433E80A925CE4CABD975E2DD7A9FE01FAB8E164B26F67010FF5769EC0
SHA-512:	80B73385D21512B2FD10690F08EE99B6FD2D1123920ABACF7A864841F07F817EE1BCC5C466ACC27209A094E31D334E4532AE7EFE7F2F7D7427E67CC567F20733
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/css_/7WNHRArR35auyAl
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 134

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 13528, version 1.0
Category:	downloaded
Size (bytes):	13528
Entropy (8bit):	7.985372257633372
Encrypted:	false
SSDEEP:
MD5:	200C41F352C466E1C2B117656A0256E8
SHA1:	117895B042DB3C7CE867C807A63F238148C85BF7
SHA-256:	A70C2BC728EB261AC55C2FF878249947BCD3A9D8827D94E63FBDD8FE67156986
SHA-512:	25400DC5FD5B697583961181B8305FB4F65B1040A678EB200951F589F37A9961AF1897085A7EC25C4C06475751EDE3CD4711AD3443D75588CD05D8185EE2A8C8
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Preview:	wOF2......4.......l...4~.............................Z..\|.`..J.....d.5..Z..6.$..0. ..\|. ..]....8..^..v+..5%v.8.JN...O...~...TwK...::.v....}.Z....~.7Q..r.1rS....q8....lm.\|.rP.wV~.Q......G...2(..."..q>j.........L....#9...A......F.5PA.i...$..Q#z..UR.....,..Q.0.....5.....veRU.FGFu\|..U........6.._.`,...6f!<...8j..h......1....Kp./Pm.5vN{....#\|.~.H._.........b......Q6l....:.z......@d.B.J%Z.tz...}.....0.$....3-.!...}......Z#i...hf.........T.A............,...[...]..x.....s. t..z.fgW..$...t.I2...G.....l...z..0{;....C.u.&.......)]...u.T.LD.......\|.Sn..>..J4..v=.....N..r]...lg.t`..Z...P..u..(,.\..}HND..f..g.-3..b%.. !.~..C..D.+..=..S........6..<v}....W../..@$...D..d.u..*R...5(.. ..!H8.5H.?......B.E+CG0(B1JPzp.P.4.t..4.../.CIv.....~......`{m1...@`...A..DE..Rst.`Z.we...X[....f{W..v{.[o.K....W#t..x..%B....^.OL.....]..(.C...~.v....j\..].7.g.W..].....:...;...5..t.]/..S.{u..b..c..[{.it.{...Y/.S..m[ROXc[1.n.-.@5.rL......$..n.r6.T...}...-^..;...c...........1.?./

Chrome Cache Entry: 136

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5945)
Category:	downloaded
Size (bytes):	282587
Entropy (8bit):	5.586763944033397
Encrypted:	false
SSDEEP:
MD5:	9BF2C2A02A266E98FDE6531A7A7C0A05
SHA1:	41720C85D74D1E69F10DC47CCF3D17B71AC9CB0F
SHA-256:	22E6EA29BE0A989541F66B635B834897B527867D710936328C654D48BDD75DDB
SHA-512:	49F009953A32B73A808B6B47E5AE1018C54478BF53A2B6EE68A9A520555E5D52378AB57FD45F61968B2AD0F56415B36C8AF788C181D68E8513AF022040211AB6
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-VE1N32NCDX&cx=c&_slc=1
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":10},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","trustifi\\.com"],"tag_id":12},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":13},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR

Chrome Cache Entry: 138

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 13388, version 1.0
Category:	downloaded
Size (bytes):	13388
Entropy (8bit):	7.981896017121787
Encrypted:	false
SSDEEP:
MD5:	8C4B05D4371467BA1D0BC60839C6DCB9
SHA1:	4B7BAD6C115B963523D3CD7AD52EBF717135E24A
SHA-256:	BF9CFE01317E3758DD38982921DC1F26CC7243237D02E7ED90D3830B6F4E8ED0
SHA-512:	BBC736EA4982C31478FFA27ED69AD7C3EFB1B6A691129A9A9D10DC6D2256022043EE22464F9AA2BAA267DE0C8D95FD7B6D28A8D58BFD997EDB26F152E51243D3
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Preview:	wOF2......4L......k...3..............................Z..\|.`..J.......W..Z..6.$..0. ..t. .0\%.mv...H...h$B.8.L.v..0Q....s..c.c..m[...:...rO........p.(.~....:,...8l...:<........S....7m..3-...+~.9#...2..9....3\..EYm...........d2...@(L.1KbW#.....(+<...u...T..(l,.=U5Q.TL..S9z....S.E...0.J......&)..I...uD'.....'...P.%.....y5'....aae..q........{k'...G.....&&E.......)j.7S.zj......{.T.N..<....^........6...U...8P-@.........c.~\|.C.m../..~Zp._....m:..(....S3. .......H.m.c.....d..(.s.:....VU.wz....g.je.4;...4.A&...Y.yvMx..C..$.AzAvi~.qtA..<.........,..!.....HH&...D.z....).L..5..."...{.2G.Z.2G3.!....-B.....r.0'....!9...[........$H."......JuT....$.....@...)..n..........C..".....";.A.E.Q.:.Q.=B................G."X......P(.p.Ij......8.......y.7...o'2..a......v\|(............j[`.7.&mG.pY.....l8..Y.,...+[..f."7....WC............z..m..'%...;...\X...N....z.....?5.....o.r.g.......6.....n?.P.9....MV...U.g.y..+v4.yn.."...v...f:k...h7.E\|Rw7..l.8..>=..0p..3.h.G.....G

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6713), with no line terminators
Category:	downloaded
Size (bytes):	6713
Entropy (8bit):	5.32643874373268
Encrypted:	false
SSDEEP:
MD5:	1A09FD03EE59E42D6CC4BAC3008AD151
SHA1:	71B8D4F47B44EC05645A55DD3E35C95F7713F685
SHA-256:	DFA2474275F3B217B4190DA385B58105B46F02C43D626B19F6535553F750C6CD
SHA-512:	0BC0BA45DDCE1A6BF51AE3F4E04E53723939D0F31EB8FB1EAB50A9C88E8ED1E773596E4B1682738CACFC82B3C5A1258CC12DD75E1B324541FD1C8609A47F8A05
Malicious:	false
Reputation:	unknown
URL:	https://embe.elansconstruction.com/js_/671fd5f4d292e-da48b10d617011f2f46209ae04d6d4fa
Preview:	const a0_0x1c33bb=a0_0x22b6;(function(_0x5ca4c0,_0x222b1c){const _0x429c33=a0_0x22b6,_0x1e9ed3=_0x5ca4c0();while(!![]){try{const _0x1a8010=parseInt(_0x429c33(0x100))/0x1+-parseInt(_0x429c33(0xc8))/0x2+parseInt(_0x429c33(0xe1))/0x3(parseInt(_0x429c33(0xcb))/0x4)+-parseInt(_0x429c33(0x106))/0x5(parseInt(_0x429c33(0xda))/0x6)+parseInt(_0x429c33(0xec))/0x7+parseInt(_0x429c33(0x105))/0x8+parseInt(_0x429c33(0xf7))/0x9*(-parseInt(_0x429c33(0xd6))/0xa);if(_0x1a8010===_0x222b1c)break;else _0x1e9ed3['push'](_0x1e9ed3['shift']());}catch(_0xb8be15){_0x1e9ed3['push'](_0x1e9ed3['shift']());}}}(a0_0x5512,0x38017));const a0_0x1bd898=(function(){let _0x4180a5=!![];return function(_0x53cd10,_0x20b9bd){const _0x353299=_0x4180a5?function(){if(_0x20b9bd){const _0x544c4f=_0x20b9bd['apply'](_0x53cd10,arguments);return _0x20b9bd=null,_0x544c4f;}}:function(){};return _0x4180a5=![],_0x353299;};}()),a0_0x31644a=a0_0x1bd898(this,function(){const _0x599eab=a0_0x22b6;return a0_0x31644a[_0x599eab(0x108)]()[_0x599e

Chrome Cache Entry: 142

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33960)
Category:	downloaded
Size (bytes):	33961
Entropy (8bit):	4.703598433974427
Encrypted:	false
SSDEEP:
MD5:	1C7783936DB99706C52EDB52174B0D86
SHA1:	F9DFB9D7CF68CB78A5E1619CFA3E3EF361879DB0
SHA-256:	D27E980D821EC562661F24CAB514474D7BE86A742B5E915FA6C7EFD21E77AAF9
SHA-512:	0AFF778AC41D17068A055F99E17F24695058587493E7C5DBFE354E715F5A46C19202B66C8009C52213290E830370536852D75ACB585D8E7D271A9DFE299CB217
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.5.0/css/flag-icon.min.css
Preview:	.flag-icon-background{background-size:contain;background-position:50%;background-repeat:no-repeat}.flag-icon{background-size:contain;background-position:50%;background-repeat:no-repeat;position:relative;display:inline-block;width:1.33333333em;line-height:1em}.flag-icon:before{content:'\00a0'}.flag-icon.flag-icon-squared{width:1em}.flag-icon-ad{background-image:url(../flags/4x3/ad.svg)}.flag-icon-ad.flag-icon-squared{background-image:url(../flags/1x1/ad.svg)}.flag-icon-ae{background-image:url(../flags/4x3/ae.svg)}.flag-icon-ae.flag-icon-squared{background-image:url(../flags/1x1/ae.svg)}.flag-icon-af{background-image:url(../flags/4x3/af.svg)}.flag-icon-af.flag-icon-squared{background-image:url(../flags/1x1/af.svg)}.flag-icon-ag{background-image:url(../flags/4x3/ag.svg)}.flag-icon-ag.flag-icon-squared{background-image:url(../flags/1x1/ag.svg)}.flag-icon-ai{background-image:url(../flags/4x3/ai.svg)}.flag-icon-ai.flag-icon-squared{background-image:url(../flags/1x1/ai.svg)}.flag-icon-al{back

Chrome Cache Entry: 144

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59119)
Category:	downloaded
Size (bytes):	59305
Entropy (8bit):	4.716988765402807
Encrypted:	false
SSDEEP:
MD5:	ECD507B3125EDC4D2A03AA6AE5D07DA9
SHA1:	A57EE68D11601B0FD8E5037FC241FF65A754473C
SHA-256:	99464CEB71BC9BBDCC72275FAEFE44F98EB5CBB6B5D8EE665B87B35376F1A96E
SHA-512:	D72727E8871A410E34FCC2815B65B84618ACFC36C82D4EF80B5BD2ACB2710AAE7BA3DE35626D354B036C38CAAF10116572051AEB12E23D8FCD4B947E13ACED25
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Preview:	/!. Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19948), with no line terminators
Category:	downloaded
Size (bytes):	19948
Entropy (8bit):	5.261902742187293
Encrypted:	false
SSDEEP:
MD5:	EC18AF6D41F6F278B6AED3BDABFFA7BC
SHA1:	62C9E2CAB76B888829F3C5335E91C320B22329AE
SHA-256:	8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
SHA-512:	669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
Malicious:	false
Reputation:	unknown
URL:	https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Preview:	!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n\|\|0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)\|\|"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n\|\|0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e\|\|{}).random\|\|(e.rng\|\|r)();if(

Static File Info

⊘No static file info