Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://gjyefv.degaris.com/

Overview

General Information

Sample URL:https://gjyefv.degaris.com/
Analysis ID:1432311

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gjyefv.degaris.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1924,i,15390962331566012590,5812943106349818764,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
3.6.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    4.8.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      4.9.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        Phishing site detected (based on favicon image match)
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueMatcher: Template: microsoft matched with high similarity
        Yara detected HtmlPhish54
        Source: Yara matchFile source: 3.6.pages.csv, type: HTML
        Source: Yara matchFile source: 4.8.pages.csv, type: HTML
        Source: Yara matchFile source: 4.9.pages.csv, type: HTML
        Phishing site detected (based on image similarity)
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: Number of links: 0
        Source: https://gjyefv.degaris.com/HTTP Parser: Base64 decoded: https://fbzxki.furnart-gh.com/nxnqadacitlupmhzteqjtsozfgekznozsano
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: <input type="password" .../> found
        Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0hip9/0x4AAAAAAAYXr8fowNoxx5DP/auto/normalHTTP Parser: No favicon
        Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0hip9/0x4AAAAAAAYXr8fowNoxx5DP/auto/normalHTTP Parser: No favicon
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0HTTP Parser: No favicon
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
        Source: https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.18:49694 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.18:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.208.86.120:443 -> 192.168.2.18:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49725 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49766 version: TLS 1.2
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.12
        Source: global trafficDNS traffic detected: DNS query: gjyefv.degaris.com
        Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: fbzxki.furnart-gh.com
        Source: global trafficDNS traffic detected: DNS query: www.furnart-gh.com
        Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
        Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
        Source: global trafficDNS traffic detected: DNS query: xzbgjm.furnart-gh.com
        Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
        Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.18:49694 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.126.28.12:443 -> 192.168.2.18:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.208.86.120:443 -> 192.168.2.18:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49724 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.18:49725 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49729 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.18:49766 version: TLS 1.2
        Source: classification engineClassification label: mal60.phis.win@16/31@26/161
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gjyefv.degaris.com/
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1924,i,15390962331566012590,5812943106349818764,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1924,i,15390962331566012590,5812943106349818764,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		1
        Masquerading        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        https://gjyefv.degaris.com/0%Avira URL Cloudsafe
        https://gjyefv.degaris.com/0%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        aadcdn.msftauth.net0%VirustotalBrowse
        www.furnart-gh.com0%VirustotalBrowse
        part-0013.t-0009.t-msedge.net0%VirustotalBrowse
        cs1100.wpc.omegacdn.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        about:blank0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        fbzxki.furnart-gh.com
        		104.21.28.181
        		truefalse
          		unknown
          part-0013.t-0009.t-msedge.net
          		13.107.213.41
          		truefalseunknown
          xzbgjm.furnart-gh.com
          		104.21.28.181
          		truefalse
            		unknown
            a.nel.cloudflare.com
            		35.190.80.1
            		truefalse
              		high
              www.furnart-gh.com
              		172.67.147.16
              		truefalseunknown
              cs1100.wpc.omegacdn.net
              		152.199.4.44
              		truefalseunknown
              cdnjs.cloudflare.com
              		104.17.24.14
              		truefalse
                		high
                gjyefv.degaris.com
                		104.131.80.170
                		truefalse
                  		unknown
                  challenges.cloudflare.com
                  		104.17.3.184
                  		truefalse
                    		high
                    www.google.com
                    		192.178.50.36
                    		truefalse
                      		high
                      identity.nel.measure.office.net
                      		unknown
                      		unknownfalse
                        		high
                        aadcdn.msftauth.net
                        		unknown
                        		unknownfalseunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://gjyefv.degaris.com/false
                          		unknown
                          https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0false
                            		unknown
                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0hip9/0x4AAAAAAAYXr8fowNoxx5DP/auto/normalfalse
                              		high
                              https://fbzxki.furnart-gh.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497539916693231.NzQwNWZlMDItNTFiNS00ZDM1LWFmZWYtOWJiMzU5NzZiZTQ1NTFkNGVjZGEtNzIyYS00ZmZkLThlMGUtNWYzN2QxY2Y4YTBm&ui_locales=en-US&mkt=en-US&client-request-id=991a96c5-61cc-4dd9-bcb3-1b9fc4a44d55&state=-J25bmtWK5ujB1PmjRLNfkgKzegmK6ukQWfpBQSWdqcZVqYgJkVh8ry1FJQ1eS3LFW6ybOMIiLCWdBZr_7XEs4lcjCpFz5hnMxDYIY8B8WJoWW-yOzFN-LXlrLmUHiAL3ZnBFZKir9x-78g9_-BUltqok7DpuCAbHoxI7tebZuI4W88Vt9CfQImUftBsISrf49v_vB2RgHNCr9HZEMZMaWK-AOodaB2WsittDwwf98gMVdOAsh8iQjg0piyZjXwsWuLPQpG7HJ0bIYbXdWgMzQ&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=truetrue
                                		unknown
                                about:blankfalse
                                • Avira URL Cloud: safe
                                		low

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                192.178.50.36
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                104.17.24.14
                                		cdnjs.cloudflare.comUnited States
                                		13335CLOUDFLARENETUSfalse
                                192.178.50.67
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                13.107.246.41
                                		unknownUnited States
                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                192.178.50.78
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                1.1.1.1
                                		unknownAustralia
                                		13335CLOUDFLARENETUSfalse
                                104.21.28.181
                                		fbzxki.furnart-gh.comUnited States
                                		13335CLOUDFLARENETUSfalse
                                104.131.80.170
                                		gjyefv.degaris.comUnited States
                                		14061DIGITALOCEAN-ASNUSfalse
                                152.199.4.44
                                		cs1100.wpc.omegacdn.netUnited States
                                		15133EDGECASTUSfalse
                                142.250.64.227
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.64.138
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                104.17.3.184
                                		challenges.cloudflare.comUnited States
                                		13335CLOUDFLARENETUSfalse
                                23.193.106.20
                                		unknownUnited States
                                		16625AKAMAI-ASUSfalse
                                142.250.217.174
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                74.125.26.84
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse
                                172.67.147.16
                                		www.furnart-gh.comUnited States
                                		13335CLOUDFLARENETUSfalse
                                13.107.213.41
                                		part-0013.t-0009.t-msedge.netUnited States
                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                142.250.64.170
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                35.190.80.1
                                		a.nel.cloudflare.comUnited States
                                		15169GOOGLEUSfalse
                                104.17.2.184
                                		unknownUnited States
                                		13335CLOUDFLARENETUSfalse

                                Private

                                IP
                                192.168.2.18

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1432311
                                Start date and time:2024-04-26 20:45:17 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Sample URL:https://gjyefv.degaris.com/
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:16
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal60.phis.win@16/31@26/161

                                Warnings

                                • Exclude process from analysis (whitelisted): SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 192.178.50.67, 142.250.217.174, 74.125.26.84, 34.104.35.123, 23.45.182.69, 142.250.64.138, 142.250.189.138, 192.178.50.74, 172.217.165.202, 172.217.15.202, 142.250.217.202, 142.250.64.202, 142.251.35.234, 142.250.217.170, 142.250.217.234, 142.250.64.170, 172.217.3.74, 172.217.2.202, 192.178.50.42
                                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                                • Not all processes where analyzed, report is missing behavior information

                                Created / dropped Files

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 17:46:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):3.98395710774149
                                Encrypted:false
                                SSDEEP:
                                MD5:B3D242FAEDE46588FBB389B5FDF4CC8D
                                SHA1:5BDD7CBC9318375D9DD8E0A1F0E0D8E90B23081A
                                SHA-256:5ED73B676CFD6568122019E9AE83E24CD397BAB5EE8DC9E485C99B27B590455C
                                SHA-512:AA3067209C99B7E5BB2249B2CC613AF478F8F17EB29BF00E9B1066CFB163AF64A260512AF134C2F1537BA7F3D8FA0AA076EB3220AB6DE76679443BED4A1C2E7E
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,...._.k.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 17:46:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):4.003263876937222
                                Encrypted:false
                                SSDEEP:
                                MD5:EE2D78D4A52622E45A6FDB8ED962BB2B
                                SHA1:272794A18839D023F2F9877D27D19B7C7D902735
                                SHA-256:9E71216BA1A64102F8297F1CCDE8B866348BA56AA86A3EE45BD6CE671146A16B
                                SHA-512:E8D40BAD419C56FA38E9BF12A8C2A0B58DC6152FF74F70AA2A388A5E22BE2517B7F88E087E5AC9E959C948858580E9FB362B582998D78964791E6A4DD48284E4
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,......S.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2691
                                Entropy (8bit):4.008541844289464
                                Encrypted:false
                                SSDEEP:
                                MD5:19F96905ACC9A274427C1C83A5136E90
                                SHA1:A3543B79E26066DE79ABF0FE4444CBBB259FF36D
                                SHA-256:74C0C0184883FD08283DE7F92A6C53CFE3D16FE41B2EAC13B1349275D16E68A3
                                SHA-512:7F489BB221D0F9AD55574A0FD95AD83F52370CC451682EE424A9770DA66DD9FF7851C42ED2BDBA2E2D257B1644E03DFCE6D7FEB28A7C5D1C63E4FB9DA5B80DF8
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 17:46:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):4.000385732792319
                                Encrypted:false
                                SSDEEP:
                                MD5:592F5B652BCA39BC410BC586DE1BEAAA
                                SHA1:68DBF713EC0B7418747EE6669CDCB26231181BF5
                                SHA-256:6157F123D67CBC4A8B1F8FBC9B654554FCD9578803B9357B3B74854486F2C139
                                SHA-512:8A8C3611EA74C6CD26A1ABE4BE2E6F8A9DEF2D42895BF4779FE36F97C6CCBDFA73D9156184865337E456D95DE143CB578D22979154CF449907D57CED01D39185
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,......F.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 17:46:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):3.9877170234369483
                                Encrypted:false
                                SSDEEP:
                                MD5:33381EF2D5928A9DEBD725351C067A3F
                                SHA1:396CE56EEB29CBD547F64FDB34B4B7DFD4D34D0B
                                SHA-256:2CF728BC2CDEEBE63FF146CB9DDB85EBBC4DAE518635EB55393BCC2CE0354318
                                SHA-512:803A30BF30193541938753EF9146982BE3E54E815013E8D3E880A64E2A05EE2A897B7FF83AD7B65D24F0E4BEA2DEADEBDD1C14E3EFFCB49FE2581658FE887493
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....d.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 17:46:16 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2681
                                Entropy (8bit):4.001285565437462
                                Encrypted:false
                                SSDEEP:
                                MD5:C5AE754AE0E4542CC41D20CA1EFA5BAC
                                SHA1:1A849AF2424D00B77EC426AD97CF05C0CC9A3BF1
                                SHA-256:468A98EA8C49E2111ADADBBA8940C8A3E95137FFB3BB7911139DBCD98637355E
                                SHA-512:1D25243151E83A4064643A5A10D2661075E3A27129996913F5474834AE3F773F3EBFB62AA2CE6199484A671359D109C50683C9C1CBC913FDC8356A36FC2CB401
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....QL>.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                Chrome Cache Entry: 102

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15708
                                Category:downloaded
                                Size (bytes):5512
                                Entropy (8bit):7.968035355108244
                                Encrypted:false
                                SSDEEP:
                                MD5:98421BE6893CF3AA929C5F6C4A0C5C67
                                SHA1:2BB411BB6B6C31AE02B81F199C90219717F718AF
                                SHA-256:019D26044CCF18F979DFBB8677828FA36BF5CBFC529CECD942644CFE86D90D04
                                SHA-512:3142C929754027BA755A6633B51C87C52F1C27B14686C70A22CAB66BD859840F6E7847E0ECA61F4E1B399EEABECA6D28B8A9487CED42D976A9F9397F7C0F6230
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js
                                Preview:...........[}w.F....Bh..i3.M....>./.......&9...P,$U#......HH..N..I...s...~..*.h.............{.ij.x.....u....M.........#.........8.c'.B..o.9.6...L.....>L..{".....f.].j.N.,..i.?.6o..X=....O.-..o.5'p%6.....,py..'.p.]z.8..(.b>..=6.3.on.4'...6..d...A.X..F.($8...\ .../..Db4.iM....@....I...."........M...st ....k...D..k!.cM2K...... ..6...X.m..s.1.S.$...r.`.y....1..$."...J.sOp+..M."....Eh....G'....L55I.H...^2...a8=v...w.H...p.....G_.Zp.xU.g.P.5....^.E.w6...q.....B7.~..7...A.q..1....4.......Ev..r..iE311>~...=~W{]..!...,`.|.wpY.0^.,.G.d1>NL.....5..........g3;.~..x.MbH...r.RA....2. ...E..Z..Lq...O..C]....~.w..4.P..\...$NL..;....[R0.8..[A.t ......|.Ln..3H......g.q"n...|g..4..g....w....l..[........q...llW*..]....L.'....$..m....-...svg'......]..cl..N.`7.......7f=..F....2.....f.<.oyB..f)w.0<.N.y..T......Y.p].\......7.....Vo./e...K..3....:d.......g..H...}=..l.<.{..".s .g.Q..|v..O#HM.r.b...7..`a.c..i..j..Zm.=..@w.%..q..-yBV91.4.z..Y.....

                                Chrome Cache Entry: 103

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:GIF image data, version 89a, 352 x 3
                                Category:dropped
                                Size (bytes):2672
                                Entropy (8bit):6.640973516071413
                                Encrypted:false
                                SSDEEP:
                                MD5:166DE53471265253AB3A456DEFE6DA23
                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                Malicious:false
                                Reputation:unknown
                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                Chrome Cache Entry: 104

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (47992), with no line terminators
                                Category:downloaded
                                Size (bytes):47992
                                Entropy (8bit):5.605846858683577
                                Encrypted:false
                                SSDEEP:
                                MD5:CF3402D7483B127DED4069D651EA4A22
                                SHA1:BDE186152457CACF9C35477B5BDDA5BCB56B1F45
                                SHA-256:EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
                                SHA-512:9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
                                Malicious:false
                                Reputation:unknown
                                URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
                                Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null

                                Chrome Cache Entry: 105

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:GIF image data, version 89a, 352 x 3
                                Category:downloaded
                                Size (bytes):3620
                                Entropy (8bit):6.867828878374734
                                Encrypted:false
                                SSDEEP:
                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                Chrome Cache Entry: 106

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):808
                                Entropy (8bit):4.9078093738349065
                                Encrypted:false
                                SSDEEP:
                                MD5:A943672A32297727BAB01C3E76977550
                                SHA1:3A667C4B7A457EF6C586CC581D533C128737BF53
                                SHA-256:B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
                                SHA-512:0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
                                Malicious:false
                                Reputation:unknown
                                URL:https://gjyefv.degaris.com/favicon.ico
                                Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

                                Chrome Cache Entry: 107

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                Category:dropped
                                Size (bytes):673
                                Entropy (8bit):7.6596900876595075
                                Encrypted:false
                                SSDEEP:
                                MD5:0E176276362B94279A4492511BFCBD98
                                SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                Malicious:false
                                Reputation:unknown
                                Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                Chrome Cache Entry: 109

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                Category:dropped
                                Size (bytes):17174
                                Entropy (8bit):2.9129715116732746
                                Encrypted:false
                                SSDEEP:
                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                Malicious:false
                                Reputation:unknown
                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                Chrome Cache Entry: 110

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                Category:downloaded
                                Size (bytes):61
                                Entropy (8bit):3.990210155325004
                                Encrypted:false
                                SSDEEP:
                                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                Malicious:false
                                Reputation:unknown
                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                Chrome Cache Entry: 78

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (2337), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):2339
                                Entropy (8bit):5.3180282052947145
                                Encrypted:false
                                SSDEEP:
                                MD5:11C2064477D2A188500214B4039393EC
                                SHA1:00CC7AE89EEEB08C6AE3FCCBB524720253B4C150
                                SHA-256:27C298064F1398BF0CC724D210900AA1C80D075D2473380DAD445722EF1B8E05
                                SHA-512:EB9D5F57F14027F8428CFC41DC6586B8B92214025358145404540BE9F9420BB85E0114AD559035403AD9CBB6BC620193954CC5988177E948208529231196A4C9
                                Malicious:false
                                Reputation:unknown
                                URL:https://xzbgjm.furnart-gh.com/Me.htm?v=3
                                Preview:<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f||e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

                                Chrome Cache Entry: 80

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (42414)
                                Category:downloaded
                                Size (bytes):42415
                                Entropy (8bit):5.374174676958316
                                Encrypted:false
                                SSDEEP:
                                MD5:F94A2211CE789A95A7C67E8C660D63E8
                                SHA1:F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F
                                SHA-256:926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
                                SHA-512:EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3
                                Malicious:false
                                Reputation:unknown
                                URL:https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
                                Preview:"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                Chrome Cache Entry: 81

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):28
                                Entropy (8bit):4.208966082694623
                                Encrypted:false
                                SSDEEP:
                                MD5:9D422EDF7FC3020496DA4F02D19B219C
                                SHA1:A2EBA939970EC4B48DACE77D0549F7E1A5DA3E98
                                SHA-256:8E23A348E140C65D43C5B5506B658226933FAAA405D44D1D8D18F8ABB0DB7B17
                                SHA-512:3F4BAE9B733E0D83F61C51466DED794E0E533511AEEF98D9CC39118C4DAA15891A97245FD28AE106328022E3969C18287D533950AE8FDC78D027223AD5716D56
                                Malicious:false
                                Reputation:unknown
                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwkydI4itDxXJRIFDZRU-s8SBQ0fystK?alt=proto
                                Preview:ChIKBw2UVPrPGgAKBw0fystKGgA=

                                Chrome Cache Entry: 82

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 22 x 61, 8-bit/color RGB, non-interlaced
                                Category:dropped
                                Size (bytes):61
                                Entropy (8bit):4.068159130770306
                                Encrypted:false
                                SSDEEP:
                                MD5:D411A58EEE994203CFB4D647CF009036
                                SHA1:12CE16DB61AF69C6628E45B40412E604CAD2E732
                                SHA-256:37615F758E77462B1961C4633BF68D233C4EC8DAC37D1E3FBCA00D1BF93CDF0E
                                SHA-512:E3CF36BE2996D38E9B6E900B99B13398E73F08D3BD3A59DBEBDE818F233C31D0FAB22E41F69B5D7A0BFA88F3B486BD1D8476C98D164213B8BE880496A470E14B
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR.......=.....&.......IDAT.....$.....IEND.B`.

                                Chrome Cache Entry: 83

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):28
                                Entropy (8bit):4.307354922057605
                                Encrypted:false
                                SSDEEP:
                                MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                Malicious:false
                                Reputation:unknown
                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwlv1fjU1t5ZOxIFDdFbUVISBQ1Xevf9?alt=proto
                                Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                Chrome Cache Entry: 84

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                Category:downloaded
                                Size (bytes):1435
                                Entropy (8bit):7.8613342322590265
                                Encrypted:false
                                SSDEEP:
                                MD5:9F368BC4580FED907775F31C6B26D6CF
                                SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                Chrome Cache Entry: 85

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113657
                                Category:downloaded
                                Size (bytes):35813
                                Entropy (8bit):7.9933603091137355
                                Encrypted:true
                                SSDEEP:
                                MD5:57911010756C90D58754C91EF1EE2765
                                SHA1:BAA48FEF4866D7DAFD9F59417745EE838F0E63CA
                                SHA-256:87C5385BA17F84CC25FB7BBE1EDB4169BC702842BD74B758ACDC130986D55BC2
                                SHA-512:FF5A7B638CD9117C89C277F6846506D41768D3A30F81B63768379294160AEE89F0D60E853F938D28A654226E18FE3389808ECCDA7D106F76EBE95A53A00DD560
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js
                                Preview:...........{..8.(.........,.-.......gglu.. .m..I....~..oRv......i.(....P(......k............o.6>.|..d..........O...V..}.G..4......9.l..F.mDI.f.4...o,..EA.1...F1g..,...E..Gy...,No6.@..l....n..;....P.fQ...ty...b#I.(d.A2!j1$..m....6n.Q8.x..Y...b#c!....|.p..w#..F..i..s.Gc..b..9U.k......&@pJ..'40J......e.$.k.L(b...F.n.+..nO..6@n...A.&.,LVa......Y......V..o..% ....,......:..e.-XR. <FE.w..b..P......r.b.["~..!.....y.......V...4.;M..Y.X.{.......0].N..,.r`=...Mv....;...k....w.1p.q...(.u.3....;).. }...s....'....c...o.d....Ax.W..._...?.9..*.........3..MWI..3.p3..u.m$~Vo:n.'.8..!5h....y...6=7...hz.......f.-.).......Nc..:...g...~.8..4.....0P......$.=.a....#._..3.t..7Q...-....6..j.|...*.5-...B...}.VQ.&/.*..e.XeI.C../.y...{...1...Y..g..`'..F..h.o.]SHW...,..Ac_%y...M..u.O..U..`.&...Y.}....Tu..z..iv.....5..M.q.. .Bz.,..oSS.%..y.....gS1s.(.........%,fE.m.@~.4.........7.x.$0mQ..o....J.J^....~.....*.u!.~Z.iw.b...Q~).=..Tq.:.7HH.E.&6.D`.(..Cxmf.(o...^y_.v.{..K<Y.5.

                                Chrome Cache Entry: 87

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):9265
                                Entropy (8bit):4.55691030610823
                                Encrypted:false
                                SSDEEP:
                                MD5:E34B0BFA20742FF4E680A88C0A8DF48E
                                SHA1:107F0C417E9721ECF474F63ACB0ABF1C7E9D72AB
                                SHA-256:C8A1D25D964B8535A2D4FE62522B39B0CC2680022AA67FFE5BF20AB338A34990
                                SHA-512:5F0C7023109CB0067E3AB2C85E18083C7E01E5151E973C0B55F84978B29D19B0CD8291EBF7E95ACA9112D74269EBBA4B3228D0236C983F8656940DDA9D7716A1
                                Malicious:false
                                Reputation:unknown
                                URL:https://gjyefv.degaris.com/
                                Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Just a moment...</title>. <link rel="shortcut icon" href="" type="image/x-icon">. <style>. /* CSS styles for html, body, h1, p, and .attribution */. html, body {. width: 100%;. height: 100%;. margin: 0;. padding: 0;. background-color: #f0f0f0; /* Changed background color */. color: #333333; /* Changed text color */. font-family: Arial, sans-serif; /* Simplified font stack */. font-size: 16px;. line-height: 1.7em;. }.. h1 {. text-align: center;. font-weight: 700;. margin: 16px 0;. font-size: 28px; /* Adjusted font size */. color: #555555; /* Changed heading color */. line-height: 1.25

                                Chrome Cache Entry: 88

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113084
                                Category:downloaded
                                Size (bytes):20314
                                Entropy (8bit):7.979540464295058
                                Encrypted:false
                                SSDEEP:
                                MD5:92A840DC3D177339DAE03FEDF22A22B5
                                SHA1:C1C9A6E6442388D07A9D9D72C12DA25094D6920F
                                SHA-256:4A986BA8875F22A0EABC356112A6790F90E114ADB72EAEC4632E03812EC1EDE4
                                SHA-512:98C705395DD249501D8069A03E0068BC9CCF4F2D139BEC63A00564C69CD21C05CB25CF56BA7B40822963737989D5048AD310E20D6022E84346C982CFCEF79E11
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
                                Preview:...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.*V5)/wE..Y...gy.0.*(.*-o.e.|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....*]..6(. ..D..*...Y.......:.ve.?..!..|t...].+.......a.......|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u.*.z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~...*..n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{*.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj

                                Chrome Cache Entry: 90

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (7851), with no line terminators
                                Category:downloaded
                                Size (bytes):7851
                                Entropy (8bit):5.769813520710387
                                Encrypted:false
                                SSDEEP:
                                MD5:CD95F6DAC859C61AFB4B0234E20D3604
                                SHA1:C24FD1346B003968E269929A6EE9DDE33F9A593F
                                SHA-256:D5F0FFF9E15AFFC211C6850EB476D27237B1F27C64223215112CC21EC9C81B93
                                SHA-512:BB5D3DB23463E4B635E395B5836089D59DCCBCADDCE2E2335E9ABDE915E3EEA6E03910294C5B7729CE9FA2F5C50B19F428FFAE6C0CD381B36752A3CCCD1FD352
                                Malicious:false
                                Reputation:unknown
                                URL:https://fbzxki.furnart-gh.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
                                Preview:window._cf_chl_opt={cFPWv:'b'};~function(V,g,h,i,j,n,o,A){V=b,function(d,e,U,f,C){for(U=b,f=d();!![];)try{if(C=parseInt(U(419))/1+-parseInt(U(364))/2+parseInt(U(378))/3*(parseInt(U(445))/4)+parseInt(U(385))/5+-parseInt(U(366))/6*(-parseInt(U(399))/7)+parseInt(U(458))/8+-parseInt(U(455))/9*(parseInt(U(452))/10),C===e)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,122188),g=this||self,h=g[V(451)],i={},i[V(415)]='o',i[V(369)]='s',i[V(377)]='u',i[V(363)]='z',i[V(403)]='n',i[V(409)]='I',j=i,g[V(440)]=function(C,D,E,F,a0,H,I,J,K,L,M){if(a0=V,D===null||void 0===D)return F;for(H=m(D),C[a0(392)][a0(414)]&&(H=H[a0(435)](C[a0(392)][a0(414)](D))),H=C[a0(406)][a0(427)]&&C[a0(383)]?C[a0(406)][a0(427)](new C[(a0(383))](H)):function(N,a1,O){for(a1=a0,N[a1(434)](),O=0;O<N[a1(426)];N[O+1]===N[O]?N[a1(422)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(407)][a0(382)](I),J=0;J<H[a0(426)];K=H[J],L=l(C,D,K),I(L)?(M=L==='s'&&!C[a0(430)](D[K]),a0(461)===E+K?G(E+K,L):M||G(E+K,D[K])):G(E+

                                Chrome Cache Entry: 92

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (45563)
                                Category:downloaded
                                Size (bytes):141339
                                Entropy (8bit):5.431048966728945
                                Encrypted:false
                                SSDEEP:
                                MD5:0A1A5BA009FB1F25E3F3D036D8CF26CE
                                SHA1:8E9E6A11CED0807252C34DCA1D8C7C2390D1A5CA
                                SHA-256:94153F2A6DAAE35DFCB61DC987E2D4310B7CA021E36375E87D8B8C641C0C6121
                                SHA-512:018FA3AD6DCC5DD17258334C2AD5BD0CE4E6AC278A340EE9F0147EC3084B56D0BC5F7224DAF950E89B53828FF57737E1DB1539DCE2B3E7967FE40971677CDFB4
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
                                Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,i=n[0],a=n[1],s=0,u=[];s<i.length;s++)

                                Chrome Cache Entry: 93

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:Unicode text, UTF-8 text, with very long lines (29406), with no line terminators
                                Category:downloaded
                                Size (bytes):29412
                                Entropy (8bit):5.5613740417009385
                                Encrypted:false
                                SSDEEP:
                                MD5:90AA11F39700C7D82563B7ED3F011856
                                SHA1:B32A6989BBB50CD94CA22508225902E74D882A5F
                                SHA-256:4BF52E1F92CE9EA93F33025943D00DBFE5E73FF1C8DDC1507AEE8AC82D34DC0F
                                SHA-512:9FD3A8319C3E2E991446A1F93832A1C63B34F1923DECF8B8A48C449EACF69878736668D6ED478E9BFD3E96F4A343A95EA5DA4690F03B2FC7210B452D51B5F166
                                Malicious:false
                                Reputation:unknown
                                URL:https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.min.js
                                Preview:!function(e,t,a){"use strict";"undefined"!=typeof window&&"function"==typeof define&&define.amd?define(a):"undefined"!=typeof module&&module.exports?module.exports=a():t.exports?t.exports=a():t.Fingerprint2=a()}(0,this,function(){"use strict";var d=function(e,t){e=[e[0]>>>16,65535&e[0],e[1]>>>16,65535&e[1]],t=[t[0]>>>16,65535&t[0],t[1]>>>16,65535&t[1]];var a=[0,0,0,0];return a[3]+=e[3]+t[3],a[2]+=a[3]>>>16,a[3]&=65535,a[2]+=e[2]+t[2],a[1]+=a[2]>>>16,a[2]&=65535,a[1]+=e[1]+t[1],a[0]+=a[1]>>>16,a[1]&=65535,a[0]+=e[0]+t[0],a[0]&=65535,[a[0]<<16|a[1],a[2]<<16|a[3]]},g=function(e,t){e=[e[0]>>>16,65535&e[0],e[1]>>>16,65535&e[1]],t=[t[0]>>>16,65535&t[0],t[1]>>>16,65535&t[1]];var a=[0,0,0,0];return a[3]+=e[3]*t[3],a[2]+=a[3]>>>16,a[3]&=65535,a[2]+=e[2]*t[3],a[1]+=a[2]>>>16,a[2]&=65535,a[2]+=e[3]*t[2],a[1]+=a[2]>>>16,a[2]&=65535,a[1]+=e[1]*t[3],a[0]+=a[1]>>>16,a[1]&=65535,a[1]+=e[2]*t[2],a[0]+=a[1]>>>16,a[1]&=65535,a[1]+=e[3]*t[1],a[0]+=a[1]>>>16,a[1]&=65535,a[0]+=e[0]*t[3]+e[1]*t[2]+e[2]*t[1]+

                                Chrome Cache Entry: 94

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 223759
                                Category:downloaded
                                Size (bytes):54325
                                Entropy (8bit):7.996017457525811
                                Encrypted:true
                                SSDEEP:
                                MD5:799F880143F17E47C4EFDBB3FF35A54C
                                SHA1:8CECC74EB422322F78EDE1111F175A28725CCA9F
                                SHA-256:EA70CC2977F4DEB5236041A7A0628FA671FB8AD20A5E9E3FD6885A11359EF2FE
                                SHA-512:46E811AA3D03023596B47DB39B6FABCC1A4B7388C7F0A187A4C23B024695593702A70227F5B770174A258A265A48D4F87EF01281210229E51022E9BC6948214B
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js
                                Preview:...........k{.F.0.}...gF.L."..eR..v.y.O....g...............~...@....f<...F./...u...;............x.y.C...y...sx.....^=}.....N.W.I.Y$.....".w....$..|..a...+.7O.eg.gW..2...8*..2)J..<^f.:.4..;....<}.....ZK.......5..,;iV&Q...9......;U:....$....DyVd....Q...N......N..".;.,//.8...X..ZP7......&shpA...a.I.C\U0i.&K..}m..1..9.N.u....^.'I/:......r...a^Ee.f..oq..e'..y..U..;...T(...<L..;X.."..8-}.^L.._w.....f.w..V.x.kK..K../.A..[....oE....G..ao0...\........Qv.7..eX..70.....|.s.}.#...:..t...$.}=....s..g.}Q..........SO.....p.%..v..|.Fo.. ..,e.......=;;..7....J#......{7o....;.........<..?.....G._..}..(..k?....2.......J.E.z.^.O.....}...XWe.....O.*..,C...+......O.r..he.............$Y.;..?).y....&.$..u..m.~.Z...2./..|9..(.m....W.8.?QO}.....]....Y..z..=..2........>..8...87.&..ajn.m.E.,.<...n.t..`......|..s7..v.w.z....d{...m.^..Y..AA...,C^...:0.~A.]....,...........6xR..8.p,./?..~v.+../c..Z...$.....Ysg....U....H....._q....o..acC...fpv.fb.....|.?.-V

                                Chrome Cache Entry: 95

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (2337), with CRLF line terminators
                                Category:downloaded
                                Size (bytes):3457
                                Entropy (8bit):5.4013232048956485
                                Encrypted:false
                                SSDEEP:
                                MD5:9F4019F1559E08F8794CEE8232CF13F7
                                SHA1:C2FE9F6BB0C7D1672F6307664D627C9C9C9BE650
                                SHA-256:69FB43AC691DFF49CA716D3610E96CC2D5F3B9239CA71247B2A10836DEF6FF47
                                SHA-512:55DBF004D776A653F2999C9C09E9D9C32A6ED9F36AC61ECD87983DCD324C1A555305878C977E4687CCEDD14EA7021F7488CACC34B030AD6D31A0EFDDD45FE208
                                Malicious:false
                                Reputation:unknown
                                URL:https://xzbgjm.furnart-gh.com/Me.htm?v=3
                                Preview:<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f||e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

                                Chrome Cache Entry: 97

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 444227
                                Category:downloaded
                                Size (bytes):121212
                                Entropy (8bit):7.9972852524966695
                                Encrypted:true
                                SSDEEP:
                                MD5:0868DA2DD5EFFED92904047439E49D48
                                SHA1:D760173E5E6B25461B0D2A0B32D384FE659B2338
                                SHA-256:8C41E973CB5EE0194EBF3BAA0716EEEB57EED53552F042E200190E3C37F08CFD
                                SHA-512:9F430A42D5380D12C553255A324E347A37337E659D623F50314CF47FE52889FD4120F8DD2895DE3327ED97B65DE4E78C982DA966A3F5253286AB0DE0260817CB
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js
                                Preview:...........m{.8....~.......%..J....Te;.3q..wS.<.D;..W..2.......e......X$H. .. .~.i....T....*....MexZ..|v}\.....\.o.N...l.....O*.?`..;v..U.....?t.x..N.....}'.L.hVI.Xe.G.27M*...Ph..R..b.r...k..V.....O..J....~?..0J}.U.......VY...+....P...8J.IZ....'h$Y@z........2....Q...R.P3.....'..'.Q..:.G..|...2Q....$...."..4..F..}..?.V.n......:@.[.i....O.b.T"..+D..q...9.$.ke.;!.\6...Lc.f,Lu .....?..".3..4..Y.cK.?...K6.T.L..Q.3.T....7...Y.Y.i:O....~.....h......I.u..:.}....r...8.*W.1`P9.f....T....%.?..K....4?N.........."t..*.-..JX..+..O.._....o.;=.?....w...Q=`.4}8H..j...&w.p......F.....d...I.......W....:....[./..*~@+5....."...V..wU..)TYe....?5......;........Vk..Jt.^.t.^6Z..:...!..I...j1K.qX..u.S......1.^.V.....Lk.Z..B.....,..z.;..G`..y..T`.tz...[5..q.*...E}K.[.b.&........Z...t..s..RO....m....s.IQ...+...Re....T...ag.0.F...T.}<].<Nt........ ..k..5..X....El_..w..|..VC=...H$F..~r%..'U..!.k1=.e.)y!`)....Y.c%.....{.Kx.........s...dZ....^:3V..H..|Sz.1%C..G..a2:v

                                Chrome Cache Entry: 98

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 55071
                                Category:downloaded
                                Size (bytes):15799
                                Entropy (8bit):7.985179973188672
                                Encrypted:false
                                SSDEEP:
                                MD5:978A6C1AA934E5B1C5320D515FD25662
                                SHA1:64636EF3E1AD607F095DBA6CB01447AC133B483D
                                SHA-256:D1963B1837F4087E988FD18BB4CF25B38D61D675C4B6A6FC01158BD39945F10A
                                SHA-512:411A51CC19890DC5B27E4800E5BB4BFB4D0E3DC076010C6AB8B10396524F4C996D86420888AF3A1632D5FB281CEB4373C18B0EEFC9F8A84AA59D295450393DA7
                                Malicious:false
                                Reputation:unknown
                                URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js
                                Preview:...........}Ms#G.....uh.O=.>...4..p.O$...P.IF4.".K....1..5.......7.|.....S6..w8?......9...B.AwUeeeeeefee..f.Oc/._..G.............{..._..%.q..q........j<.w..O.7..."pgbV.C..k.T`..X....'v....<p....I.'..k<j@Ai..NP.6<..j..N.....0.......=..ox/+...9.sB..p.q.ai...?.....qw.D.X..b..?.bOD.x.B1..X..`.N..b..E...%JWg..x8.ys..:...I.....b1...q.......[..a..7q..N........._..4....&.. ........m&6.F.\.@.e.B..`.'.....0............]/.........`..iZ6......./f8..BCz_...i....MQ>..E,/x>v......{.........._.........Z.rP+......*e..R.\.Z.u..3@./.oJ7.'.......%.;.WP.9.b..z._..b....0......X...Ro^k*.lI..t..K7~.ep.`.)......'."".."....../..S....M..B5nEc2..g..m..|f.{...pbi(.0.@[_Lc.Z.....U`./!..@.....p.-..kQ@T..8...-...0.....AX.D.?...".....5.NE..\...VQa.....,......?..M.0......_<......C..fOq..bz'..z/BF.;&.K......%.....g........f!..^.:Z...g...j...7.._........S.2/.2.n.....>.<P!!.Bv..J........e!d....B.Ra$.......N........> f.C.....^.D.-.e.c+...............!....$.9x...{.....p~._.0.

                                Chrome Cache Entry: 99

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                Category:dropped
                                Size (bytes):621
                                Entropy (8bit):7.673946009263606
                                Encrypted:false
                                SSDEEP:
                                MD5:4761405717E938D7E7400BB15715DB1E
                                SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                Malicious:false
                                Reputation:unknown
                                Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                Static File Info

                                No static file info