Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com

Overview

General Information

Sample URL:http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com
Analysis ID:1520702
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
Yara detected Phisher
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Found iframes
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Stores files to the Windows start menu directory
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,7672079224229354951,17544445011358230894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_111JoeSecurity_Phisher_2Yara detected PhisherJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    6.7.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      7.11.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        6.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          7.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueLLM: Score: 9 Reasons: The brand 'Microsoft' is well-known and has a strong online presence., The provided URL 'm3tcnittvi7.bashaerproject.com' does not match the legitimate domain 'microsoft.com'., The URL contains suspicious elements such as an unusual subdomain 'm3tcnittvi7' and a different primary domain 'bashaerproject.com'., Legitimate Microsoft services would typically use subdomains of 'microsoft.com' or other well-known Microsoft domains like 'live.com' or 'office.com'., The presence of input fields for email, phone, and Skype is common in phishing attempts targeting Microsoft users. DOM: 7.5.pages.csv
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueLLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known brand., The provided URL 'm3tcnittvi7.bashaerproject.com' does not match the legitimate domain 'microsoft.com'., The URL contains an unusual subdomain 'm3tcnittvi7' and a different primary domain 'bashaerproject.com', which is not associated with Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the domain mismatch is highly suspicious. DOM: 7.6.pages.csv
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 6.7.id.script.csv, type: HTML
            Source: Yara matchFile source: 7.11.id.script.csv, type: HTML
            Source: Yara matchFile source: 6.2.pages.csv, type: HTML
            Source: Yara matchFile source: 7.3.pages.csv, type: HTML
            Yara detected Phisher
            Source: Yara matchFile source: dropped/chromecache_111, type: DROPPED
            Phishing site detected (based on favicon image match)
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueMatcher: Template: microsoft matched with high similarity
            Phishing site detected (based on image similarity)
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://1306e8c.aryalc-law.com/?mxuwrvdu=c3536cd3848523076dbdbf823df998aca7d7599f91f63b4d17d983d99e8421ab01f50a468859d4d68dcea3542c4d915d302101849811eb49e9a6d4208d4595f8HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20qtFLbZ%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://1306e8c.aryalc-law.com/?mxuwrvdu=c3536cd3848523076dbdbf823df998aca7d7599f91f63b4d17d983d99e8421ab01f50a468859d4d68dcea3542c4d915d302101849811eb49e9a6d4208d4595f8HTTP Parser: async function c(encryptedfunction, password, salt, iv) { const key = cryptojs.pbkdf2(password, cryptojs.enc.hex.parse(salt), { hasher: cryptojs.algo.sha512, keysize: 64 / 8, iterations: 999 }); const b = cryptojs.aes.decrypt(encryptedfunction, key, { iv: cryptojs.enc.hex.parse(iv) }); return b.tostring(cryptojs.enc.utf8); } (async () => { const encryptedfunction = 'jtene3ratqqfye1dge+7ozcyfzs2lnlv1hhdi/l2pmewphry9t3pgow1jhoc+efwvvfhusihtmi8ncqfq2sqp9zgwhcf4yj+akt+3t0iczst+knwvjcxcogv5yvyx5qyx8fx9eydr9a9qesfvsrvu8yqju5dftzw6rjfsrubo1zaepacajebitbor7+evdmr72gtfpszr9fzawue2y8k+9vvy7jqlyhph8hxbsca3nb3pmo+ysfasp88a0sw3zgepgmswni/rnyk18pk9zmtqbuknxzjda8hqr9nrkijbin4i4rlsl7khli0717lsldk7pendkoxc23e3p/qkgpqwde0pg/kvmyxah3mp85ty/jms0+ohvchqfsuhuc4qzxa6jqily9xd0fgnf0vit1e3audaxxlqquq9wditwboazspzac5eeinr...
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://1306e8c.aryalc-law.com/?mxuwrvdu=c3536cd3848523076dbdbf823df998aca7d7599f91f63b4d17d983d99e8421ab01f50a468859d4d68dcea3542c4d915d302101849811eb49e9a6d4208d4595f8HTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2HTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No favicon
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49772 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.209.158:443 -> 192.168.2.16:49776 version: TLS 1.2
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: global trafficHTTP traffic detected: GET /beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com HTTP/1.1Host: www.jp-area.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: www.jp-area.com
            Source: global trafficDNS traffic detected: DNS query: 0oenqk.startprogrammingnowbook.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: 1306e8c.aryalc-law.com
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: m3tcnittvi7.bashaerproject.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: portal.microsoftonline.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49772 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.159.71:443 -> 192.168.2.16:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.209.158:443 -> 192.168.2.16:49776 version: TLS 1.2
            Source: classification engineClassification label: mal72.phis.win@23/23@28/157
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,7672079224229354951,17544445011358230894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2012,i,7672079224229354951,17544445011358230894,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		1
            Drive-by Compromise            		Windows Management Instrumentation1
            Scripting            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder            		1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            0oenqk.startprogrammingnowbook.com
            		188.114.96.3
            		truefalse
              		unknown
              s-part-0014.t-0009.t-msedge.net
              		13.107.246.42
              		truefalse
                		unknown
                a.nel.cloudflare.com
                		35.190.80.1
                		truefalse
                  		unknown
                  1306e8c.aryalc-law.com
                  		104.21.82.151
                  		truefalse
                    		unknown
                    cdnjs.cloudflare.com
                    		104.17.24.14
                    		truefalse
                      		unknown
                      challenges.cloudflare.com
                      		104.18.95.41
                      		truefalse
                        		unknown
                        sni1gl.wpc.omegacdn.net
                        		152.199.21.175
                        		truefalse
                          		unknown
                          www.google.com
                          		142.250.186.100
                          		truefalse
                            		unknown
                            jp-area.com
                            		112.78.125.83
                            		truefalse
                              		unknown
                              m3tcnittvi7.bashaerproject.com
                              		185.208.158.9
                              		truetrue
                                		unknown
                                www.jp-area.com
                                		unknown
                                		unknownfalse
                                  		unknown
                                  portal.microsoftonline.com
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    aadcdn.msftauth.net
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.comfalse
                                        		unknown
                                        https://m3tcnittvi7.bashaerproject.com/?auth=2false
                                          		unknown
                                          https://1306e8c.aryalc-law.com/?mxuwrvdu=c3536cd3848523076dbdbf823df998aca7d7599f91f63b4d17d983d99e8421ab01f50a468859d4d68dcea3542c4d915d302101849811eb49e9a6d4208d4595f8false
                                            		unknown
                                            https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=truetrue
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              13.107.6.156
                                              		unknownUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              104.17.24.14
                                              		cdnjs.cloudflare.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              142.250.74.202
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              216.58.212.131
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.18.14
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.186.174
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              104.18.94.41
                                              		unknownUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              74.125.71.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              104.21.82.151
                                              		1306e8c.aryalc-law.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              104.18.95.41
                                              		challenges.cloudflare.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              185.208.158.9
                                              		m3tcnittvi7.bashaerproject.comSwitzerland
                                              		34888SIMPLECARRER2ITtrue
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              188.114.96.3
                                              		0oenqk.startprogrammingnowbook.comEuropean Union
                                              		13335CLOUDFLARENETUSfalse
                                              152.199.21.175
                                              		sni1gl.wpc.omegacdn.netUnited States
                                              		15133EDGECASTUSfalse
                                              142.250.186.100
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              35.190.80.1
                                              		a.nel.cloudflare.comUnited States
                                              		15169GOOGLEUSfalse
                                              112.78.125.83
                                              		jp-area.comJapan9371SAKURA-CSAKURAInternetIncJPfalse
                                              172.217.16.195
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              104.17.25.14
                                              		unknownUnited States
                                              		13335CLOUDFLARENETUSfalse

                                              Private

                                              IP
                                              192.168.2.17
                                              192.168.2.16

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1520702
                                              Start date and time:2024-09-27 18:24:10 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:16
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal72.phis.win@23/23@28/157

                                              Warnings

                                              • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 172.217.16.195, 172.217.18.14, 74.125.71.84, 34.104.35.123
                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • VT rate limit hit for: http://www.jp-area.com/beppu/rank.cgi?mode=link&id=218&url=https://0oenqK.startprogrammingnowbook.com

                                              LLM Input / Output

                                              InputOutput
                                              URL: https://1306e8c.aryalc-law.com/?mxuwrvdu=c3536cd3848523076dbdbf823df998aca7d7599f91f63b4d17d983d99e8421ab01f50a468859d4d68dcea3542c4d915d302101849811eb49e9a6d4208d4595f8 Model: jbxai
                                              {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=true Model: jbxai
                                              {
"brand":["Microsoft"],
"contains_trigger_text":true,
"trigger_text":"Sign in",
"prominent_button_name":"Next",
"text_input_field_labels":["Email",
"phone",
"Skype"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=true Model: jbxai
                                              {
"phishing_score":9,
"brands":"Microsoft",
"legit_domain":"microsoft.com",
"classification":"wellknown",
"reasons":["The brand 'Microsoft' is well-known and has a strong online presence.",
"The provided URL 'm3tcnittvi7.bashaerproject.com' does not match the legitimate domain 'microsoft.com'.",
"The URL contains suspicious elements such as an unusual subdomain 'm3tcnittvi7' and a different primary domain 'bashaerproject.com'.",
"Legitimate Microsoft services would typically use subdomains of 'microsoft.com' or other well-known Microsoft domains like 'live.com' or 'office.com'.",
"The presence of input fields for email,
 phone,
 and Skype is common in phishing attempts targeting Microsoft users."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Microsoft",
"input_fields":"Email,
 phone,
 Skype"}
                                              URL: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=true Model: jbxai
                                              {
"brand":["Microsoft"],
"contains_trigger_text":true,
"trigger_text":"Sign in",
"prominent_button_name":"Next",
"text_input_field_labels":["Email",
"phone",
"or Skype"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                              URL: https://m3tcnittvi7.bashaerproject.com/?auth=2&sso_reload=true Model: jbxai
                                              {
"phishing_score":9,
"brands":"Microsoft",
"legit_domain":"microsoft.com",
"classification":"wellknown",
"reasons":["The brand 'Microsoft' is a well-known brand.",
"The provided URL 'm3tcnittvi7.bashaerproject.com' does not match the legitimate domain 'microsoft.com'.",
"The URL contains an unusual subdomain 'm3tcnittvi7' and a different primary domain 'bashaerproject.com',
 which is not associated with Microsoft.",
"The presence of input fields for 'Email,
 phone,
 or Skype' is typical for Microsoft services,
 but the domain mismatch is highly suspicious."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Microsoft",
"input_fields":"Email,
 phone,
 or Skype"}

                                              Created / dropped Files

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 15:24:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2673
                                              Entropy (8bit):3.9857802976225427
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E5552BFAD9EE335F38BF037ABCD04AE2
                                              SHA1:44F392EAE35E14BA9E5FF7FB524163F77E3D63D2
                                              SHA-256:1EA272E28E4E6DCFAD50B0E7768CCD8D2364D0F3EC9D62EFBB3049C5AB3474F6
                                              SHA-512:ACDF4A5E1A751D7B7198F7EBB3F03AAB5491DBD612BFA4D181A710A22F2C09BC81360349DFE813D87B782393712B6CDCC5E14EDCA6C857F961531B22953BD3B9
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....cx......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 15:24:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2675
                                              Entropy (8bit):4.008316939384978
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:58283296C80A08CBB00E651A75887E74
                                              SHA1:F06EA74219895FF51ECDA785D1E5973C130DC406
                                              SHA-256:B3F3155A31E5AECE6A69A1482022B43C431713F93EBF0D205152D34676CB5E57
                                              SHA-512:BF8F4EEE133A7852785C10ACB692D67A11541C243DB78D8ABCD2804F59F9218F537815109352F40D6DF6F6225F129F9C1C9C22432F09A7A3BE9E91ED4124C5D6
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2689
                                              Entropy (8bit):4.010296857226131
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:66D6F62BECFCC21B8BD16F1BA971D03F
                                              SHA1:254F8FEEE731E36C879FBBB2719CD2B950CD7C2F
                                              SHA-256:24601006C1FF77A0B7D9AD6224A62C0D91C19746FC2C0232272509DB6823C4E6
                                              SHA-512:B4400566864EE5234D0A74F2758E639FCD2950C23A8D28A45597EC2487A670C2C291A3C10638D86DDCB685EDAC0265BA0A9AB6F5C28115299621D9689D5C9346
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 15:24:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):4.005445267913365
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:7908D4B3D6D6C124A05AAA66E950CC80
                                              SHA1:48E658B48D93C6F190AA7AA6A5F224B6BFFE5F5C
                                              SHA-256:1D255954982284B91279045B4510EC89776099DF95F04D9AF5F30A9A39488013
                                              SHA-512:92808A1C74DFC2A36621B06468F46540865579B651C3E00C158116011C3357B82968D72CC80738792349D4521A5CD1CAD0315DD2D03F077807CFD4B3BB5B605A
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 15:24:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.993071258078846
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:744C7FB8EB6138E60AEADE4F5F20725B
                                              SHA1:027E6A027D70295DFF32ECA074E34422834EB14B
                                              SHA-256:A5A37F39655CE89FDD1A69119948C1841B13EA1A4F8A78F34794D5DD9A50D245
                                              SHA-512:EA006DF674BCCE49EF54A7E627BA58A41F7AD6DCACCC76413930A0F07CEB2F28DB41EB88281E645BAA0530934C53F63482F47904C8BF815E309F12BF8C64088E
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 15:24:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):3.9977157857633925
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0B07570A77D94B82EBBB3B712881FD17
                                              SHA1:F1F4E9CCEBE8C11BB0A08E9525687D23BEC77C2D
                                              SHA-256:453E4C04B4F7FF0EA8CA2191CE7EE4F910D1BDB925C7136F56ECF40AD3DBD6F5
                                              SHA-512:E8C82CFE7C687913B1F875D2F92F443D3D14892C2E9D0C3BCE5CDB5D06DCD6BB67DBF23E4678984EA19D4244C821C0F583AD8271CF17BD376819E4C4C9E70525
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....ai......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I;Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V;Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V;Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V;Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8_.{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              Chrome Cache Entry: 102

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):689017
                                              Entropy (8bit):4.210697599646938
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3E89AE909C6A8D8C56396830471F3373
                                              SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                              SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                              SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                              Chrome Cache Entry: 104

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (46098)
                                              Category:downloaded
                                              Size (bytes):141880
                                              Entropy (8bit):5.4298319807335025
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:59B04ACE80EEE55D424B0FE770765B2F
                                              SHA1:2FAD88D94420B2CAECFE475C67E7EA7645FFECB1
                                              SHA-256:983F2693E0C6CB84C56F4C5AA2B9F54DEF9534E7C6E05888FF9982843C83C6B5
                                              SHA-512:1284419E08023B0BC9544E3BA06D73A35FC61C9903D4C1A4EF70057AFC27A8767C662E47715210E9452F238F5E074170804DA7449F069A50A67849503C9B932D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://m3tcnittvi7.bashaerproject.com/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)

                                              Chrome Cache Entry: 105

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):22
                                              Entropy (8bit):3.6978458230844122
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6AAB5444A217195068E4B25509BC0C50
                                              SHA1:7B22EAF7EAA9B7E1F664A0632D3894D406FE7933
                                              SHA-256:FC5525D427BFA27792D3A87411BE241C047D07F07C18E2FC36BF00B1C2E33D07
                                              SHA-512:AA5F66638B142B5E6D1D008F2934530C7AAD2F7F19128CA24609825D0DACFFD25A77591BFD7FB1D225BE2FA77CABCE837E0741326C1AC622C244D51E6FAFB303
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://1306e8c.aryalc-law.com/favicon.ico
                                              Preview:<h1>Access Denied</h1>

                                              Chrome Cache Entry: 106

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (64612)
                                              Category:downloaded
                                              Size (bytes):113440
                                              Entropy (8bit):5.492739044834378
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:94C1C15699B6C6AD5CDE9175C33E1E33
                                              SHA1:7343457FA4893301F0C6150EAC688B7507EB7416
                                              SHA-256:2516EF9D75F7088BEA081C0B2CF357D4E0055CA3A508972247346E5EE5828400
                                              SHA-512:18501F7D5F06AC3CDB8619BA2FF7312A4F3E1BC52BD2E22F639BE80B0EE716155529B6A125048937C314016EC01230E3F816AEDEC1A0225B14FED13420AB80F7
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://m3tcnittvi7.bashaerproject.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[33],{459:function(e,t,r

                                              Chrome Cache Entry: 107

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 text, with very long lines (32009)
                                              Category:dropped
                                              Size (bytes):57443
                                              Entropy (8bit):5.372940573746363
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:D580777BB3A28B94F6F1D18EE17AEDA3
                                              SHA1:E78833A2DB1AA97DA3F4A1994E6AF1F0D74D7CC7
                                              SHA-256:81188E8A76162C79DB4A5C10AC933C9E874C5B9EAE10E47956AD9DF704E01B28
                                              SHA-512:E3F5FFE3E7E54A7D640DF3BC06D336C9F936635D2594159B3EA5EDAEFBA6D6774060A532E0CBE0664FDC65806BD53E9BFC19C11F7946A5E157A9EC935C564378
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                              Chrome Cache Entry: 108

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (32960)
                                              Category:downloaded
                                              Size (bytes):109863
                                              Entropy (8bit):5.310477442235456
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:46C21D0ACECBD2212374B27C7D1B078A
                                              SHA1:5861965E506ACAAA7D10E5B9C31E99D254B85560
                                              SHA-256:5F5FBEE72883732799D75F6C08679ED8A6E769AE4F3AFDCD3721103A481AFA80
                                              SHA-512:B7E4980A66F15A8B918C2325CDC5FC41BADD0DEF7A43B2A2A93C593D05FC2ED4793448115DCC28B551F73623D876DB2B4672D64C3EE064369181FB74919FFC51
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://m3tcnittvi7.bashaerproject.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[7],{496:function(e,t,n)

                                              Chrome Cache Entry: 109

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 46 x 1, 8-bit/color RGB, non-interlaced
                                              Category:downloaded
                                              Size (bytes):61
                                              Entropy (8bit):4.002585360278503
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3F39A887430583FA6F75A0D4B208D9CC
                                              SHA1:E7341FC015A8C79DFE01ED8A7C9BDC3CEB1ABDCF
                                              SHA-256:84037A060F168F740BE099AE8CAAE4913DDB1BB1887515B0DC447DC0EABF13DA
                                              SHA-512:7A178CB95AF7878D561F5296296C376F095E56BA17E7E0127F25968F6434AEB36F74702448607A57BCF6029D8E62F4B519F07D9640B872A9BAE8B4A3F3C44023
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c9cd8a55e81424d/1727454292530/HmtfSRNAhDrP782
                                              Preview:.PNG........IHDR..............!......IDAT.....$.....IEND.B`.

                                              Chrome Cache Entry: 111

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):106
                                              Entropy (8bit):4.871466035681012
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:DC3F149ADE61F47BA67C7A1085A23CF6
                                              SHA1:3A4488B93F9FEA3D293FD19149ED4E4C85A3A750
                                              SHA-256:E66A64CFB1943E1AD3CB8FCE4EE659A3047FFAAA6DAA8BA59FB7E83ADAEEE685
                                              SHA-512:52E32283FCEAB534A2A306876E387D63E661CEE6DEF26D067D545B2EBA4392E9524FAEAB4CAAEA1946E7DAB21DF5F666C44EF11347FC1A626A8417590AD41104
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://0oenqk.startprogrammingnowbook.com/
                                              Preview:<script type='text/javascript'> window.location.href='https://1306e8c.aryalc-law.com/?mxuwrvdu' </script>

                                              Chrome Cache Entry: 112

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1864
                                              Entropy (8bit):5.222032823730197
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://m3tcnittvi7.bashaerproject.com/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                              Chrome Cache Entry: 84

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (48316), with no line terminators
                                              Category:dropped
                                              Size (bytes):48316
                                              Entropy (8bit):5.6346993394709
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2CA03AD87885AB983541092B87ADB299
                                              SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                              SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                              SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                                              Chrome Cache Entry: 85

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                              Category:dropped
                                              Size (bytes):17174
                                              Entropy (8bit):2.9129715116732746
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:12E3DAC858061D088023B2BD48E2FA96
                                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                              Chrome Cache Entry: 87

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):3651
                                              Entropy (8bit):4.094801914706141
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                              SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                              SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                              SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                              Chrome Cache Entry: 88

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):61
                                              Entropy (8bit):3.990210155325004
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                              Chrome Cache Entry: 89

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (61177)
                                              Category:downloaded
                                              Size (bytes):113401
                                              Entropy (8bit):5.284985933216009
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:41955034BB6BC6963DF5A8ECA72C5B81
                                              SHA1:D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81
                                              SHA-256:1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
                                              SHA-512:A52DF8961AC9964DE5202A52B4C38242368DC8898593BF3E8B3AFD3FC77C2C12FE72F27BB410DD4F7498643B69EEEFCCA1A566371E211F874C0BE22CF7E2A4E8
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://m3tcnittvi7.bashaerproject.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
                                              Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                              Chrome Cache Entry: 92

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:dropped
                                              Size (bytes):1592
                                              Entropy (8bit):4.205005284721148
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4E48046CE74F4B89D45037C90576BFAC
                                              SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                              SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                              SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                              Chrome Cache Entry: 93

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (47261)
                                              Category:dropped
                                              Size (bytes):47262
                                              Entropy (8bit):5.3974731018213795
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E07E7ED6F75A7D48B3DF3C153EB687EB
                                              SHA1:4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
                                              SHA-256:96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
                                              SHA-512:A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                              Chrome Cache Entry: 99

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):28
                                              Entropy (8bit):4.307354922057605
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                              SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                              SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                              SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmPnRK14p4L6BIFDdFbUVISBQ1Xevf9?alt=proto
                                              Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                              Static File Info

                                              No static file info