Edit tour

Windows Analysis Report
https://firstchoice.instascreen.net/workspace/results.taz?file=312810

Overview

General Information

Sample URL:	https://firstchoice.instascreen.net/workspace/results.taz?file=312810
Analysis ID:	1417290

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://firstchoice.instascreen.net/workspace/results.taz?file=312810 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,6853191311478601337,2526098997240265150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn&co=aHR0cHM6Ly9maXJzdGNob2ljZS5pbnN0YXNjcmVlbi5uZXQ6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=cdpx7ds9bkxg
Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn&co=aHR0cHM6Ly9maXJzdGNob2ljZS5pbnN0YXNjcmVlbi5uZXQ6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=cdpx7ds9bkxg

Source: https://firstchoice.instascreen.net/sso/login.taz

HTTP Parser: Base64 decoded: https://firstchoice.instascreen.net:443

Source: https://firstchoice.instascreen.net/sso/login.taz

HTTP Parser: <input type="password" .../> found

Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No favicon
Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn&co=aHR0cHM6Ly9maXJzdGNob2ljZS5pbnN0YXNjcmVlbi5uZXQ6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=cdpx7ds9bkxg	HTTP Parser: No favicon

Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No <meta name="author".. found
Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No <meta name="author".. found

Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No <meta name="copyright".. found
Source: https://firstchoice.instascreen.net/sso/login.taz	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49739 version: TLS 1.2

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90

Source: unknown

DNS traffic detected: queries for: firstchoice.instascreen.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49739 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/26@16/190

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://firstchoice.instascreen.net/workspace/results.taz?file=312810
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,6853191311478601337,2526098997240265150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1972,i,6853191311478601337,2526098997240265150,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://firstchoice.instascreen.net/workspace/results.taz?file=312810	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-us-west-2-w.amazonaws.com	52.92.129.177	true	false	high
b-group.instascreen.net	54.149.19.115	true	false	high
idp.singlesignon.services	35.83.119.135	true	false	unknown
www.google.com	142.251.16.105	true	false	high
firstchoice.instascreen.net	unknown	unknown	false	high
taz-skin.s3.amazonaws.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn&co=aHR0cHM6Ly9maXJzdGNob2ljZS5pbnN0YXNjcmVlbi5uZXQ6NDQz&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=cdpx7ds9bkxg	false		high
about:blank	false	Avira URL Cloud: safe	low
https://firstchoice.instascreen.net/sso/login.taz	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.92.129.177	s3-us-west-2-w.amazonaws.com	United States	16509	AMAZON-02US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.251.179.84	unknown	United States	15169	GOOGLEUS	false
172.253.63.138	unknown	United States	15169	GOOGLEUS	false
172.253.63.94	unknown	United States	15169	GOOGLEUS	false
142.251.111.94	unknown	United States	15169	GOOGLEUS	false
54.149.19.115	b-group.instascreen.net	United States	16509	AMAZON-02US	false
142.251.16.105	www.google.com	United States	15169	GOOGLEUS	false
172.253.122.95	unknown	United States	15169	GOOGLEUS	false
172.253.63.103	unknown	United States	15169	GOOGLEUS	false
142.251.167.94	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.16.94	unknown	United States	15169	GOOGLEUS	false
35.83.119.135	idp.singlesignon.services	United States	237	MERIT-AS-14US	false
142.251.167.99	unknown	United States	15169	GOOGLEUS	false
142.251.163.94	unknown	United States	15169	GOOGLEUS	false
142.251.179.138	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417290
Start date and time:	2024-03-28 21:40:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://firstchoice.instascreen.net/workspace/results.taz?file=312810
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@15/26@16/190

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.111.94, 172.253.63.138, 172.253.63.102, 172.253.63.139, 172.253.63.113, 172.253.63.101, 172.253.63.100, 142.251.179.84, 34.104.35.123, 142.251.16.94, 172.253.122.95, 172.253.63.95, 142.250.31.95, 172.253.62.95, 142.251.167.95, 142.251.163.95, 172.253.115.95, 142.251.16.95, 142.251.167.94, 142.251.163.94, 172.253.63.94
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://firstchoice.instascreen.net/workspace/results.taz?file=312810

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 19:41:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9816191166306103
Encrypted:	false
SSDEEP:
MD5:	D37E6B90C41BEB36300FF56E6DAC54AB
SHA1:	44A061F175A460AE9FFA1741D1D71861ABE5FAB8
SHA-256:	466AD5FFC2C87DDEC9BF038FB0CD3696546DE0608D0F8296A41AADD2F24991F4
SHA-512:	455495DDAC9A75106D58923AD9694D51A301E4D3FC88C5F43BFF10ED5E1FE49AE393F4743AD3D2A31B6FF4737CFCC1A92D1C602A26DFC573839C72A74B920F6D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....1.ZMP...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 19:41:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9946477809833665
Encrypted:	false
SSDEEP:
MD5:	5369427E7DF85BC6467F5072A78C6E9D
SHA1:	A1225091C3BE57A826171CDCBAAC9271C200BA1C
SHA-256:	11A9F6A148DEC5C9E28F9917D3A7179300B62CCF7960A7D3A6E412FB4611A04E
SHA-512:	8D197E3CE686CE590888254DAD94A7B32740F2528732B48E6B76A50D845F0FEA4F7D364BFD98B7D9F9737C302C93DA8A9EEC5A70D90B9432CC952C6DC052AA39
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......PMP...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006782914639372
Encrypted:	false
SSDEEP:
MD5:	8A2896FCC664C4F1B7AC017CB57E831E
SHA1:	45C5812A387F946016C2B2B5C8434B5947212E72
SHA-256:	CCE23737952D9B1C61A3D3D076D9CDC3FDAAC6513F96706425F821A5AF10D643
SHA-512:	1C802FFBE828E511CBBE4EDEDFB38D03CD8C9AD701075887FB47D16602958204BA8FFA0818B8F0721EAEA5CC129EEF8EABD3B3867258E91FD4D203914B00E7F3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 19:41:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.995561857624485
Encrypted:	false
SSDEEP:
MD5:	F85F24F59E43F9DF59B919571B18EE94
SHA1:	D1874D7F486BC9018216736B1DE9B7FAA0A18A0B
SHA-256:	86F42A3767D2D08EE80A03F858C16C016EF557E4D2064BDD6EBD96FFBC2387C2
SHA-512:	A16B8075231A4A476C96B9FBF20F71C779519E30F873B7311ECAA5E4E455EE2FF8BD1497811B0D6B40C6333211CD632B23461C672689FBEFBBBE80A58B752C74
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......JMP...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 19:41:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.982746036685772
Encrypted:	false
SSDEEP:
MD5:	52EE09759EF88A61A6979BC809BBA3B3
SHA1:	D7B118AA8773E9D7D33987E417D3F906902397F2
SHA-256:	5C9BA63B96D23FEA81A6FE5E2C439D64CE882199DEDD841E96EDBB5DDA0B4229
SHA-512:	10C114D0278C3148F0BBCBB9E066683499F820C7C6AE990A321C75A0C2DE826AED797BF3F4B443C7185C66386B0421B7F21F24B69E5616B0F978D54047ABB723
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....3UMP...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 19:41:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9948286831961903
Encrypted:	false
SSDEEP:
MD5:	9F5F85D6A89482138800D49867173EC2
SHA1:	2D10D9395BC03F137D462E206667104D2C7F1A3F
SHA-256:	0955884F54C9914641D49797AE3BFEA0E93157059C86DAF9CE5DE6980CECC1BA
SHA-512:	F38628C3AE6D3EF2F98A6C67BA254A7595EE99A7579D9F4C1543EFD399410FDFF9DFD89FD7F802099A1D34911365E79952396BEC3517498CBACEB616C695AEDD
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......CMP...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X%.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X,.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X,.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X,............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............orp.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	287630
Entropy (8bit):	5.0658003996173315
Encrypted:	false
SSDEEP:
MD5:	23C7C5D2D1317508E807A6C7F777D6ED
SHA1:	AD16C4A132AD2A03B4951185FED46D55397B5E88
SHA-256:	416A3B2C3BF16D64F6B5B6D0F7B079DF2267614DD6847FC2F3271B4409233C37
SHA-512:	58D2F17CFFFC71560BF6C8FC267A7A7ADD0192E6CB3F7D638531BDBE12FF179B84666839C04CCAA17A75909B25CCF416C0F4F57B23224B194A0A0CC72CE4CE4D
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_scripts/jquery/jquery-3.5.1.js?v=3.2.1
Preview:	/!. jQuery JavaScript Library v3.5.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2020-05-04T22:49Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factor

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65271)
Category:	downloaded
Size (bytes):	120680
Entropy (8bit):	5.1040760865559
Encrypted:	false
SSDEEP:
MD5:	E34CCDFB413CF8381003F3AFD62DDF9E
SHA1:	C6575E459D0982ACFCC876C715456CD0166E31A4
SHA-256:	D505BAF5E636170A70C2A42474600C2225DC1A13CE1846BAC7F778E17EC09DE2
SHA-512:	481CA309147501A825A8D681DAC9CA56BA98999567D425716A07D07416E1A5AFC4278865B45D835B46129DB91FA09F33C1307E09A55D16233402A9C61966B78B
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_libs/bootstrap_3.4.1/css/bootstrap.min.css?v=3.2.1
Preview:	/!. Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/). //!. * Bootstrap v3.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;li

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17572)
Category:	downloaded
Size (bytes):	18165
Entropy (8bit):	5.653435632518094
Encrypted:	false
SSDEEP:
MD5:	0C4D3AB97EFA1A507DD8F13E313ABF93
SHA1:	69A2C481F8C5DB9FE2B3AD071EDC08018AD91E73
SHA-256:	38CCDB27CEE0901E4C014932EA698307899F9641336B8AD01D424D083E214BFE
SHA-512:	45145813E2BDD627B86C537A9CDBBFE29AC712D6AC3D56C17F2CE05F3C5AD8A1B48342812D713625505E7DA62F88238BEE6DFDBA76FD0F8ACE923CF400A0358C
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var m=this\|\|self,q=function(B){return B},N=function(B,u){if(B=(u=m.trustedTypes,null),!u\|\|!u.createPolicy)return B;try{B=u.createPolicy("bg",{createHTML:q,createScript:q,createScriptURL:q})}catch(D){m.console&&m.console.error(D.message)}return B};(0,eval)(function(B,u){return(u=N())&&1===B.eval(u.createScript("1"))?function(D){return u.createScript(D)}:function(D){return""+D}}(m)(Array(7824Math.random()\|0).join("\n")+['(function(){/',.'',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var e=function(B,u){for(u=[];B--;)u.push(255*Math.random()\|0);return u},Bu=function(B,u,q,D){for(q=(D=O(u),0);0<B;B--)q=q<<8\|A(u);L(D,u,q)},us=function(B,u){104<B.h.length?U([y,36],B,0):(B.h.push(B.A.slice()),B.A[227]=void 0,L(227,B,u))},DM=function(B,u,q,D,T){for(T=(B=(D=B[3]\|0,B[2]\|0),0);14>T;T++)q=q>>>8\|q<<24,q+=u\|0,D=D>>>8\|D<<24,u=u<<3\|u>>>29,D+=B\|0,D^=T+1635,q^=B+1635,u^=q,B=B<<3\|B>>>29,B^=D;return

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (596)
Category:	downloaded
Size (bytes):	511331
Entropy (8bit):	5.71888713211764
Encrypted:	false
SSDEEP:
MD5:	48C590D47C8B1868CECAB334E9A34CBE
SHA1:	5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3
SHA-256:	F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
SHA-512:	24B9E42BCEBEFCB81D2DC8760256A63E84846C2A49CEE2A6B3904EB5DBA4551DBEA599E0892C7FA6674E32D6E047CA31B396ADD5467F6D3FADFE8F9B3A72A6F2
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT./.var nA=function(){return[function(M,a,q,C,W,O){return 4>(M>>((W=[2,1,9],M&101)==M&&(qT\|\|D[40](22,"Edge"),CA\|\|(qT(),CA=a),Pj.add(q,C)),W)[0]&8)&&5<=(M>>W[1]&7)&&(D[8](W[0],function(Y){S[24](28,0,"end",Y,a)},wT),t[6](W[2],!1,wT)\|\|Z[33](5)),O},function(M,a,q,C,W,O,Y,P){return 2==(M+1&(M-6<<1<(((P=[22,57,33],10)>(M<<2&12)&&10<=(M>>1&11)&&(C=new be,Y=I[24](37,C,a,q)),M&42)==M&&(Y=Hj('<textarea id="'+J[41](3,a)+'" name="'+J[41](P[2],q)+'" class="g-recaptcha-response"></textarea>')),M)&&(M-2^P[0])>=M&&(D[25](61,.a,DG)\|\|D[25](P[1],a,Sf)?C=c[P[2]](36,a):(a instanceof Ur?q=c[P[2]](32,Z[3](31,a)):(a instanceof IN?W=c[P[2]](12,t[44](70,a).toString

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	25377
Entropy (8bit):	5.1389624009631145
Encrypted:	false
SSDEEP:
MD5:	41622F89429E765A89F410E4CE89377B
SHA1:	DF1129FDB660D25CEB0B27E93CC2F286D1F0E9D4
SHA-256:	4A2311C7D767B778B6D7D20C8491F7662DF6FC221F3C9F252DDBF30226ED80BE
SHA-512:	1775695E08CA8B4287C0A5028A5A50583E199D1DA9758F0F39D105AC7697585451BE066B8C70A2D24085B8FDB6963BDC2A4BA88D8A29CB1D620C256FE32B41D4
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_scripts/jquery/jquery-migrate-3.3.2.js?v=3.2.1
Preview:	/!. jQuery Migrate - v3.3.2 - 2020-11-17T23:22Z. * Copyright OpenJS Foundation and other contributors. */.( function( factory ) {.."use strict";...if ( typeof define === "function" && define.amd ) {....// AMD. Register as an anonymous module....define( [ "jquery" ], function( jQuery ) {....return factory( jQuery, window );...} );..} else if ( typeof module === "object" && module.exports ) {....// Node/CommonJS...// eslint-disable-next-line no-undef...module.exports = factory( require( "jquery" ), window );..} else {....// Browser globals...factory( jQuery, window );..}.} )( function( jQuery, window ) {."use strict";..jQuery.migrateVersion = "3.3.2";..// Returns 0 if v1 == v2, -1 if v1 < v2, 1 if v1 > v2.function compareVersions( v1, v2 ) {..var i,...rVersionParts = /^(\d+)\.(\d+)\.(\d+)/,...v1p = rVersionParts.exec( v1 ) \|\| [ ],...v2p = rVersionParts.exec( v2 ) \|\| [ ];...for ( i = 1; i <= 3; i++ ) {...if ( +v1p[ i ] > +v2p[ i ] ) {....return 1;...}...if ( +v1p[ i ] < +v2p[ i ] ) {..

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	5857
Entropy (8bit):	4.904276109001198
Encrypted:	false
SSDEEP:
MD5:	3254A5FD343F13FDC699C07C92A737ED
SHA1:	589BD0576E1116BC0F46D148D561C2F9886D4AB4
SHA-256:	37547108E6E692A44AEDC4F86409C4CAC00DD0C5B0BA6D9E7C78BFFD8056CCA4
SHA-512:	B14F28698DAD50B1F3CA42D28FCFFE8AC36456E8064DDA5F04A319C57A7C2F5EEA1488CC597D83A151722CC0B203EC8FFC5806984CAF796341AE43942DB4FD40
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_styles/2.5/is-responsive.css?v=3.2.1
Preview:	@CHARSET "ISO-8859-1";.@media (min-width: 970px) and (max-width: 990px) {. /* Somewhere around 985 the buttons don't fit, so make them a little smaller /. .primary-nav-menu a {. width: 166px;. }.}...@media ( max-width: 970px) {.. /* HEADER SETTINGS */.. / DELETE this when we want full responsiveness below 768px /. #header .col-sm-8 {. min-height: 1px;. padding-left: 0;. position: relative;. float: left;. width: 66.66666666666666%;. }.. / DELETE this when we want full responsiveness below 768px */. #header .col-sm-4 {. min-height: 1px;. padding-left: 0;. padding-right: 10px;. position: relative;. float: left;. width: 33.33333333333333%;. }.. #header .col-xs-3,. #header .col-sm-8,. #header .col-xs-9,. #header .col-xs-2,. #header .col-xxs-4 {. padding-left: 0;. padding-right: 0;. }.. #header img {. max-width: 140px;. }.. .primary-nav-menu {. width: 100%;. }.. .primary-nav-menu li {. margin: 0 4px 0 3px;. widt

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	11008
Entropy (8bit):	4.981640301147552
Encrypted:	false
SSDEEP:
MD5:	44F94464B822F4F8C392713FD36B9817
SHA1:	CB245A7BBD8A3C52753C2CFA4D80EB46FD68235F
SHA-256:	75BA699D1D12DC5F6652EA974485327A9F6E874CCE340D7722549E109BC8DB1E
SHA-512:	240C1C97E4CB0CDEF40352C8628351A6708121D9D898ADC889C0803E91AC1752F413AE17CF1B5304E4E30E7806EE67016AAB746C6360B9DD13D4CCE13643D799
Malicious:	false
Reputation:	unknown
URL:	https://taz-skin.s3.amazonaws.com/_styles/skin/da_firstchoice.instascreen.net_skin.css?v=123
Preview:	/* Skin Color overrides for domain firstchoice.instascreen.net. /./.* Set default values for all variables referenced in this scss file.* in case the database somehow has different skin color component names.* than this scss file expects. Otherwise, if the database.* and this file are out of sync then css skin file generation may fail..* Default colors are currently based on the Baby Blues Reports color scheme.*/..reportsection {. background-color: #003366;. color: #FFFFFF; }...reportsubsection {. background-color: #336699;. color: #FFFFFF; }..h2.report-header,..report-primary-header {. background-color: #003366;. color: #FFFFFF;. border-top-color: #003366;. border-bottom-color: #003366; }..h3.report-header,..report-secondary-header {. background-color: #336699;. color: #FFFFFF;. border-top-color: #336699;. border-bottom-color: #336699; }..h4.report-header,..report-tertiary-header {. background-color: #99CCFF;. color: #003366;. border-top-color: #99CCFF;. border-botto

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1785
Entropy (8bit):	4.657307591918543
Encrypted:	false
SSDEEP:
MD5:	574EF4581B2296254ADA16C84086423F
SHA1:	7A095CB67A159505207A3F0C5029E08F8643B1AC
SHA-256:	427DF41DF87C7F471859732098954FCB08093FEE9F3BD9870DA6E92D7697C42F
SHA-512:	AA991EE620781BB3FD45B834C50627406D089D6464669334C78995D22579936159F2BE48B8AC153EC666767E1FD6E30FD56DE0377D8CB939D6E85974E02D18CA
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_scripts/jquery/jquery.focus-first.custom.js?v=3.2.1
Preview:	// compatability safe.(function($) {.. /*. Add focusFirstVisible to list of jQuery functions. * Highlights the first field with an error otherwise, the first field on the. * selected element.. */. $.fn.focusFirstVisible = function() {. var element = $(this);.. // If called without context, assume the entire page is the context.. if (typeof element['context'] === 'undefined') {. element = $('body');. }.. var visibleErrorFields = element.find("input.error, .checkbox-inline.error input, select.error, textarea.error").filter(':visible:enabled');. var errorTabs = element.find(".nav-tabs li.error");.. // Look for errors in this section. if (visibleErrorFields.length) {. // Highlight the first visible one. visibleErrorFields.filter(":first").focus().select();. }. // Look for error on other tabs. else if (errorTabs.length) {. errorTabs.find('a').targetFocusFirstVisible();. }. // Otherwise, just highlight first field you co

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	31092
Entropy (8bit):	4.984315345758254
Encrypted:	false
SSDEEP:
MD5:	287C3A303EFA809ADE50B30C2DA419E2
SHA1:	46521FE829ECA875F287C676D693EF97A31B1CFB
SHA-256:	00F4E86DAB01CF17D3359501A678B8E95AB4979CD862ED2F33E86FCA659D96F7
SHA-512:	4687BF1FDB948C26C5E93AEDB86720339F63C45360CBAE286E2184C05C46F0040526BCBAF47F0C598BB53A54E3BFDC8AC2E3FB34D8CD257294A4D3ECE146E886
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_styles/2.5/is-bootstrap-overrides.css?v=3.2.1
Preview:	/* --------------------------------------------------------------------------------.... InstaScreen specific Bootstrap style overrides.... Note: These styles are meant to override or add additional colors etc... to existing bootstrap CSS components such as well, panels, and the like..... -------------------------------------------------------------------------------- */....body {.. -ms-overflow-style: scrollbar;..}.....well-default {.. background-color: #ffffff;.. -webkit-box-shadow: none;.. box-shadow: none;..}.....well-none {.. border: none;.. background-color: #ffffff;.. -webkit-box-shadow: none;.. box-shadow: none;..}.....well-primary {.. border: 1px solid #006699;.. background-color: #ffffff;.. -webkit-box-shadow: none;.. box-shadow: none;..}.....well-secondary {.. border: 1px solid #009047;.. background-color: #ffffff;.. -webkit-box-shadow: none;.. box-shadow: none;..}....h1, h2 {.. margin-top: 0;..}....h1#page-title {.. m

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnpLfjLehtmShIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.8423188792597305
Encrypted:	false
SSDEEP:
MD5:	40BE86EB835C15A955BB17CE6E95BF4A
SHA1:	040683D38CE5E15C2C5A25F1AD64740684C01A02
SHA-256:	F640FE8A7E7AD0EBEDCC8DD226610F950CCA4CF114EDBD641F8BD64FE9F040E8
SHA-512:	29398D9D3953C581E1A6310E342C1DBD7C79CADC3D2F41775AB3331979350FDAB16B456A3489DA51EE281ADF62090CE04C30BDFAB2FBE93EB42E14EEDB4D50AA
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgm8VSYHX3uTsxIFDeeNQA4SBQ3OQUx6EgUNzunDcQ==?alt=proto
Preview:	CikKEQ3njUAOGgQICRgBGgQIVhgCCgsNzkFMehoECEsYAgoHDc7pw3EaAA==

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.831212416381637
Encrypted:	false
SSDEEP:
MD5:	9F9C09E710BF4B791F895D28BCA13B4E
SHA1:	E83642A8B6872CEBBACD4A3902A7C55D7E6B89BB
SHA-256:	BFE921737A9444EA43003FCEE8F7BA1F9BFA429502ED435976605A5A87FA6A18
SHA-512:	968CE1F65ED431F79030A0C566326A0D0B973C04E6FB56726B4B9ED9BEBCC5255D4DF232D456D836165C15F92C7685C3986FBF7786D7E2FD0B3F099C10ABF387
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js');

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (56398), with no line terminators
Category:	downloaded
Size (bytes):	56398
Entropy (8bit):	5.907604034780877
Encrypted:	false
SSDEEP:
MD5:	EB4BC511F79F7A1573B45F5775B3A99B
SHA1:	D910FB51AD7316AA54F055079374574698E74B35
SHA-256:	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
SHA-512:	EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	11903
Entropy (8bit):	4.979696967214266
Encrypted:	false
SSDEEP:
MD5:	E7F69BAF193FE33F9F7973B2430185A9
SHA1:	0AFEC9109D221CDE38111489C2167CEECC8CE4F3
SHA-256:	CE7022C65E728B9D09B583D73EF839326AD2704D9A12DDE9E7EFF3E1EBFE17B6
SHA-512:	34C30EBD89ED7D64DBA468207BB2472352197A9918051D316D1FC96E376785A4E707F94543DC9A959401B70E075394B66C07CD6AFE5CDFB70179575B68785038
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_styles/2.5/version2_5.css?v=3.2.1
Preview:	/* --------------------------------------------------------------------------------.. Classic style overrides (see _styles/version2.css for full reference).. Note: These styles will ultimately be replaced with bootstrap.css and our own. bootstrap overrides and skin specific styles (is-overrides.css, is-layout.css).. All version 2.5 bootstrap overrides have been moved to is-overrides.css in an. effort to continually evolve those styles as we continue down a more responsive. user experience --> as such the styles you see below are now static and dying!.. -------------------------------------------------------------------------------- */..body, td {. font-family: Roboto,sans-serif;. line-height: normal;. padding: 0;. margin: 0;.}..table {. border-collapse: separate;.}..p {. margin: 0 0 10px;.}...questionsTR p {. margin-bottom: 0;.}...reportBodyEditDiv p {. margin-bottom: 0.2em;.}..form {. margin:0;.}..label {. font-weight: normal;. margin-top: 5px;.}..label.inline

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	8001
Entropy (8bit):	4.948513247761229
Encrypted:	false
SSDEEP:
MD5:	3B5D4D76479D21A903E28690181418C5
SHA1:	A6D6972AE86A6CD2C30563745A75C95C750FFC95
SHA-256:	2CD178996CAABBDCCED8251CB3585F63370FA4B079716A2BC2FEB77FFEE17969
SHA-512:	8F762C7F0686C80CD1E045DA14EEA9A5F4810499773329D27D4DA7F31972C78CB4B1993DD7E7D93CBB305B39760077F3C50D05763A1304CB817CAE68EA6CB9C0
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_styles/2.5/is-layout.css?v=3.2.1
Preview:	body {. font-family: Roboto,sans-serif;.}../ HEADER STYLES /..#header {. margin: 0;. padding: 0;. font-size: 1.1rem;. border-bottom: solid 2px;. position: relative;. z-index: 400;. width: 100%;. min-width: 0;. top: -2px;.}..#header .wrapper {. padding: 10px 5px 0 5px;. max-width: 1170px;. min-width: 750px;. width: 100%;. position: relative;. border-bottom: solid 2px;. top: 2px;.}..#header .container {. max-width: 1170px;. min-width: 740px; /* Change to 100% when we want full responsiveness smaller than 768px /. width: 100%;. padding-right: 0;. padding-left: 0;. margin: 0;.}..#header .row {. margin: 0;.}..#header , #header :before, #header :after {. box-sizing: border-box;. -moz-box-sizing: border-box;. -webkit-box-sizing: border-box;.}..#header .col-sm-2 {. width: 16.6667%;. position: relative;. float: left;. padding-right: 0;. padding-left: 0;.}..#header a {. text-decoration: none;. font-weight: bold;. padding: 2px 0px;.}..#header .dropdown-m

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	7.983966851275127
Encrypted:	false
SSDEEP:
MD5:	285467176F7FE6BB6A9C6873B3DAD2CC
SHA1:	EA04E4FF5142DDD69307C183DEF721A160E0A64E
SHA-256:	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
SHA-512:	5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Preview:	wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......\|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v..7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....\|...H....Fk.-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..\|..d...\|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	743
Entropy (8bit):	4.659071828523596
Encrypted:	false
SSDEEP:
MD5:	518BFDC2BBC7BA2DF74040F0BD2A0A96
SHA1:	2B8A0000D2F3DAEA21B1146EEF473CD1799ED5D6
SHA-256:	70D09BB0C2E1E8A339CA246EAACD87798DA00D824124F644E11EAB481D1B5EB7
SHA-512:	B7EA975A3D983DFE688DC478A469D5D15D8DD98FFFFE6A4D818B3316E49ADD5100F8C707B3F009A5E4753A4179A967AB931DA9BB30696F2621B148AE25E9FD27
Malicious:	false
Reputation:	unknown
URL:	https://firstchoice.instascreen.net/_scripts/dialogs/login/loginForm.js?v=3.2.1
Preview:	/. Functions to support new 2.5+ login form page(s). * Note that the choice to go with '$' is deliberate. */.$.fn.onEnter = function(func) {. this.bind('keypress',function(e) {. if (e.keyCode == 13) func.apply(this,[e]);. });. return this;.};...$(function() {. $("#l-name").onEnter(function(e) {. if ($(this).val()) {. $("#l-pass").focus();. }. }).focus();... $("#l-pass").onEnter(function(e) {. if ($(this).val()) {. if ($("#l-cap").length) {. $("#l-cap").focus();. }. else {. $("form").submit();. }. }. });... $("#l-cap").onEnter(function(e) {. if ($(this).val()) {. $("form").submit();. }. });... $("#l-btn").click(function() {. $("form").submit();. });.});.

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1256), with no line terminators
Category:	downloaded
Size (bytes):	1256
Entropy (8bit):	5.85095601317215
Encrypted:	false
SSDEEP:
MD5:	84D26E5FE334B1BE17506D0C2F7482BC
SHA1:	F53C58AF8ABCD15C218BAD1184AB44D6587A640E
SHA-256:	A915D660EDB54B5DF9CD635AAB0E52665D0EE7B331EAF67AB2AE68E446469218
SHA-512:	3507FD095DA921C18EAB4B04CA7A6BFE7162115654219289D1435F037CBF8C3E0972665B2FBA0AD9829BF147F0634C48A3B6C15B9BE3D21FECC3D1B8D2F062BF
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api.js?render=6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('6Le8XbwUAAAAANWeNFdP-C4MpwjbSxsAKmKrHFUn');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='Az520Inasey3TAyqLyojQa8MnmCALSEU29yQFW8dePZ7xQTvSt73pHazLFTK5f7SyLUJSo2uKLesEtEa9aUYcgMAAACPeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-wEVSdq

Static File Info

⊘No static file info

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://firstchoice.instascreen.net/workspace/results.taz?file=312810

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Static File Info

Windows Analysis Report
https://firstchoice.instascreen.net/workspace/results.taz?file=312810