Edit tour

Windows Analysis Report
20252201_pdf.html

Overview

General Information

Sample name:	20252201_pdf.html
Analysis ID:	1596605
MD5:	14f028f0445ba83e9de0aa58de6a1279
SHA1:	699488aae516d3bab626bfa7eab18abeac483283
SHA256:	669814e2adb743fbc4a0b7c4e41adeb12e8068cd0bdb60c1f8585c2eaae74ede
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

HTML document with suspicious title

HTML file submission containing password form

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\20252201_pdf.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=2356,i,17816237914254904303,13503957949687214264,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /we.php HTTP/1.1Host: yanadai.topConnection: keep-aliveContent-Length: 71Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 22 Jan 2025 07:09:32 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 22 Jan 2025 07:09:33 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: chromecache_120.2.dr	String found in binary or memory: http://almsaeedstudio.com
Source: chromecache_134.2.dr, chromecache_123.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_134.2.dr, chromecache_123.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_120.2.dr	String found in binary or memory: http://fonts.googleapis.com/css?family=Source
Source: chromecache_135.2.dr, chromecache_112.2.dr, chromecache_128.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_142.2.dr, chromecache_122.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_115.2.dr, chromecache_113.2.dr, chromecache_120.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_130.2.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_115.2.dr, chromecache_113.2.dr	String found in binary or memory: http://www.almsaeedstudio.com
Source: chromecache_130.2.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: chromecache_130.2.dr	String found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
Source: 20252201_pdf.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Source: chromecache_154.2.dr, chromecache_110.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_135.2.dr, chromecache_154.2.dr, chromecache_112.2.dr, chromecache_128.2.dr, chromecache_110.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_154.2.dr, chromecache_110.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_130.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_130.2.dr	String found in binary or memory: https://onedrive.live.com/about/en-us/
Source: chromecache_130.2.dr	String found in binary or memory: https://outlook.live.com/owa/
Source: chromecache_130.2.dr	String found in binary or memory: https://products.office.com/en-us/home
Source: chromecache_130.2.dr	String found in binary or memory: https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams
Source: chromecache_130.2.dr	String found in binary or memory: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Source: chromecache_130.2.dr	String found in binary or memory: https://www.onenote.com/
Source: chromecache_130.2.dr	String found in binary or memory: https://www.skype.com/en/
Source: chromecache_130.2.dr	String found in binary or memory: https://www.xbox.com/
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/2.png
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/3.png
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/4.png
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/AdminLTE.min.css
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/_all-skins.min.css
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/app.min.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/bootstrap.min.css
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/bootstrap.min.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/bootstrap3-wysihtml5.all.min.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/dashboard.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/default.png
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/font-awesome.min.css
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/jQuery-2.1.3.min.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/loading.gif
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/fdg/logo.png
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/images/spinner.svg
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/js/bootstrap.js
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/auto/js/tether.js
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/fdg/demo.js.download
Source: 20252201_pdf.html	String found in binary or memory: https://yanadai.top/we.php

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal56.phis.winHTML@26/85@22/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\20252201_pdf.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=2356,i,17816237914254904303,13503957949687214264,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=2356,i,17816237914254904303,13503957949687214264,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/20252201_pdf.html

HTTP Parser: file:///C:/Users/user/Desktop/20252201_pdf.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://yanadai.top/auto/fdg/2.png	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/20252201_pdf.html	0%	Avira URL Cloud	safe
https://yanadai.top/auto/js/tether.js	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/3.png	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/default.png	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.ttf?v=4.7.0	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.woff2?v=4.7.0	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/font-awesome.min.css	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/AdminLTE.min.css	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/bootstrap.min.css	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/loading.gif	0%	Avira URL Cloud	safe
https://yanadai.top/we.php	0%	Avira URL Cloud	safe
https://yanadai.top/auto/images/spinner.svg	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/bootstrap3-wysihtml5.all.min.js.download	0%	Avira URL Cloud	safe
https://yanadai.top/fdg/demo.js.download	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/jQuery-2.1.3.min.js.download	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/_all-skins.min.css	0%	Avira URL Cloud	safe
https://yanadai.top/auto/js/bootstrap.js	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/4.png	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/logo.png	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/bootstrap.min.js.download	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.woff?v=4.7.0	0%	Avira URL Cloud	safe
http://www.almsaeedstudio.com	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/dashboard.js.download	0%	Avira URL Cloud	safe
https://yanadai.top/auto/fdg/app.min.js.download	0%	Avira URL Cloud	safe
http://almsaeedstudio.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
e10583.dspg.akamaiedge.net	104.102.41.166	true	false	high
yanadai.top	192.99.19.65	true	false	unknown
live.com	204.79.197.212	true	false	high
cdnjs.cloudflare.com	104.17.25.14	true	false	high
www.google.com	172.217.18.4	true	false	high
olc-g2.tm-4.office.com	52.98.179.178	true	false	high
a46.dscr.akamai.net	2.19.126.136	true	false	high
outlook.live.com	unknown	unknown	false	high
assets.onestore.ms	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.ttf?v=4.7.0	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/owa/	false		high
https://yanadai.top/auto/fdg/default.png	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/font-awesome.min.css	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/js/tether.js	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/2.png	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0	false		high
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.woff2?v=4.7.0	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css	false		high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css	false		high
file:///C:/Users/user/Desktop/20252201_pdf.html	true	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js	false		high
https://yanadai.top/auto/fdg/3.png	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/AdminLTE.min.css	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/images/spinner.svg	false	Avira URL Cloud: safe	unknown
https://yanadai.top/fdg/demo.js.download	false	Avira URL Cloud: safe	unknown
https://yanadai.top/we.php	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/bootstrap3-wysihtml5.all.min.js.download	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/_all-skins.min.css	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/loading.gif	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/js/bootstrap.js	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/jQuery-2.1.3.min.js.download	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/logo.png	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/4.png	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/bootstrap.min.js.download	false	Avira URL Cloud: safe	unknown
https://live.com/	false		high
https://yanadai.top/auto/fonts/fontawesome-webfont3e6e.woff?v=4.7.0	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/dashboard.js.download	false	Avira URL Cloud: safe	unknown
https://yanadai.top/auto/fdg/app.min.js.download	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_134.2.dr, chromecache_123.2.dr	false		high
https://www.skype.com/en/	chromecache_130.2.dr	false		high
https://products.office.com/en-us/home	chromecache_130.2.dr	false		high
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c	chromecache_130.2.dr	false		high
http://opensource.org/licenses/MIT	chromecache_115.2.dr, chromecache_113.2.dr, chromecache_120.2.dr	false		high
http://fontawesome.io/license	chromecache_134.2.dr, chromecache_123.2.dr	false		high
https://onedrive.live.com/about/en-us/	chromecache_130.2.dr	false		high
https://products.office.com/en-us/microsoft-teams/free?icid=SSM_AS_Promo_Apps_MicrosoftTeams	chromecache_130.2.dr	false		high
https://www.onenote.com/	chromecache_130.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_154.2.dr, chromecache_110.2.dr	false		high
https://getbootstrap.com)	chromecache_154.2.dr, chromecache_110.2.dr	false		high
http://getbootstrap.com)	chromecache_135.2.dr, chromecache_112.2.dr, chromecache_128.2.dr	false		high
http://www.almsaeedstudio.com	chromecache_115.2.dr, chromecache_113.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_135.2.dr, chromecache_154.2.dr, chromecache_112.2.dr, chromecache_128.2.dr, chromecache_110.2.dr	false		high
https://www.xbox.com/	chromecache_130.2.dr	false		high
http://schema.org/Organization	chromecache_130.2.dr	false		high
http://github.com/requirejs/almond/LICENSE	chromecache_142.2.dr, chromecache_122.2.dr	false		high
http://almsaeedstudio.com	chromecache_120.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.98.179.178	olc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.18.64.223	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
104.102.41.166	e10583.dspg.akamaiedge.net	United States	16625	AKAMAI-ASUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
2.19.126.136	a46.dscr.akamai.net	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.99.19.65	yanadai.top	Canada	16276	OVHFR	false
204.79.197.212	live.com	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1596605
Start date and time:	2025-01-22 08:08:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	20252201_pdf.html
Detection:	MAL
Classification:	mal56.phis.winHTML@26/85@22/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 216.58.206.46, 74.125.133.84, 172.217.16.142, 142.250.186.106, 172.217.18.14, 142.250.186.131, 142.250.186.35, 216.58.212.142, 216.58.206.42, 142.250.185.170, 172.217.16.202, 142.250.181.234, 172.217.23.106, 142.250.185.106, 172.217.18.10, 142.250.184.202, 142.250.185.234, 142.250.185.202, 142.250.186.170, 172.217.16.138, 142.250.184.234, 142.250.185.74, 142.250.185.138, 199.232.210.172, 2.17.190.73, 142.250.185.238, 142.250.184.206, 142.250.186.142, 142.250.185.206, 95.101.149.131, 88.221.110.233, 88.221.110.177, 2.16.164.11, 2.16.164.113, 2.18.64.214, 2.18.64.205, 142.250.185.163, 142.250.185.78, 142.250.181.238, 142.250.184.238, 142.250.185.142, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, www.microsoft.com-c-3.edgekey.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, update.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, a1778.g2.akamai.net, optimizationguide-pa.googleapis.com, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, statics-marketingsites-wcus-ms-com.akamaized.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, www.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown
URL: file:///C:/Users/user/Desktop/20252201_pdf.html... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script demonstrates some potentially aggressive DOM manipulation and a delayed modal behavior, which could be used for social engineering or other malicious purposes. However, without more context, it's difficult to determine the true intent of the script. Further review may be necessary to assess the overall risk." }
let x=document.querySelectorAll(".dat"); x.forEach(function(y){ y.addEventListener("click",function(){ $num=0; setInterval(()=>{ $(".load").text($num++); },300); setTimeout(() => { var verificationSpinner = $("#verifying"); $('#myModal2').modal('show'); $('#myModal').modal('hide'); }, 10000); }); });
URL: https://yanadai.top/auto/fdg/jQuery-2.1.3.min.js.d... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the minified version of the jQuery JavaScript library, which is a widely used and trusted library for web development. The behaviors observed in the code, such as DOM manipulation, event handling, and utility functions, are common and expected in a library like jQuery. There are no indicators of high-risk or malicious activities, and the code is likely to be legitimate and benign." }
/! jQuery v2.1.3 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license / !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)\|\|(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)+1>=0},isPlainObject:function(a){return"object"!==n.type(a)\|\|a.nodeType\|\|n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a\|\|"function"==typeof a?h[i.call(a)]\|\|"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b\|\|[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b\|\|this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid\|\|n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),f
URL: https://yanadai.top/auto/fdg/dashboard.js.download... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate dashboard script with common functionality such as sortable widgets, text editor, date range picker, and chart visualizations. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical dashboard or analytics applications and does not demonstrate any high-risk indicators. The script can be considered low risk with some minor implementation concerns." }
/* * Author: Abdullah A Almsaeed * Date: 4 Jan 2014 * Description: * This is a demo file used only for the main dashboard (index.html) */ "use strict"; $(function () { //Activate the iCheck Plugin $('input[type="checkbox"]').iCheck({ checkboxClass: 'icheckbox_flat-blue', radioClass: 'iradio_flat-blue' }); //Make the dashboard widgets sortable Using jquery UI $(".connectedSortable").sortable({ placeholder: "sort-highlight", connectWith: ".connectedSortable", handle: ".box-header, .nav-tabs", forcePlaceholderSize: true, zIndex: 999999 }); $(".connectedSortable .box-header, .connectedSortable .nav-tabs-custom").css("cursor", "move"); //jQuery UI sortable for the todo list $(".todo-list").sortable({ placeholder: "sort-highlight", handle: ".handle", forcePlaceholderSize: true, zIndex: 999999 }); //bootstrap WYSIHTML5 - text editor $(".textarea").wysihtml5(); $('.daterange').daterangepicker( { ranges: { 'Today': [moment(), moment()], 'Yesterday': [moment().subtract('days', 1), moment().subtract('days', 1)], 'Last 7 Days': [moment().subtract('days', 6), moment()], 'Last 30 Days': [moment().subtract('days', 29), moment()], 'This Month': [moment().startOf('month'), moment().endOf('month')], 'Last Month': [moment().subtract('month', 1).startOf('month'), moment().subtract('month', 1).endOf('month')] }, startDate: moment().subtract('days', 29), endDate: moment() }, function (start, end) { alert("You chose: " + start.format('MMMM D, YYYY') + ' - ' + end.format('MMMM D, YYYY')); }); / jQueryKnob / $(".knob").knob(); //jvectormap data var visitorsData = { "US": 398, //USA "SA": 400, //Saudi Arabia "CA": 1000, //Canada "DE": 500, //Germany "FR": 760, //France "CN": 300, //China "AU": 700, //Australia "BR": 600, //Brazil "IN": 800, //India "GB": 320, //Great Britain "RU": 3000 //Russia }; //World map by jvectormap $('#world-map').vectorMap({ map: 'world_mill_en', backgroundColor: "transparent", regionStyle: { initial: { fill: '#e4e4e4', "fill-opacity": 1, stroke: 'none', "stroke-width": 0, "stroke-opacity": 1 } }, series: { regions: [{ values: visitorsData, scale: ["#92c1dc", "#ebf4f9"], normalizeFunction: 'polynomial' }] }, onRegionLabelShow: function (e, el, code) { if (typeof visitorsData[code] != "undefined") el.html(el.html() + ': ' + visitorsData[code] + ' new visitors'); } }); //Sparkline charts var myvalues = [1000, 1200, 920, 927, 931, 1027, 819, 930, 1021]; $('#sparkline-1').sparkline(myvalues, { type: 'line', lineColor: '#92c1dc', fillColor: "#ebf4f9", height: '50', width: '80' }); myvalues = [515, 519, 520, 522, 652, 810, 370, 627, 319, 630, 921]; $('#sparkline-2').sparkline(myvalues, { type: 'line', lineColor: '#92c1dc', fillColor: "#ebf4f9", height: '50', width: '80' }); myvalues = [15, 19, 20, 22, 33, 27, 31, 27, 19, 30, 21]; $('#sparkline-3').sparkline(myvalues, { type: 'line', lineColor: '#92c1dc', fillColor: "#ebf4f9", height: '50', width: '80' }); //The Calender $("#calendar").datepicker(); //SLIMSCROLL FOR CHAT WIDGET $('#chat-box').slimScroll({ height: '250px' }); / Morris.js Charts */ // Sales chart var area = new Morris.Area({ element: 'revenue-chart', resize: true, data: [ {y: '2011 Q1', item1: 2666, item2: 2666}, {y: '2011 Q2', item1: 2778, item2: 2294}, {y: '2011 Q3', item1: 4912, item2: 1969}, {y: '2011 Q4', item1: 3767, item2: 3597}, {y: '2012 Q1', item1: 6810, item2: 1914}, {y: '2012 Q2', item1: 5670, item2: 4293}, {y: '
URL: https://yanadai.top/auto/js/bootstrap.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided code snippet appears to be the Bootstrap 4 JavaScript library, which is a widely used and trusted open-source front-end framework. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code. It primarily handles Bootstrap-specific functionality, such as alert dismissal, and does not exhibit any suspicious behavior. The code is well-structured and follows common JavaScript patterns, indicating a legitimate use case. Therefore, this script is considered low risk." }
/! Bootstrap v4.0.0-alpha.6 (https://getbootstrap.com) * Copyright 2011-2017 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) / if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery. jQuery must be included before Bootstrap's JavaScript.");+function(t){var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|e[0]>=4)throw new Error("Bootstrap's JavaScript requires at least jQuery v1.9.1 but less than v4.0.0")}(jQuery),+function(){function t(t,e){if(!t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!e\|\|"object"!=typeof e&&"function"!=typeof e?t:e}function e(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}function n(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}var i="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},o=function(){function t(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}return function(e,n,i){return n&&t(e.prototype,n),i&&t(e,i),e}}(),r=function(t){function e(t){return{}.toString.call(t).match(/\s([a-zA-Z]+)/)[1].toLowerCase()}function n(t){return(t[0]\|\|t).nodeType}function i(){return{bindType:a.end,delegateType:a.end,handle:function(e){if(t(e.target).is(this))return e.handleObj.handler.apply(this,arguments)}}}function o(){if(window.QUnit)return!1;var t=document.createElement("bootstrap");for(var e in h)if(void 0!==t.style[e])return{end:h[e]};return!1}function r(e){var n=this,i=!1;return t(this).one(c.TRANSITION_END,function(){i=!0}),setTimeout(function(){i\|\|c.triggerTransitionEnd(n)},e),this}function s(){a=o(),t.fn.emulateTransitionEnd=r,c.supportsTransitionEnd()&&(t.event.special[c.TRANSITION_END]=i())}var a=!1,l=1e6,h={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},c={TRANSITION_END:"bsTransitionEnd",getUID:function(t){do t+=~~(Math.random()l);while(document.getElementById(t));return t},getSelectorFromElement:function(t){var e=t.getAttribute("data-target");return e\|\|(e=t.getAttribute("href")\|\|"",e=/^#[a-z]/i.test(e)?e:null),e},reflow:function(t){return t.offsetHeight},triggerTransitionEnd:function(e){t(e).trigger(a.end)},supportsTransitionEnd:function(){return Boolean(a)},typeCheckConfig:function(t,i,o){for(var r in o)if(o.hasOwnProperty(r)){var s=o[r],a=i[r],l=a&&n(a)?"element":e(a);if(!new RegExp(s).test(l))throw new Error(t.toUpperCase()+": "+('Option "'+r+'" provided type "'+l+'" ')+('but expected type "'+s+'".'))}}};return s(),c}(jQuery),s=(function(t){var e="alert",i="4.0.0-alpha.6",s="bs.alert",a="."+s,l=".data-api",h=t.fn[e],c=150,u={DISMISS:'[data-dismiss="alert"]'},d={CLOSE:"close"+a,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+l},f={ALERT:"alert",FADE:"fade",SHOW:"show"},_=function(){function e(t){n(this,e),this._element=t}return e.prototype.close=function(t){t=t\|\|this._element;var e=this._getRootElement(t),n=this._triggerCloseEvent(e);n.isDefaultPrevented()\|\|this._removeElement(e)},e.prototype.dispose=function(){t.removeData(this._element,s),this._element=null},e.prototype._getRootElement=function(e){var n=r.getSelectorFromElement(e),i=!1;return n&&(i=t(n)[0]),i\|\|(i=t(e).closest("."+f.ALERT)[0]),i},e.prototype._triggerCloseEvent=function(e){var n=t.Event(d.CLOSE);return t(e).trigger(n),n},e.prototype._removeElement=function(e){var n=this;return t(e).r
URL: https://yanadai.top/auto/fdg/bootstrap.min.js.down... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be the Bootstrap library, which is a widely-used and trusted front-end framework. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code. The script is primarily focused on providing functionality for common UI components like alerts and buttons, which are typical of a legitimate library. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and used for legitimate purposes." }
/! Bootstrap v3.3.2 (http://getbootstrap.com) * Copyright 2011-2015 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) / if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9\|\|1==b[0]&&9==b[1]&&b[2]<1)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c\|\|a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){return a(b.target).is(this)?b.handleObj.handler.apply(this,arguments):void 0}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e\|\|c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.2",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f\|\|(f=e.attr("href"),f=f&&f.replace(/.(?=#[^\s]*$)/,""));var g=a(f);b&&b.preventDefault(),g.length\|\|(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()\|\|(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e\|\|d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.2",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")&&(c.prop("checked")&&this.$element.hasClass("active")?a=!1:b.find(".active").removeClass("active")),a&&c.prop("checked",!this.$element.hasClass("active")).trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active"));a&&this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target);d.hasClass("btn")\|\|(d=d.closest(".btn")),b.call(d,"toggle"),c.preventDefault()}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e\|
URL: https://yanadai.top/auto/fdg/app.min.js.download... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be the main application file for the AdminLTE framework, which is a popular open-source admin dashboard template. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code. It primarily focuses on implementing layout options and AdminLTE-specific plugins, which are common for a framework of this nature. The code uses standard jQuery and DOM manipulation techniques, and the interactions are with known, reputable domains. Overall, this script is likely benign and does not pose a significant security risk." }
/! AdminLTE app.js ================ * Main JS application file for AdminLTE v2. This file * should be included in all pages. It controls some layout * options and implements exclusive AdminLTE plugins. * * @Author Almsaeed Studio * @Support <http://www.almsaeedstudio.com> * @Email <support@almsaeedstudio.com> * @version 2.0.3 * @license MIT <http://opensource.org/licenses/MIT> */ "use strict";if("undefined"==typeof jQuery)throw new Error("AdminLTE requires jQuery");$.AdminLTE={},$.AdminLTE.options={navbarMenuSlimscroll:!0,navbarMenuSlimscrollWidth:"3px",navbarMenuHeight:"200px",sidebarToggleSelector:"[data-toggle='offcanvas']",sidebarPushMenu:!0,sidebarSlimScroll:!0,enableBoxRefresh:!0,enableBSToppltip:!0,BSTooltipSelector:"[data-toggle='tooltip']",enableFastclick:!0,enableBoxWidget:!0,boxWidgetOptions:{boxWidgetIcons:{collapse:"fa fa-minus",open:"fa fa-plus",remove:"fa fa-times"},boxWidgetSelectors:{remove:'[data-widget="remove"]',collapse:'[data-widget="collapse"]'}},directChat:{enable:!0,contactToggleSelector:'[data-widget="chat-pane-toggle"]'},colors:{lightBlue:"#3c8dbc",red:"#f56954",green:"#00a65a",aqua:"#00c0ef",yellow:"#f39c12",blue:"#0073b7",navy:"#001F3F",teal:"#39CCCC",olive:"#3D9970",lime:"#01FF70",orange:"#FF851B",fuchsia:"#F012BE",purple:"#8E24AA",maroon:"#D81B60",black:"#222222",gray:"#d2d6de"},screenSizes:{xs:480,sm:768,md:992,lg:1200}},$(function(){var a=$.AdminLTE.options;$.AdminLTE.layout.activate(),$.AdminLTE.tree(".sidebar"),a.navbarMenuSlimscroll&&"undefined"!=typeof $.fn.slimscroll&&$(".navbar .menu").slimscroll({height:"200px",alwaysVisible:!1,size:"3px"}).css("width","100%"),a.sidebarPushMenu&&$.AdminLTE.pushMenu(a.sidebarToggleSelector),a.enableBSToppltip&&$(a.BSTooltipSelector).tooltip(),a.enableBoxWidget&&$.AdminLTE.boxWidget.activate(),a.enableFastclick&&"undefined"!=typeof FastClick&&FastClick.attach(document.body),a.directChat.enable&&$(a.directChat.contactToggleSelector).click(function(){var a=$(this).parents(".direct-chat").first();a.toggleClass("direct-chat-contacts-open")}),$('.btn-group[data-toggle="btn-toggle"]').each(function(){var a=$(this);$(this).find(".btn").click(function(b){a.find(".btn.active").removeClass("active"),$(this).addClass("active"),b.preventDefault()})})}),$.AdminLTE.layout={activate:function(){var a=this;a.fix(),a.fixSidebar(),$(window,".wrapper").resize(function(){a.fix(),a.fixSidebar()})},fix:function(){var a=$(".main-header").outerHeight()+$(".main-footer").outerHeight(),b=$(window).height(),c=$(".sidebar").height();$("body").hasClass("fixed")?$(".content-wrapper, .right-side").css("min-height",b-$(".main-footer").outerHeight()):b>=c?$(".content-wrapper, .right-side").css("min-height",b-a):$(".content-wrapper, .right-side").css("min-height",c)},fixSidebar:function(){return $("body").hasClass("fixed")?("undefined"==typeof $.fn.slimScroll&&console&&console.error("Error: the fixed layout requires the slimscroll plugin!"),void($.AdminLTE.options.sidebarSlimScroll&&"undefined"!=typeof $.fn.slimScroll&&($(".sidebar").slimScroll({destroy:!0}).height("auto"),$(".sidebar").slimscroll({height:$(window).height()-$(".main-header").height()+"px",color:"rgba(0,0,0,0.2)",size:"3px"})))):void("undefined"!=typeof $.fn.slimScroll&&$(".sidebar").slimScroll({destroy:!0}).height("auto"))}},$.AdminLTE.pushMenu=function(a){var b=this.options.screenSizes;$(a).click(function(a){a.preventDefault(),$(window).width()>b.sm-1?$("body").toggleClass("sidebar-collapse"):$("body").hasClass("sidebar-open")?($("body").removeClass("sidebar-open"),$("body").removeClass("sidebar-collapse")):$("body").addClass("sidebar-open")}),$(".content-wrapper").click(function(){$(window).width()<=b.sm-1&&$("body").hasClass("sidebar-open")&&$("body").removeClass("sidebar-open")})},$.AdminLTE.tree=function(a){var b=this;$("li a",$(a)).click(function(a){var c=$(this),d=c.next();if(d.is(".treeview-menu")&&d.is(":visible"))d.slideUp("normal",function(){d.removeClass("menu-open")}),d.parent("li").removeClass("ac
URL: https://yanadai.top/auto/fdg/bootstrap3-wysihtml5.... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a library for a WYSIWYG (What You See Is What You Get) editor, specifically the 'bootstrap3-wysihtml5-bower' library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or heavily obfuscated code. It primarily focuses on defining utility functions and initializing the library. The code uses some legacy APIs like `XDomainRequest`, which pose minor risks but are not inherently malicious. Overall, the script seems to be a legitimate library with no clear signs of malicious intent, so it is assigned a low-risk score of 3." }
/! bootstrap3-wysihtml5-bower 2013-11-22 / var wysihtml5={version:"0.3.0",commands:{},dom:{},quirks:{},toolbar:{},lang:{},selection:{},views:{},INVISIBLE_SPACE:"",EMPTY_FUNCTION:function(){},ELEMENT_NODE:1,TEXT_NODE:3,BACKSPACE_KEY:8,ENTER_KEY:13,ESCAPE_KEY:27,SPACE_KEY:32,DELETE_KEY:46};window.rangy=function(){function a(a,b){var c=typeof a[b];return c==j\|\|!(c!=i\|\|!a[b])\|\|"unknown"==c}function b(a,b){return!(typeof a[b]!=i\|\|!a[b])}function c(a,b){return typeof a[b]!=k}function d(a){return function(b,c){for(var d=c.length;d--;)if(!a(b,c[d]))return!1;return!0}}function e(a){return a&&p(a,o)&&r(a,n)}function f(a){window.alert("Rangy not supported in your browser. Reason: "+a),s.initialized=!0,s.supported=!1}function g(){if(!s.initialized){var c,d=!1,g=!1;for(a(document,"createRange")&&(c=document.createRange(),p(c,m)&&r(c,l)&&(d=!0),c.detach()),(c=b(document,"body")?document.body:document.getElementsByTagName("body")[0])&&a(c,"createTextRange")&&(c=c.createTextRange(),e(c)&&(g=!0)),!d&&!g&&f("Neither Range nor TextRange are implemented"),s.initialized=!0,s.features={implementsDomRange:d,implementsTextRange:g},d=u.concat(t),g=0,c=d.length;c>g;++g)try{d[g](s)}catch(h){b(window,"console")&&a(window.console,"log")&&window.console.log("Init listener threw an exception. Continuing.",h)}}}function h(a){this.name=a,this.supported=this.initialized=!1}var i="object",j="function",k="undefined",l="startContainer startOffset endContainer endOffset collapsed commonAncestorContainer START_TO_START START_TO_END END_TO_START END_TO_END".split(" "),m="setStart setStartBefore setStartAfter setEnd setEndBefore setEndAfter collapse selectNode selectNodeContents compareBoundaryPoints deleteContents extractContents cloneContents insertNode surroundContents cloneRange toString detach".split(" "),n="boundingHeight boundingLeft boundingTop boundingWidth htmlText text".split(" "),o="collapse compareEndPoints duplicate getBookmark moveToBookmark moveToElementText parentElement pasteHTML select setEndPoint getBoundingClientRect".split(" "),p=d(a),q=d(b),r=d(c),s={version:"1.2.2",initialized:!1,supported:!0,util:{isHostMethod:a,isHostObject:b,isHostProperty:c,areHostMethods:p,areHostObjects:q,areHostProperties:r,isTextRange:e},features:{},modules:{},config:{alertOnWarn:!1,preferTextRange:!1}};s.fail=f,s.warn=function(a){a="Rangy warning: "+a,s.config.alertOnWarn?window.alert(a):typeof window.console!=k&&typeof window.console.log!=k&&window.console.log(a)},{}.hasOwnProperty?s.util.extend=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])}:f("hasOwnProperty not supported");var t=[],u=[];s.init=g,s.addInitListener=function(a){s.initialized?a(s):t.push(a)};var v=[];s.addCreateMissingNativeApiListener=function(a){v.push(a)},s.createMissingNativeApi=function(a){a=a\|\|window,g();for(var b=0,c=v.length;c>b;++b)v[b](a)},h.prototype.fail=function(a){throw this.initialized=!0,this.supported=!1,Error("Module '"+this.name+"' failed to load: "+a)},h.prototype.warn=function(a){s.warn("Module "+this.name+": "+a)},h.prototype.createError=function(a){return Error("Error in Rangy "+this.name+" module: "+a)},s.createModule=function(a,b){var c=new h(a);s.modules[a]=c,u.push(function(a){b(a,c),c.initialized=!0,c.supported=!0})},s.requireModules=function(a){for(var b,c,d=0,e=a.length;e>d;++d){if(c=a[d],b=s.modules[c],!(b&&b instanceof h))throw Error("Module '"+c+"' not found");if(!b.supported)throw Error("Module '"+c+"' not supported")}};var w=!1,q=function(){w\|\|(w=!0,s.initialized\|\|g())};if(typeof window==k)f("No window found");else{if(typeof document!=k)return a(document,"addEventListener")&&document.addEventListener("DOMContentLoaded",q,!1),a(window,"addEventListener")?window.addEventListener("load",q,!1):a(window,"attachEvent")?window.attachEvent("onload",q):f("Window does not have required addEventListener or attachEvent method"),s;f("No document found")}}(),rangy.createModule("DomUtil",function(a,b){function c(a){for(var b=0;a=a.previousSibling;)b++;return b}funct
URL: :// Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The provided input is not a valid URL. It lacks a scheme (e.g., 'http', 'https') and a domain name, making it impossible to analyze for typosquatting or any brand association. Without a complete URL structure, no character substitutions, visual similarities, or structural elements can be assessed."}
URL: ://
URL: https://yanadai.top/auto/js/tether.js... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script appears to be a library or utility function for DOM manipulation and positioning, with no high-risk behaviors such as dynamic code execution or data exfiltration. It does not interact with external domains or use obfuscated code, indicating low risk." }
!function(t,e){"function"==typeof define&&define.amd?define(e):"object"==typeof exports?module.exports=e(require,exports,module):t.Tether=e()}(this,function(t,e,o){"use strict";function i(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t){var e=t.getBoundingClientRect(),o={};for(var i in e)o[i]=e[i];if(t.ownerDocument!==document){var r=t.ownerDocument.defaultView.frameElement;if(r){var s=n(r);o.top+=s.top,o.bottom+=s.top,o.left+=s.left,o.right+=s.left}}return o}function r(t){var e=getComputedStyle(t)\|\|{},o=e.position,i=[];if("fixed"===o)return[t];for(var n=t;(n=n.parentNode)&&n&&1===n.nodeType;){var r=void 0;try{r=getComputedStyle(n)}catch(s){}if("undefined"==typeof r\|\|null===r)return i.push(n),i;var a=r,f=a.overflow,l=a.overflowX,h=a.overflowY;/(auto\|scroll)/.test(f+h+l)&&("absolute"!==o\|\|["relative","absolute","fixed"].indexOf(r.position)>=0)&&i.push(n)}return i.push(t.ownerDocument.body),t.ownerDocument!==document&&i.push(t.ownerDocument.defaultView),i}function s(){A&&document.body.removeChild(A),A=null}function a(t){var e=void 0;t===document?(e=document,t=document.documentElement):e=t.ownerDocument;var o=e.documentElement,i=n(t),r=P();return i.top-=r.top,i.left-=r.left,"undefined"==typeof i.width&&(i.width=document.body.scrollWidth-i.left-i.right),"undefined"==typeof i.height&&(i.height=document.body.scrollHeight-i.top-i.bottom),i.top=i.top-o.clientTop,i.left=i.left-o.clientLeft,i.right=e.body.clientWidth-i.width-i.left,i.bottom=e.body.clientHeight-i.height-i.top,i}function f(t){return t.offsetParent\|\|document.documentElement}function l(){if(M)return M;var t=document.createElement("div");t.style.width="100%",t.style.height="200px";var e=document.createElement("div");h(e.style,{position:"absolute",top:0,left:0,pointerEvents:"none",visibility:"hidden",width:"200px",height:"150px",overflow:"hidden"}),e.appendChild(t),document.body.appendChild(e);var o=t.offsetWidth;e.style.overflow="scroll";var i=t.offsetWidth;o===i&&(i=e.clientWidth),document.body.removeChild(e);var n=o-i;return M={width:n,height:n}}function h(){var t=arguments.length<=0\|\|void 0===arguments[0]?{}:arguments[0],e=[];return Array.prototype.push.apply(e,arguments),e.slice(1).forEach(function(e){if(e)for(var o in e)({}).hasOwnProperty.call(e,o)&&(t[o]=e[o])}),t}function d(t,e){if("undefined"!=typeof t.classList)e.split(" ").forEach(function(e){e.trim()&&t.classList.remove(e)});else{var o=new RegExp("(^\| )"+e.split(" ").join("\|")+"( \|$)","gi"),i=c(t).replace(o," ");g(t,i)}}function p(t,e){if("undefined"!=typeof t.classList)e.split(" ").forEach(function(e){e.trim()&&t.classList.add(e)});else{d(t,e);var o=c(t)+(" "+e);g(t,o)}}function u(t,e){if("undefined"!=typeof t.classList)return t.classList.contains(e);var o=c(t);return new RegExp("(^\| )"+e+"( \|$)","gi").test(o)}function c(t){return t.className instanceof t.ownerDocument.defaultView.SVGAnimatedString?t.className.baseVal:t.className}function g(t,e){t.setAttribute("class",e)}function m(t,e,o){o.forEach(function(o){e.indexOf(o)===-1&&u(t,o)&&d(t,o)}),e.forEach(function(e){u(t,e)\|\|p(t,e)})}function i(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function v(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function, not "+typeof e);t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}}),e&&(Object.setPrototypeOf?Object.setPrototypeOf(t,e):t.__proto__=e)}function y(t,e){var o=arguments.length<=2\|\|void 0===arguments[2]?1:arguments[2];return t+o>=e&&e>=t-o}function b(){return"undefined"!=typeof performance&&"undefined"!=typeof performance.now?performance.now():+new Date}function w(){for(var t={top:0,left:0},e=arguments.length,o=Array(e),i=0;i<e;i++)o[i]=arguments[i];return o.forEach(function(e){var o=e.top,i=e.left;"string"==typeof o&&(o=parseFloat(o,10)),"string"==typeof i&&(i=parseFloat(i,10)),t.top+=o,t.left+=i}),t}function C(t,e){return
URL: https://yanadai.top/auto/ajax.googleapis.com/ajax/... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. There are no high-risk indicators such as dynamic code execution or data exfiltration. The script does not exhibit any suspicious behavior or interact with untrusted domains. It primarily consists of utility functions and object manipulations typical of a library. Therefore, it is considered low risk." }
/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;function d(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}k.fn=k.prototype={jquery:f,constructor:k,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=k.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return k.each(this,e)},map:function(n){return this.pushStack(k.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:u,sort:t.sort,splice:t.splice},k.extend=k.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|m(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|k.isPlainObject(n)?n:{},i=!1,a[t]=k.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},k.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t){b(e,{nonce:t&&t.nonce})},each:function(e,t){var n,r=0;if(d(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(p,"")},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(d(Object(e))?k.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(d(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g.apply([],a)},guid:1,support:y}),"function"==typeof Symbol&&(k.fn[Symbol.iterator]=t[Symbol.iterator]),k.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var h=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,k="sizzle"+1*new Date,m=n.document,S=0,r=0,p=ue(),x=ue(),N=ue(),A=ue(),D=function(e,t){return e===t&&(l=!0),0},j={}.hasOwnProperty,t=[],q=t.pop,L=t.push,H=t.push,O=t.sl
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "please sign in first to continue download.", "prominent_button_name": "Download", "text_input_field_labels": [ "Email", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "please sign in first to continue download.", "prominent_button_name": "Download", "text_input_field_labels": [ "Email", "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "file hosting" }

URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }
URL: file:///C:/Users/user/Desktop/20252201_pdf.html Model: Joe Sandbox AI	{ "brands": [ "OneDrive" ] }
	{ "brands": [ "OneDrive" ] }

Source: Joe Sandbox View	IP Address: 52.98.179.178 52.98.179.178
Source: Joe Sandbox View	IP Address: 2.18.64.223 2.18.64.223
Source: Joe Sandbox View	IP Address: 104.102.41.166 104.102.41.166
Source: Joe Sandbox View	IP Address: 2.19.126.136 2.19.126.136
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: 20252201_pdf.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: Number of links: 0

Source: 20252201_pdf.html	HTTP Parser: Title: -Online Private Drive - OneDrive_ does not match URL
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: Title: -Online Private Drive - OneDrive_ does not match URL

Source: 20252201_pdf.html	HTTP Parser: Form action: https://yanadai.top/we.php
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: Form action: https://yanadai.top/we.php
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: Form action: https://yanadai.top/we.php
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: Form action: https://yanadai.top/we.php

Source: 20252201_pdf.html	HTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: <input type="password" .../> found

Source: 20252201_pdf.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="author".. found

Source: 20252201_pdf.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/20252201_pdf.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: yanadai.top
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: live.com
Source: global traffic	DNS traffic detected: DNS query: outlook.live.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 20252201_pdf.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Windows Analysis Report
20252201_pdf.html